Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Virus
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Panda ActiveScan false positive with Nessus .nasl files

from [Pedro Bustamante] Network Security [Permanent Link]
Subject: RE: Panda ActiveScan false positive with Nessus .nasl files
Date: Wed, 16 Aug 2006 15:42:34 +0200 
Recently I checked mi winXP system with Panda online ActiveScan,
and I think it has found some false positive when checking some
nessus's .nasl files:



Virus:Linux/Test10879
    Disinfected
C:\Documents and Settings\FALSEUSER\Mis documentos\ FALSEPATH
\nessus-installer.sh[nessus.tar.gz][nessus.tar][nessus-
plugins/scripts/port_shell_execution.nasl]



I am curious about the first file's "DISINFECTED" status. 



In the case of port_shell_execution.nasl the Panda ActiveScan message
is misleading. Droppers cannot be disinfected, only deleted. Viruses
can be disinfected.  Linux/Test10879 is marked as a dropper, so
therefore the "disinfection" message you're seeing actually means that
the file was deleted. Anyhow, it has now been fixed.



Hacktool:DoS/42zip Not disinfected C:\Documents and Settings\
FALSEUSER \Mis documentos\FALSEPATH\nessus-
installer.sh[nessus.tar.gz][nessus.tar][nessus-plugins/
scripts/smtp_AV_42zip_DoS.nasl][42.zip]



Regarding smtp_AV_42zip_DoS.nasl the detection is correct. Most AVs today will 
scan base64 embedded files with text files.


Regards,

Pedro Bustamante
Panda Software International
www.pandasoftware.com
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Panda ActiveScan false positive with Nessus .nasl files, LEAD Soluciones Informaticas
Next by Date:  Consumer Reports AV and their 5,500 new variants, Bill Stout
Previous by Thread:  Panda ActiveScan false positive with Nessus .nasl files, LEAD Soluciones Informaticas
Next by Thread:  Consumer Reports AV and their 5,500 new variants, Bill Stout
Indexes:  [Date] [Thread] [Top] [All Lists]