[prev in list] [next in list] [prev in thread] [next in thread] 

List:       blackicedefender-issues
Subject:    Re: [BIDissues] Norton Antivirus false positive?
From:       "L.W. Kramer" <lwkramer () twocat ! com>
Date:       2001-10-09 18:11:38
[Download RAW message or body]

False positive in the sense that the signature does not represent code that 
is hazardous in the form that your virus scanner detects it. Nimda/CodeRed 
worms rely on the interpretation of these packets by an unpatched IIS 
server to infect.
set your virus scanners to exclude .evd (and .cap) files, or just ignore 
the blackice directories.
Seems rather silly for this signature to be in any virus library.

L.

> When scanning my firewall which runs BlackICE Defender, I get a bunch
> of hits indicating CodeRED worm infections on some of the .EVD files
> under the BlackICE program folder.
> 
> Is this a false positive or an indication that BlackICE stopped a
> CodeRED attack?
> 
> 
> 
> To Post a message, send it to:   bidissues@eGroups.com
> To Unsubscribe, send a blank message to: bidissues-unsubscribe@eGroups.com
> 
> Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/



------------------------ Yahoo! Groups Sponsor ---------------------~-->
Pinpoint the right security solution for your company- Learn how to add 128- bit \
encryption and to authenticate your web site with VeriSign's FREE guide! \
                http://us.click.yahoo.com/yQix2C/33_CAA/yigFAA/kgFolB/TM
---------------------------------------------------------------------~->

To Post a message, send it to:   bidissues@eGroups.com
To Unsubscribe, send a blank message to: bidissues-unsubscribe@eGroups.com 

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ 


[prev in list] [next in list] [prev in thread] [next in thread]