NAI/McAfee Viruscan Engine does not scan .VBS files by default

From: Bram Kerkhof (mcafee-bugsat_private-WARENESS.BE)
Date: Tue Mar 07 2000 - 09:08:42 PST

Next message: Dan Schrader: "Re: OfficeScan; additional observation"

Previous message: Mariusz Woloszyn: "Re: lynx - someone is deaf and blind ;)"
Next in thread: Roy Voortman: "Re: NAI/McAfee Viruscan Engine does not scan .VBS files by default"
Reply: Roy Voortman: "Re: NAI/McAfee Viruscan Engine does not scan .VBS files by default"
Reply: Eric Chien: "Re: NAI/McAfee Viruscan Engine does not scan .VBS files by default"
Reply: Paul Hoffman: "Re: NAI/McAfee Viruscan Engine does not scan .VBS files by default"
Reply: Roy Voortman: "Re: NAI/McAfee Viruscan Engine does not scan .VBS files by default"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


SYNOPSIS
The default NAI/McAfee Viruscan Engine configuration does not include
.VBS in the list of program file extensions, thereby skipping .VBS
files when scanning. The VBS/Freelink virus and possible other viruses
could go undetected.

SOFTWARE VERSIONS
- - McAfee Viruscan NT Engine 4.0.3a
- - McAfee Viruscan 9x Engine 4.0.3
- - McAfee Netshield Engine 4.0.3
- - McAfee Groupshield for Notes Engine 4.50
remark: These are only the software versions we currently use in
production. Others may be affected too.

SUMMARY
Recently, an employee at our company got infected with the
VBS\Freelink virus. Since we have Total Virus Defense, and have
viruscan engines on our mail servers, file servers and client
machines, we were quite surprised to have trouble with a virus that
has been in the NAI DAT files since 07/07/1999 (DAT version 4035).

A quick check told us that the default settings scan "only program
files", and that the .VBS extension was not included in the default
list of program extensions. Therefore, VBS files are skipped during
scans. The only way to update this is by adding the VBS extension
manually to the list of extensions in the client.

We have contacted Network Associates Support about this Februari 12,
and have been in touch with them multiple times. There seems to be
some confusion about the problem at the support desk.

WORKAROUND
Two possible solutions:
- - Add the .VBS extension to the list of program file extensions in the
on-access monitor, and the viruscan program... Keep in mind that
different viruscan programs have their own lists!
- - Select "Scan All Files"

DISCLAIMER
On the NAI virus library page for VBS/Freelink, a short note is
included about the topic; but a lot of customers do not know about
this issue. See http://vil.nai.com/vil/vbs10225.asp for the full page.

CREDITS
Gregg De Winter
Bram Kerkhof

PGP Public Key
Get it at ldap://certserver.pgp.com
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.5.3i for non-commercial use <http://www.pgpi.com>

iQA/AwUBOMUpZjMB44xYPakpEQKvZQCfeGv+CsXz/90gfTddmu9LSyJq8J0An3RQ
6kNQBYSgnZHsFTpUsC15L1Xj
=EsNY
-----END PGP SIGNATURE-----

Next message: Dan Schrader: "Re: OfficeScan; additional observation"
Previous message: Mariusz Woloszyn: "Re: lynx - someone is deaf and blind ;)"
Next in thread: Roy Voortman: "Re: NAI/McAfee Viruscan Engine does not scan .VBS files by default"
Reply: Roy Voortman: "Re: NAI/McAfee Viruscan Engine does not scan .VBS files by default"
Reply: Eric Chien: "Re: NAI/McAfee Viruscan Engine does not scan .VBS files by default"
Reply: Paul Hoffman: "Re: NAI/McAfee Viruscan Engine does not scan .VBS files by default"
Reply: Roy Voortman: "Re: NAI/McAfee Viruscan Engine does not scan .VBS files by default"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:39:07 PDT