-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SYNOPSIS The default NAI/McAfee Viruscan Engine configuration does not include .VBS in the list of program file extensions, thereby skipping .VBS files when scanning. The VBS/Freelink virus and possible other viruses could go undetected. SOFTWARE VERSIONS - - McAfee Viruscan NT Engine 4.0.3a - - McAfee Viruscan 9x Engine 4.0.3 - - McAfee Netshield Engine 4.0.3 - - McAfee Groupshield for Notes Engine 4.50 remark: These are only the software versions we currently use in production. Others may be affected too. SUMMARY Recently, an employee at our company got infected with the VBS\Freelink virus. Since we have Total Virus Defense, and have viruscan engines on our mail servers, file servers and client machines, we were quite surprised to have trouble with a virus that has been in the NAI DAT files since 07/07/1999 (DAT version 4035). A quick check told us that the default settings scan "only program files", and that the .VBS extension was not included in the default list of program extensions. Therefore, VBS files are skipped during scans. The only way to update this is by adding the VBS extension manually to the list of extensions in the client. We have contacted Network Associates Support about this Februari 12, and have been in touch with them multiple times. There seems to be some confusion about the problem at the support desk. WORKAROUND Two possible solutions: - - Add the .VBS extension to the list of program file extensions in the on-access monitor, and the viruscan program... Keep in mind that different viruscan programs have their own lists! - - Select "Scan All Files" DISCLAIMER On the NAI virus library page for VBS/Freelink, a short note is included about the topic; but a lot of customers do not know about this issue. See http://vil.nai.com/vil/vbs10225.asp for the full page. CREDITS Gregg De Winter Bram Kerkhof PGP Public Key Get it at ldap://certserver.pgp.com -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 5.5.3i for non-commercial use <http://www.pgpi.com> iQA/AwUBOMUpZjMB44xYPakpEQKvZQCfeGv+CsXz/90gfTddmu9LSyJq8J0An3RQ 6kNQBYSgnZHsFTpUsC15L1Xj =EsNY -----END PGP SIGNATURE-----
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:39:07 PDT