Re: NAI/McAfee Viruscan Engine does not scan .VBS files by default

From: Eric Chien (ecchienat_private)
Date: Wed Mar 08 2000 - 01:50:54 PST

Next message: Katie Moussouris: "[TL-Security-Announce] mtr-0.41 and earlier TLSA2000003-1 (fwd)"

Previous message: Katie Moussouris: "[TL-Security-Announce] htdig-3.1.2-1 and earlier TLSA200005-1"
Maybe in reply to: Bram Kerkhof: "NAI/McAfee Viruscan Engine does not scan .VBS files by default"
Next in thread: Paul Hoffman: "Re: NAI/McAfee Viruscan Engine does not scan .VBS files by default"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello,

While this is a good timely reminder, this is nothing new and only
addresses a small point of the overall problem.  One should always scan ALL
files.  This is more because of Microsoft Word documents (Excel, etc. too)
which can have ANY extension and automagically spawn Word instead of
prompting you with a 'open this with?' dialog.  (The technical fine detail
is this is the case if the extension is not already associated with some
other program).

...Eric



At 06:08 PM 3/7/2000 +0100, Bram Kerkhof wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>
>SYNOPSIS
>The default NAI/McAfee Viruscan Engine configuration does not include
>.VBS in the list of program file extensions, thereby skipping .VBS
>files when scanning. The VBS/Freelink virus and possible other viruses
>could go undetected.
>
>SOFTWARE VERSIONS
>- - McAfee Viruscan NT Engine 4.0.3a
>- - McAfee Viruscan 9x Engine 4.0.3
>- - McAfee Netshield Engine 4.0.3
>- - McAfee Groupshield for Notes Engine 4.50
>remark: These are only the software versions we currently use in
>production. Others may be affected too.
>
>SUMMARY
>Recently, an employee at our company got infected with the
>VBS\Freelink virus. Since we have Total Virus Defense, and have
>viruscan engines on our mail servers, file servers and client
>machines, we were quite surprised to have trouble with a virus that
>has been in the NAI DAT files since 07/07/1999 (DAT version 4035).
>
>A quick check told us that the default settings scan "only program
>files", and that the .VBS extension was not included in the default
>list of program extensions. Therefore, VBS files are skipped during
>scans. The only way to update this is by adding the VBS extension
>manually to the list of extensions in the client.
>
>We have contacted Network Associates Support about this Februari 12,
>and have been in touch with them multiple times. There seems to be
>some confusion about the problem at the support desk.
>
>WORKAROUND
>Two possible solutions:
>- - Add the .VBS extension to the list of program file extensions in the
>on-access monitor, and the viruscan program... Keep in mind that
>different viruscan programs have their own lists!
>- - Select "Scan All Files"
>
>DISCLAIMER
>On the NAI virus library page for VBS/Freelink, a short note is
>included about the topic; but a lot of customers do not know about
>this issue. See http://vil.nai.com/vil/vbs10225.asp for the full page.
>
>CREDITS
>Gregg De Winter
>Bram Kerkhof
>
>PGP Public Key
>Get it at ldap://certserver.pgp.com
>-----BEGIN PGP SIGNATURE-----
>Version: PGPfreeware 5.5.3i for non-commercial use <http://www.pgpi.com>
>
>iQA/AwUBOMUpZjMB44xYPakpEQKvZQCfeGv+CsXz/90gfTddmu9LSyJq8J0An3RQ
>6kNQBYSgnZHsFTpUsC15L1Xj
>=EsNY
>-----END PGP SIGNATURE-----
>
>

Next message: Katie Moussouris: "[TL-Security-Announce] mtr-0.41 and earlier TLSA2000003-1 (fwd)"
Previous message: Katie Moussouris: "[TL-Security-Announce] htdig-3.1.2-1 and earlier TLSA200005-1"
Maybe in reply to: Bram Kerkhof: "NAI/McAfee Viruscan Engine does not scan .VBS files by default"
Next in thread: Paul Hoffman: "Re: NAI/McAfee Viruscan Engine does not scan .VBS files by default"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:39:15 PDT