advice dealing with clean-mx

Paul Ferguson fergdawgster at mykolab.com
Wed Aug 12 02:23:00 UTC 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Follow-up off-list.

- - ferg


On 8/11/2015 7:06 PM, Michael Bubb wrote:

> hello
> 
> I've lurked on this list for a while - I have an issue that I need 
> help with.
> 
> I work for a company that does fraud detection we host our servers 
> on physica hardware in managed hosting datacenters (softlayer, 
> hertzer, coresites, etc).
> 
> Recently we were flagged for malware buy clean-mx. It was the IP
> of an haproxy loadbalancer.
> 
> I followed up by following the link to clean-mx. It looked as if 
> the score was based upon information from the following sites:
> 
> http://www.malwaredomainlist.com https://www.virustotal.com 
> http://urlquery.net
> 
> When I checked the ip in question against these sites all the 
> checks passed exceptfor one -  fortinet. And fortinet indicated 
> that it was an unknown signature - not specifically malware.
> 
> So it appeared clean.
> 
> I am hesitant to deal directly with clean-mx as we do not have any 
> existing relationship and frankly a google search turns up many 
> horror stories.
> 
> I am mindful that these may be the 'stories' of frustrated 
> fraudsters.
> 
> I honestly do not know how to evaluate this situation. If clean-mx 
> is legit then it would make sense to have a relationship with them 
> .  If they are not then how does one deal with them?
> 
> thank you
> 
> Michael
> 


- -- 
Paul Ferguson
PGP Public Key ID: 0x54DC85B2
Key fingerprint: 19EC 2945 FEE8 D6C8 58A1 CE53 2896 AC75 54DC 85B2
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iF4EAREIAAYFAlXKrgQACgkQKJasdVTchbItgQEAu5l1e8I7wJlLhi8Pweka18T+
Lo93urUoy9lipfag9yEBAMvlKpULyLCtCbUGzneqQhP367wn8TFJFpdpvdufTdIe
=xPEu
-----END PGP SIGNATURE-----



More information about the NANOG mailing list