https://live.paloaltonetworks.com/t5/general-topics/wildfire-findings-into-the-pan-db/m-p/29215#M21368 <HTML><HEAD></HEAD><BODY><P>Hi there,</P><P></P><P>today a user tried to download a wallpaper from www.wallsave.com</P><P></P><P>Wildfire says it is <SPAN class="label-important label">Malware.</SPAN></P><P><SPAN class="label-important label"><A href="https://wildfire.paloaltonetworks.com/wildfire/reportdetail/2d6540e44f081882b611e1ed702e8f0032d309f0311ae0232f9a9a8da082e306/422433975/2" title="https://wildfire.paloaltonetworks.com/wildfire/reportdetail/2d6540e44f081882b611e1ed702e8f0032d309f0311ae0232f9a9a8da082e306/422433975/2">https://wildfire.paloaltonetworks.com/wildfire/reportdetail/2d6540e44f081882b611e1ed702e8f0032d309f0311ae0232f9a9a8da082e306/422433975/2</A></SPAN></P><P><SPAN class="label-important label"><BR /></SPAN></P><P><SPAN class="label-important label">A few engines from virustotal also:</SPAN></P><P><A href="https://www.virustotal.com/de/url/59e5f7d67a03d71946dd6b617c1ff130aec6b6b4178519ad9d77cc076b5c7a17/analysis/1403173699/" title="https://www.virustotal.com/de/url/59e5f7d67a03d71946dd6b617c1ff130aec6b6b4178519ad9d77cc076b5c7a17/analysis/1403173699/">https://www.virustotal.com/de/url/59e5f7d67a03d71946dd6b617c1ff130aec6b6b4178519ad9d77cc076b5c7a17/analysis/1403173699/</A></P><P>(www.wallsave.com/get/2588352)</P><P></P><P>So my question is: why or when is this site marked as malware in the pan-db cloud?</P><P></P><P>actual:</P><P><SPAN>&gt;test url-info-cloud </SPAN><A class="jive-link-external-small" href="http://www.wallsave.com/" rel="nofollow">http://www.wallsave.com/</A></P><P>BM:</P><P>wallsave.com,9,3,<STRONG>shareware-and-freeware</STRONG></P><P></P><P></P><P>Thanks, Sebastian</P></BODY></HTML> Thu, 19 Jun 2014 11:15:02 GMT sebastian 2014-06-19T11:15:02Z https://live.paloaltonetworks.com/t5/general-topics/wildfire-findings-into-the-pan-db/m-p/29215#M21368 <HTML><HEAD></HEAD><BODY><P>Hi there,</P><P></P><P>today a user tried to download a wallpaper from www.wallsave.com</P><P></P><P>Wildfire says it is <SPAN class="label-important label">Malware.</SPAN></P><P><SPAN class="label-important label"><A href="https://wildfire.paloaltonetworks.com/wildfire/reportdetail/2d6540e44f081882b611e1ed702e8f0032d309f0311ae0232f9a9a8da082e306/422433975/2" title="https://wildfire.paloaltonetworks.com/wildfire/reportdetail/2d6540e44f081882b611e1ed702e8f0032d309f0311ae0232f9a9a8da082e306/422433975/2">https://wildfire.paloaltonetworks.com/wildfire/reportdetail/2d6540e44f081882b611e1ed702e8f0032d309f0311ae0232f9a9a8da082e306/422433975/2</A></SPAN></P><P><SPAN class="label-important label"><BR /></SPAN></P><P><SPAN class="label-important label">A few engines from virustotal also:</SPAN></P><P><A href="https://www.virustotal.com/de/url/59e5f7d67a03d71946dd6b617c1ff130aec6b6b4178519ad9d77cc076b5c7a17/analysis/1403173699/" title="https://www.virustotal.com/de/url/59e5f7d67a03d71946dd6b617c1ff130aec6b6b4178519ad9d77cc076b5c7a17/analysis/1403173699/">https://www.virustotal.com/de/url/59e5f7d67a03d71946dd6b617c1ff130aec6b6b4178519ad9d77cc076b5c7a17/analysis/1403173699/</A></P><P>(www.wallsave.com/get/2588352)</P><P></P><P>So my question is: why or when is this site marked as malware in the pan-db cloud?</P><P></P><P>actual:</P><P><SPAN>&gt;test url-info-cloud </SPAN><A class="jive-link-external-small" href="http://www.wallsave.com/" rel="nofollow">http://www.wallsave.com/</A></P><P>BM:</P><P>wallsave.com,9,3,<STRONG>shareware-and-freeware</STRONG></P><P></P><P></P><P>Thanks, Sebastian</P></BODY></HTML> Thu, 19 Jun 2014 11:15:02 GMT https://live.paloaltonetworks.com/t5/general-topics/wildfire-findings-into-the-pan-db/m-p/29215#M21368 sebastian 2014-06-19T11:15:02Z https://live.paloaltonetworks.com/t5/general-topics/wildfire-findings-into-the-pan-db/m-p/29216#M21369 <HTML><HEAD></HEAD><BODY><P>I think the URL reputation is malware and malicious site . which version of wildfire you are using .</P></BODY></HTML> Thu, 19 Jun 2014 11:33:59 GMT https://live.paloaltonetworks.com/t5/general-topics/wildfire-findings-into-the-pan-db/m-p/29216#M21369 tiwara 2014-06-19T11:33:59Z https://live.paloaltonetworks.com/t5/general-topics/wildfire-findings-into-the-pan-db/m-p/29217#M21370 <HTML><HEAD></HEAD><BODY><P>Now it's getting funny.<BR />Can please someone explain that to me?</P><P><SPAN style="font-size: 10.0pt; font-family: 'Tahoma','sans-serif';">That's my response to my change request for that malware site.<BR /></SPAN></P><P><SPAN style="font-size: 10.0pt; font-family: 'Tahoma','sans-serif';">---<BR style="font-size: 10.0pt; font-family: 'Tahoma','sans-serif';" /><STRONG>SUBJECT:</STRONG> Change request processed for: www.wallsave.com</SPAN></P><P></P><P>Thank you once again for your submission. After careful evaluation, we have determined that the original categorization is correct, and as such, its category will not change.<BR /> <BR /> URL: <A href="http://www.wallsave.com/">www.wallsave.com</A><BR /> Current category: shareware-and-freeware<BR /> You suggested: malware<BR /> If you'd like to submit another request, please visit:<BR /> <A href="http://urlfiltering.paloaltonetworks.com/testASite.aspx">http://urlfiltering.paloaltonetworks.com/testASite.aspx</A><BR /> <BR /> Thanks,<BR /> Palo Alto Networks</P></BODY></HTML> Fri, 20 Jun 2014 05:42:12 GMT https://live.paloaltonetworks.com/t5/general-topics/wildfire-findings-into-the-pan-db/m-p/29217#M21370 sebastian 2014-06-20T05:42:12Z https://live.paloaltonetworks.com/t5/general-topics/wildfire-findings-into-the-pan-db/m-p/29218#M21371 <HTML><HEAD></HEAD><BODY><P>Hi Sebastian,</P><P></P><P>Generally speaking, if WildFire has identified a downloaded file as malicious, the corresponding domain should also be categorized by PAN-DB as malware.&nbsp; There are a few exceptions to this, so I'm looking into the reason for your case.&nbsp; I'll report back as soon as I get more information.</P><P></P><P>--Doris</P></BODY></HTML> Fri, 20 Jun 2014 06:49:05 GMT https://live.paloaltonetworks.com/t5/general-topics/wildfire-findings-into-the-pan-db/m-p/29218#M21371 dyang 2014-06-20T06:49:05Z