'Interesting side-effect'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       focus-virus
Subject:    Interesting side-effect
From:       "Grimes, Roger" <RogerG () GoldKeyresorts ! com>
Date:       2002-10-02 12:39:58
[Download RAW message or body]

I got called to a client last night using an older desktop version of NAV
with real-time protection enabled and MS-Word 2000.  Every time they opened
a Word document located on the server NAV kicked in and said it found a
virus it could not clean and recommended quarantine or deletion, but did not
offer the virus name.  When the client choose to delete the document, NAV
would not delete the document, but would eventually reveal in a log that the
virus found was the Niceday macro virus (a harmless variant of Concept).
After some investigation I found out it was a false positive problem...and
it turned out it was because the logged in user had List permission to the
document folders, but no rights to the documents in the folders themselves
(inheritance problem).  This condition somehow caused a false positive error
in NAV 2000.  Once I corrected the permissions, the false-positives went
away.  I was clued into the permissions/rights problem because as I was
running the NAV full-scan against the document folder, NAV would show it
processing each file name, but then only report 1 file scanned...even though
I could see it inspecting hundreds of documents; and because it could not
delete the file even though it thought it did.

Just a weird side-effect I figured I would share.

Roger

***************************************************************************
*Roger A. Grimes, VP of IT for GK/PHR Holding Company
*Gold Key Resorts and Professional Hospitality Resources
*email:  rogerg@goldkeyresorts.com
*ph: 757-491-2101 x403
*fax:757-491-6550
*932 Laskin Road, Virginia Beach, VA 23451
*Author of Malicious Mobile Code:  Virus Protection for Windows by O'Reilly
*http://www.oreilly.com/catalog/malmobcode/
***************************************************************************
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic