Focus on Virus Mode:
(Page 11 of 62)  < Prev  6 7 8 9 10 11 12 13 14 15 16  Next >
RE: Extracting signature snippets from AV databases 2006-05-09
Hayes, Bill (Bill Hayes owh com)
Bill,

I'd suggest you look at behavior rather than just signatures. You'll
always be playing catch-up if you base your defensive abilities solely
on signatures.

That being said, AV companies have long been willing to share their
malware collections with one another. Spyware companies on the other

[ more ]  [ reply ]
RE: Extracting signature snippets from AV databases 2006-05-09
Bill Stout (bill stout greenborder com)
Yes, we use EICAR for email testing occasionally. What I'd like to do
is scroll a list of detected signatures as they occur.

The reason why I want to place snippets on text files is to fully
exercise detection engines. For one, it would be interesting to see how
products do/do not flag a warning

[ more ]  [ reply ]
RE: Extracting signature snippets from AV databases 2006-05-08
Bill Stout (bill stout greenborder com)
Hi Jose,

I'm familiar with EICAR. However I'd like to trigger signatures across
the board.

Ultimately I'd like to run a real malware test, but that can only be
done in an isolated lab, and that requires a continuous investment of
time and money to insure the collection is up to date.

http://

[ more ]  [ reply ]
Extracting signature snippets from AV databases 2006-05-08
Bill Stout (bill stout greenborder com) (1 replies)
I'd like to create a set of test files containing (harmless) virus (and
spyware) signatures. Can I extract the signatures from AV databases
(every PC has one)? I'm thinking open source AV database may be easier
to extract signatures from than a commercial AV database. If I can
automate the extra

[ more ]  [ reply ]
Re: Extracting signature snippets from AV databases 2006-05-08
Jose Nazario (jose monkey org)
RE: McAfee 8.0 crashing Dell D620's 2006-05-02
Evan Mann (emann pinnaclefinancial com)
Well, thanks to Matthew, and a hunch on my side before I posted, I found
the problem and workarounds.

Dell pre-installs Wave System's Embassy Trust Suite on their D620's to
manage the built in TPM. McAfee's Buffer Overflow protection has a
known incompatability with the DocManager portion of the E

[ more ]  [ reply ]
RE: McAfee 8.0 crashing Dell D620's 2006-05-02
Ziots, Edward (EZiots Lifespan org)
Not seen this on Compaq Proliant servers, or compaq deskpro systems with XP
SP1,2,Windows 2000 SP4, with fresh build, no images.

Probably is something with the DELL image, probably best to make your own,
sysprep it, and roll it out. If you are using EPO with it, add the EPO agent
AFTER you lay the

[ more ]  [ reply ]
Re: McAfee 8.0 crashing Dell D620's 2006-05-02
Bruce Martins (BMartins extend COM)
Yes and 820's too

Bruce Martins
Information Systems Manager
EXTEND>>MEDIA
190 Liberty Street
Toronto, Ontario
Canada
M6K 3L5
_______________________
e:bmartins (at) extend (dot) com [email concealed]
t: (416) 535-4222 ext. 2307
f: (416) 535-1201
http://www.extend.com
--------------------------
Please Excuse Typos as this was S

[ more ]  [ reply ]
McAfee 8.0 crashing Dell D620's 2006-05-02
Evan Mann (emann pinnaclefinancial com)
Has anyone else noticed that installing McAfee Enterprise 8.0i with
Patch 11 will crash services.exe (and various other system processes) on
Dell Latitude D620's that maintain the Dell loaded image of XP
Professional?

I have not tested to see if the problem also exists with Patch 10 or
not.

If I r

[ more ]  [ reply ]
POXDAR Revisited 2006-04-27
Mark Ryan del Moral Talabis (talabis gmail com)
We noticed some peculiar connections in one of our honeypots just the
other day. We noted some DOS attempts directed to a number of
different sites. Based on the sites it tried to connect to, our
initial conclusion was it was the POXDAR worm. What was intresting
though is that in further examination

[ more ]  [ reply ]
Dialer.gzt? 2006-04-26
Casey DeBerry (cdeberry cobizinc com) (2 replies)
So far, I have several infections that have been cleaned by our desktop
AV (Panda). My concern is that I dont see any definitions for this
virus on the other major vendors (Trend, Symantec, Sophos etc.)

