Bugtraq mailing list archives
Re: Bypass Virus Checking
From: Jimmy_Kuo () NAI COM (Kuo, Jimmy)
Date: Wed, 2 Feb 2000 12:15:56 -0800
7. Solutions ------------With McAfee, just go into the exclusions tab and delete the \RECYCLED entry. You do that at your own risk of course, as I have no idea why it was excluded in the first place. As for NAV, I don't really have a good solution that doesn't involve doing creative things with a hex editor or installing software, which is to say that I don't have a good solution.This series of messages also highlight the need for us to remind people what it means to be using an antivirus product in its default mode. Each company has chosen a specific set of parameters under which it believes the average user would be best served. It is a compromise of security, functionality, and speed. With regard to McAfee VirusScan, it is correctly noted that we believe the average user would be best served if we do not "waste time" scanning the RECYCLED directory. And if a security minded person wishes, he is able to easily make the changes he needs to fit his security model. Of note here also is, a file does not generally just "appear" in the RECYCLED directory. It usually existed somewhere else first. The antivirus scanner would have caught it there, or would catch it when it is moved back out of that directory. We feel that the current settings are appropriate for the normal user. And that people who are more sensitive to this arena are afforded a sufficiently easy method to customize to their whim. Jimmy Kuo Director, AV Reseach, NAI Fellow McAfee division of Network Associates
Current thread:
- Re: recent 'cross site scripting' CERT advisory, (continued)
- Re: recent 'cross site scripting' CERT advisory Henri Torgemane (Feb 08)
- Re: 'cross site scripting' defenses flynngn () JMU EDU (Feb 06)
- Microsoft Security Bulletin (MS00-004) Microsoft Product Security (Feb 04)
- Sprint PCS vulnerable to malicious tags Paul Schreiber (Feb 04)
- Re: Bypass Virus Checking minus (Feb 03)
- Re: Bypass Virus Checking salme () US IBM COM (Feb 01)
- Re: Bypass Virus Checking Uwe Schurig (Feb 02)
- Re: Bypass Virus Checking Neil Bortnak (Feb 02)
- Re: Bypass Virus Checking Nick FitzGerald (Feb 03)
- Re: Bypass Virus Checking Winkelmann, Brian (Feb 02)
- Re: Bypass Virus Checking Kuo, Jimmy (Feb 02)
- Re: Bypass Virus Checking Eric D. Williams (Feb 03)
- Zeus Web Server: Null Terminated Strings Julian Midgley (Feb 08)
- Re: Bypass Virus Checking Paul L Schmehl (Feb 08)
- Re: Bypass Virus Checking David Harley (Feb 03)
- Re: Bypass Virus Checking Max Vision (Feb 04)