Problem with HTTP filtering syntax

Discussion in 'ESET NOD32 Antivirus' started by SmackyTheFrog, Nov 1, 2011.

Thread Status:
Not open for further replies.
  1. SmackyTheFrog

    SmackyTheFrog Registered Member

    Joined:
    Nov 5, 2007
    Posts:
    767
    Location:
    Lansing, Michigan
    We've been using the HTTP filtering to block access to websites that carry malware (primarily free dns hosts) and it has worked well. Unfortunately we ran in to a conflict due to the relatively primitive syntax when it comes to creating a mask.

    I created one for ce.ms, using the mask *ce.ms* as the Eset KB recommends I should. Unfortunately these free DNS hosts use such short name that it is possible to create conflicts in the masks like this one did with the website police.msu.edu

    I got around it by changing my masks to include a leading period like *.ce.ms*, but even that leaves a lot of ambiguity that could result in further conflicts with any number of other small domain names I am blocking. My idea would be to allow the forward slash character to be part of a valid mask syntax as well. Then I could create masks like *.ce.ms/* which has virtually no chance of conflicting with another valid domain name.
     
  2. SmackyTheFrog

    SmackyTheFrog Registered Member

    Joined:
    Nov 5, 2007
    Posts:
    767
    Location:
    Lansing, Michigan
    I guess another thing that would be useful for troubleshooting would be to display the mask used to block the site, or maybe something getting put in to the event or threat log to help track down things like this.
     
  3. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,032
    Location:
    California
    Hello,

    Your enhancement request has been forwarded to ESET's developers for consideration in a future release of the software.

    Regards,

    Aryeh Goretsky
     
Thread Status:
Not open for further replies.