Re: Symantec Antivirus8 and corrupted profiles

From: Scott Millington (medicb4_at_haapis.net)
Date: 06/25/03


Date: Wed, 25 Jun 2003 23:17:16 +0200


>YES!! It happened on my company's computer last Saturday.!
>
Apparently the corrupted file was spread on Thursday.

>When I installed the NAV8 Corporate Edition on one of the PCs, the NAV stops
>running. I tried to scan the computer, but it quited. I thought that was a
>viurs or something. Later, maybe 10 minutes or so, NAV came back normal!
>(and it's normal now, I just checked.)
>
I have no idea what the deal is with your system but after a bit of
digging I found out the details of the problem I have had to deal with

FYI the problems are only for large corporations and other users of a
"fast track" virus profile distribution option.
 
There are apparently 2 ways of getting profiles...
 
1) IMMEDIATE distribution: where the files are FTPd out "AS IS" and
the customer is responsible for all testing and verifications (what
many corporations do as is evidenced by this - cleanup still ongoing).
 
2) Consumer LiveUpdate: What y'all probably have is updated once a
week unless something major occurs. This means that the problems I
have will be fixed by the time it is released.
 
I have gotten confirmed that 2003-06-18 rev 6 is Symantec's approved
central distribution and fully OK. The profile 2003-06-24 rev 4 is
the "fast track version" and not generally available.
 
In other words I blew a false alarm based on mixing information from
my Corporate network and the Internet. They are often mutually
exclusive but even more so in this case.
  
That being said although keeping AV up to date is always good don't
automatically accept the updates...they can be corrupted either by
human error or malicious intent.

EXECUTIVE SUMMARY
The short answer is that the "as is" virus definitions were not tested
and verified correctly (assuming it was done at all).
 
- There is no problem at all for home users since they didn't get the
profilesin the first place.
- The corrupted version has been withdrawn so no one else should be
infected.
- There is a fix available in the event someone did get the bad
profile...
 
As for me...I did not have to do any of the patching of our servers
(although shutting off unplanned in the middle of a weekday causes
everyone to report "Net Problems") and clients need a simple reboot to
get the login scripted update (the script was apparently problematic -
but also not mine).
 
I now return you to your regularly scheduled programming...had this
been a real emergency --------------
 
Scott