RE: Panda ActiveScan false positive with Nessus .nasl files
- From: "Pedro Bustamante" <pbustamante@xxxxxxxxxxxxxxxxx>
- Date: Wed, 16 Aug 2006 15:42:34 +0200
Recently I checked mi winXP system with Panda online ActiveScan,
and I think it has found some false positive when checking some
nessus's .nasl files:
Virus:Linux/Test10879
Disinfected
C:\Documents and Settings\FALSEUSER\Mis documentos\ FALSEPATH
\nessus-installer.sh[nessus.tar.gz][nessus.tar][nessus-
plugins/scripts/port_shell_execution.nasl]
I am curious about the first file's "DISINFECTED" status.
In the case of port_shell_execution.nasl the Panda ActiveScan message
is misleading. Droppers cannot be disinfected, only deleted. Viruses
can be disinfected. Linux/Test10879 is marked as a dropper, so
therefore the "disinfection" message you're seeing actually means that
the file was deleted. Anyhow, it has now been fixed.
Hacktool:DoS/42zip Not disinfected C:\Documents and Settings\
FALSEUSER \Mis documentos\FALSEPATH\nessus-
installer.sh[nessus.tar.gz][nessus.tar][nessus-plugins/
scripts/smtp_AV_42zip_DoS.nasl][42.zip]
Regarding smtp_AV_42zip_DoS.nasl the detection is correct. Most AVs today will scan base64 embedded files with text files.
Regards,
Pedro Bustamante
Panda Software International
www.pandasoftware.com
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
------------------------------------------------------------------------
- Prev by Date: Re: How to check an Executive's notebook
- Next by Date: Re: How to check an Executive's notebook
- Previous by thread: Panda ActiveScan false positive with Nessus .nasl files
- Next by thread: MAC address spoofing - conflict?
- Index(es):
