Focus on Virus
Back to list
RE: Panda ActiveScan false positive with Nessus .nasl files
Aug 16 2006 01:42PM
Pedro Bustamante (pbustamante pandasoftware com)
> Recently I checked mi winXP system with Panda online ActiveScan,
> and I think it has found some false positive when checking some
> nessus's .nasl files:
> C:\Documents and Settings\FALSEUSER\Mis documentos\ FALSEPATH
> I am curious about the first file's "DISINFECTED" status.
In the case of port_shell_execution.nasl the Panda ActiveScan message
is misleading. Droppers cannot be disinfected, only deleted. Viruses
can be disinfected. Linux/Test10879 is marked as a dropper, so
therefore the "disinfection" message you're seeing actually means that
the file was deleted. Anyhow, it has now been fixed.
> Hacktool:DoS/42zip Not disinfected C:\Documents and Settings> FALSEUSER \Mis documentos\FALSEPATH\nessus-
Regarding smtp_AV_42zip_DoS.nasl the detection is correct. Most AVs today will scan base64 embedded files with text files.
Panda Software International
[ reply ]
Copyright 2010, SecurityFocus