www.eset.com listed in Spamhaus URL blacklist

Discussion in 'ESET NOD32 Antivirus' started by asmethurst, Jul 16, 2008.

Thread Status:
Not open for further replies.
  1. asmethurst

    asmethurst Registered Member

    Joined:
    Jul 16, 2008
    Posts:
    1
    Hi,

    Is anyone else experiencing this problem:

    Out of the box, NOD32 v3 appends a footer to outbound emails including the URL www.eset.com. We use Spamhaus Block Lists to assist in spam detection (like many others). Unfortunately some of our inbound replies are marked as spam due to this URL being on the SBL and scored accordingly.

    I understand that this can be overcome by removing the footer or modifying our spam detection rules. Unfortunately there are many others using the same block lists, or NOD32 customers that are unaware that they could be sending out messages which might never reach their recipients.

    It might be worth checking to make sure this isn't impacting your business. I know this only came to my attention after I was alerted that some important documents were not being received. It only took a few minor SpamAssassin scores to build up before these emails became blocked.

    I definitely don't want to rubbish the product or Eset, but would like to share this potential issue with others.

    I certainly would like Eset to look into this, and if confirmed, make the necessary actions to have the URL removed from the SBL.

    Kind regards,
    Andrew
     
  2. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,722
    Location:
    Texas
    Hello asmethurst,

    is not correct. It appends a message only to infected email by default. Someone would have to change the default settings to have the footer appended to every email.
     
  3. SmackyTheFrog

    SmackyTheFrog Registered Member

    Joined:
    Nov 5, 2007
    Posts:
    767
    Location:
    Lansing, Michigan
    No, the default behavior is to add that tag on to the end of all sent email in addition to modifying the subject if an infection is detected. I saw it plenty of times when I was first piloting our install and the test users all had this until I pushed out configuration changes.

    e: Or to clarify, that was the default setting around the time of the 3.0.650/657 (and likely earlier) and in place installs of new versions over the old preserved this setting.
     
    Last edited: Jul 16, 2008
  4. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,722
    Location:
    Texas
    It appears you're right. The default is append message to all scanned email. I missed a change somewhere along the version line. :blink:

    A thousand pardons. :D
     
  5. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,032
    Location:
    California
    Hello,

    I am looking at Spamhaus web site and see a Spamhaus Block List, which is IP address-based; an Exploits Block List, which is IP address-based; and Policy Block List, which is also IP address-based. I do not see anything on their web site referencing a URL-based blocklist.

    Can you please provide more information about the exact blocklist you are subscribing to from Spamhaus which is flagging the eset.com domain? It could be should be easy to resolve once that has been identified, but we need to what domain name or IP address(es) are being flagged in order to investigate further.


    Regards,

    Aryeh Goretsky
     
Thread Status:
Not open for further replies.