Antivirus: July 2007 Archives

Adware.cpush detection

I received what appears to be yet another false positive in Symantec Antivrius. Adware.cpush was detected in c:\program files\filezilla\uninstall.exe.

Filezilla is a ftp/sftp program from Mozilla. This has been on my computer for a while, so I tend to believe it is a false positive. I'll update this thread if I see anything from Symantec on this subject.

update 7/16 12:20pm:
Symantec sent ouf the following email
-----Original Message-----
From: symalert@symantec.com [mailto:symalert@symantec.com]
Sent: Monday, July 16, 2007 12:13 PM
Subject: LiveUpdate posting to correct False Positive
The July 16, 2007 LiveUpdate posting will correct a false positive detection
on some installers or tools created using the Nullsoft Scriptable Install
System (NSIS). This FP caused such files to be incorrectly detected as
Adware.CPush. This FP was first introduced in
RapidRelease definitions build number 70817 (version 07/14/2007 revision 32)
and in the 07/15/2007 revision 2 LiveUpdate and Intelligent Updater
definitions. It was corrected in RapidRelease definitions build number 70822
(version 07/15/2007 revision 4).

Today's LiveUpdate and Intelligent Updater definitions will also correct
this FP. These definitions will have the version 07/16/2007 revision 21.
Current ETA for posting is 10:30AM PDT. An additional message will be sent
approximately 30 minutes before the LiveUpdate virus definitions are
available for download.

By Roger on July 15, 2007 3:55 PM | | Comments (14) | TrackBacks (0)

SYM07-019 Decomposer Update Tool Expected July 18th

Symantec sent an email early today to its Platinum customers reporting that they are working on a tool which will update the decomposer engine in Symantec AntiVirus Corporate Edition and Symantec Client Security.

The tool will update all supported versions of SAV and SCS to the latest decomposer engines to address the SYM07-019 vulnerability.

They estimate this tool will be released by the end of the day on Wednesday July 18th, 2007 US Pacific Time.

I wasn't particularly looking forward to upgrading my 10.0.2 clients to 10.1.6. So hopefully this will make it possible to easily upgrade the vulnerable component.

By Roger on July 14, 2007 5:04 PM | | Comments (4) | TrackBacks (0)

FT reports Message Labs is for sale

After hearing about Postini's sale to Google, I wrote earlier this week wondering if Message Labs were also on the market.

A Friday article in the Financial Times reports that Message Labs has been positioning itself to be bought. As Brightmail, Frontbrdge and now Postini were purchased, it is hard for me to see if Message Labs is the the odd man out or if their value is greater now that other options have been removed. The article also states that if a sale is not complete, an IPO could be in the works (reminds me of the Sybari IPO where Microsoft bought the company).

The article reports that likely buyers are McAfee, TrendMicro, IBM and HP.

By Roger on July 14, 2007 2:54 PM | | Comments (0) | TrackBacks (0)

Symantec Antivirus CAB decomp vulnerability

Multiple vulnerabilities have been announced today in Symantec Antivirus. The most critical of these vulnerabilities could allow arbitrary code execution.

Currently users of 10.0 and 10.1 are being advised to upgrade to 10.1.6.6000. 10.2 is not affected. Hopefully the guidance here will become more clear. During last year's SAV vulnerability it took quite a while before MSP files were released for all supported product branches. Right now, I would have to completely upgrade the client instead of installing a small patch.

By Roger on July 11, 2007 6:57 PM | | Comments (0) | TrackBacks (0)
« Antivirus: June 2007 | Main Index | Archives | Antivirus: August 2007 »

Search