Imon (website access blocking)

Discussion in 'NOD32 version 2 Forum' started by marcromero, Jun 8, 2006.

Thread Status:
Not open for further replies.
  1. marcromero

    marcromero Guest

    Imon> Setup> Miscellaneous> Website Access Blocking. Lists known websites containing malicious files updated by vendor. Is this a type of host file? if so, where can I find this list?
     
  2. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    As far as I know this is maintained by Eset and comes down like an update/or part of an update.

    Cheers :D
     
  3. marcromero

    marcromero Guest

    It would appear so, sure would like to know more about it, cannot seem to find any detailed information.
     
  4. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    We'll have to wait for Marcos or one of the Eset guys to come along with further details.

    Cheers :D
     
  5. i_kenefick

    i_kenefick Registered Member

    Joined:
    Nov 29, 2005
    Posts:
    135
    Location:
    Cork, Ireland.
    IMON sits at winsock (in the LSP chain) and intercepts the http traffic. As soon as you attempt to visit xyz.com it redirects you to the warning page. So a little 'lower' than the host file and not configurable to the user ie. just enable or disable this feature.
     
  6. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    for example this list contains all (or approximately all) the websites containing the Trojan.Downloader.Zlob variants. ;)
     
  7. i_kenefick

    i_kenefick Registered Member

    Joined:
    Nov 29, 2005
    Posts:
    135
    Location:
    Cork, Ireland.
    Yeah ;)
     
  8. rothko

    rothko Registered Member

    Joined:
    Jan 12, 2005
    Posts:
    579
    Location:
    UK
    i asked the same question here https://www.wilderssecurity.com/showpost.php?p=418965&postcount=137 the answer was no you cant see the list
     
  9. webyourbusiness

    webyourbusiness Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    2,640
    Location:
    Throughout the USA and Canada
    I've never even seen the warning - if someone knows at least ONE of the sites that generates it, please post a screenshot of the screen we'll see - also - just make sure you obscure the actually link of the site, as posting links to malware or suspected malware is against the TOS of this forum.

    cheers

    Greg
     
  10. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
  11. berng

    berng Registered Member

    Joined:
    Sep 11, 2005
    Posts:
    246
    Location:
    NJ, USA
    I have the Web site block option set but NOD 32 doesn't block me from getting to the site.
     
  12. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    What site do you mean? If it's actually in the blacklist, access to it must be blocked unless you have the HTTP scanner disabled.
     
  13. ASpace

    ASpace Guest


    Internet Explorer , Mozilla or what browser do you use ?
    And what site are we talking about . :)
     
  14. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    v-codec.com probably ...........
     
  15. ASpace

    ASpace Guest

    yeah , but p r o b a b l y :D ;) :D
     
  16. i_kenefick

    i_kenefick Registered Member

    Joined:
    Nov 29, 2005
    Posts:
    135
    Location:
    Cork, Ireland.
    Since IMON is browser independant it doesnt make a difference what browser he/she is using.
     
  17. ASpace

    ASpace Guest

    I know that but sometimes on some computers when Mozilla Firefox is in use , IMON doesn't detect Eicar test file (www.eicar.org)
    It is detected only by AMON which is strange .

    Note it is only sometimes and not on all computers I know
     
  18. i_kenefick

    i_kenefick Registered Member

    Joined:
    Nov 29, 2005
    Posts:
    135
    Location:
    Cork, Ireland.
    This happens if SSL is used to get eicar from www.eicar.org.
     
  19. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    All they gotta do is change higher compatibility to higher efficiency in IMON. Done deal.
    SSL cant be scanned obviously.
     
  20. FirePost

    FirePost Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    212
    One must have higher efficiency set to have the sites blocked. That does not make sense. It is website blocking not individual files. It does explain why some people were able to access the sites.
     
  21. ASpace

    ASpace Guest

    I am not talking about SSL . I know that SSL is not being scanned.

    Maybe Brian's suggestion would work but as I said this happends just sometimes and just on Firefox
     
  22. berng

    berng Registered Member

    Joined:
    Sep 11, 2005
    Posts:
    246
    Location:
    NJ, USA
    It is v-codec.com using Opera 9 Beta Ver 8473.
     

    Attached Files:

  23. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    It blocks that site here in Firefox, IE & Opera. I don't use other browers so can't comment on those :)
     
Thread Status:
Not open for further replies.