Ironport misclassification

mlagarde · ‎01-09-2017

Hi Cisco,

our website https://www.nomination.fr/client/auth/login is currently classified by iron port as:

Menace Type : othermalware

Domain reported and verified as serving malware. Identified as malicious domain or URL

we are not cisco's client but some of our prospect are and can't use our solution.

Can you explain us why are we black-listed ? Is there an actual reason or something we have to fix on our side.

Thanks a lot

Philip D'Ath · ‎01-09-2017

It usually means the site has been compromised and had malware placed on it. The site is then used for distributing malware. Once users start download the malware from the site it gets detected, and hence being positively identified as having malware.

The the server has multiple web sites on it then it may be another web site on the same machine.

You need to check your site thoroughly.

mlagarde · ‎01-10-2017

Thanks Philip,

i have allready understand that, i'm currently seeking fact. I want to figure out why we are blacklisted because all seems good on our side.

Ravi Singh · ‎01-11-2017

Philip already provided you answer. Meanwhile your prospect who are using ironport can mark this URL as a whitlisted and can report to cisco for the same.

mlagarde · ‎01-12-2017

Hello Ravi, i think we found out what's the problem is, our certificate has a F grade because of sslv2.

we change the certificate last night and now we have a A grade. we think that's why we where blocked.

Ravi can you check if it's ok for iron port now ?