Anyone know more about this?

http://www.pandasoftware.com/virus_info/encyclopedia/overview.as

[ more ]  [ reply ]
Re: Dialer.gzt? 2006-04-27
Andrei Saygo (asaygo bitdefender com)
Re: Dialer.gzt? 2006-04-26
Axel Pettinger (api worldonline de) (1 replies)
Re: Dialer.gzt? 2006-04-27
Julio Canto (jcanto hispasec com) (1 replies)
Re: Dialer.gzt? 2006-04-27
Robert Sandilands (rsandilands authentium com)
RE: What should be protected with anti-virus software? 2006-02-06
Loesch, Jason (STP) (Jason Loesch guidant com)
This was my original response, which I sent only to Larry originally.
Sorry about that everyone...

--------Original response below-------

First post myself, so I hopefully will be doing so properly.

Larry,

I would be inclined to ask your operations manager if anyone ever
accesses the files and/o

[ more ]  [ reply ]
RE: What should be protected with anti-virus software? 2006-02-06
Butler, Theodore (tbutler witsusa com)


To add to the comment below, Nimda had several attack modes.

In addition to e-mail attachments to readme.exe files and mass mailing
itself by searching html files for addresses in address books, which the
network manager says in is not vulnerable to since it does not receive
e-mail, NIMDA could l

[ more ]  [ reply ]
RE: What should be protected with anti-virus software? 2006-02-06
Mike (mike superiorholidayadventures ca)
I agree. Just because a server isn't used for e-mail or web browsing,
or isn't sharing files on a network does not mean it isn't vulnerable.
There are many viruses that exploit vulnerable services - Code Red,
Slammer, Blaster, etc.

I believe that every computer that are connected to your network n

[ more ]  [ reply ]
RE: What should be protected with anti-virus software? 2006-02-06
Mark P. Larios (mark larios calumetlubricants com) (1 replies)
Has the operations manager ever heard of an old friend called nimda
perhaps?
There are a vew nasty viruses which spread across networks via open
ports.
Does he keep his servers patched and up to date on service packs?
Having an AV on a server is usually considered a good practice.

Mark

-----Origi

[ more ]  [ reply ]
Re: What should be protected with anti-virus software? 2006-02-06
Ansgar -59cobalt- Wiechers (bugtraq planetcobalt net)
RE: What should be protected with anti-virus software? 2006-02-06
Evan Mann (emann pinnaclefinancial com)
Your ops manager needs a head check. If they are computers, they have
files that can be infected, simple as that.

A/V should be on every system in your environment IMO. Exclude the
on-access scanner from scanning folders that hold stuff like your mail
stores, databases, IIS metabase, etc., and

[ more ]  [ reply ]
What should be protected with anti-virus software? 2006-02-02
Erdahl, Larry E (Larry Erdahl allina com)
Long time reader, but first time poster, so please be gentle ;-).

I am in the middle of a risk assessment of our current anti-virus
practice and need a little help.

I am finding servers without any anti-virus software installed and
others that are only configured as on-access detection. I am not

[ more ]  [ reply ]
Was it MyDoom? 2006-02-02
Amazed (amsteel uralmash ru)

Hello list!

I had a huge incoming traffic on my PC (~6Gb
per 20 days), almost all from Yahoo. So I scanned it with Kaspersky Antivirus
and found Mydoom.M. AdAware and SpyBot found nothing.
The question is: could MyDoom made this really big traffic? Any ideas?

--
Best regards,
Amazed.

[ more ]  [ reply ]
New VB SMTP worm 2006-01-19
Lawson, Joseph (jsl pqa com) (1 replies)
Has anyone else seen or heard about this worm?
http://www.f-secure.com/v-descs/vb_bi.shtml
http://www.quickheal.co.in/public/alerts/i-worm.VB_Bi.asp
I actually got first wind of it from a user. The security info was
listed two days ago. Is this just a rehash of old worms?

Joseph Lawson
Associate,

[ more ]  [ reply ]
Re: New VB SMTP worm 2006-01-21
Toni Koivunen (toni koivunen fitsec com)
Sober 2006-01-06
Byrne, David (David Byrne echostar com)
This bounced from the list last night, but it is still accurate.

Some of the URLs that Sober is supposed to check on 01/06/06 (which
started 45 minutes ago in London) are redirecting to a virus writer's
web page. One example is http://people.freenet.de/lhxrdryo/, which uses
JavaScript to redirec

[ more ]  [ reply ]
RE: Are there any LiveCD antivirus solutions? 2006-01-04
john tpna com
I've been using the Knoppix 4.0 DVD with ClamAV and freshclam/clamscan.
If you use the 4.0 CD, you can use apt-get to install the latest build
of clamscan, then run freshclam and it will download the latest DAT
files.

-john

-----Original Message-----
From: Daniel Ferreira de Lima [mailto:dlima@cpq

[ more ]  [ reply ]
(Page 11 of 62)  < Prev  6 7 8 9 10 11 12 13 14 15 16  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus