Bugtraq mailing list archives
Re: NAI/McAfee Viruscan Engine does not scan .VBS files by default
From: ecchien () YAHOO COM (Eric Chien)
Date: Wed, 8 Mar 2000 10:50:54 +0100
Hello, While this is a good timely reminder, this is nothing new and only addresses a small point of the overall problem. One should always scan ALL files. This is more because of Microsoft Word documents (Excel, etc. too) which can have ANY extension and automagically spawn Word instead of prompting you with a 'open this with?' dialog. (The technical fine detail is this is the case if the extension is not already associated with some other program). ...Eric At 06:08 PM 3/7/2000 +0100, Bram Kerkhof wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SYNOPSIS The default NAI/McAfee Viruscan Engine configuration does not include .VBS in the list of program file extensions, thereby skipping .VBS files when scanning. The VBS/Freelink virus and possible other viruses could go undetected. SOFTWARE VERSIONS - - McAfee Viruscan NT Engine 4.0.3a - - McAfee Viruscan 9x Engine 4.0.3 - - McAfee Netshield Engine 4.0.3 - - McAfee Groupshield for Notes Engine 4.50 remark: These are only the software versions we currently use in production. Others may be affected too. SUMMARY Recently, an employee at our company got infected with the VBS\Freelink virus. Since we have Total Virus Defense, and have viruscan engines on our mail servers, file servers and client machines, we were quite surprised to have trouble with a virus that has been in the NAI DAT files since 07/07/1999 (DAT version 4035). A quick check told us that the default settings scan "only program files", and that the .VBS extension was not included in the default list of program extensions. Therefore, VBS files are skipped during scans. The only way to update this is by adding the VBS extension manually to the list of extensions in the client. We have contacted Network Associates Support about this Februari 12, and have been in touch with them multiple times. There seems to be some confusion about the problem at the support desk. WORKAROUND Two possible solutions: - - Add the .VBS extension to the list of program file extensions in the on-access monitor, and the viruscan program... Keep in mind that different viruscan programs have their own lists! - - Select "Scan All Files" DISCLAIMER On the NAI virus library page for VBS/Freelink, a short note is included about the topic; but a lot of customers do not know about this issue. See http://vil.nai.com/vil/vbs10225.asp for the full page. CREDITS Gregg De Winter Bram Kerkhof PGP Public Key Get it at ldap://certserver.pgp.com -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 5.5.3i for non-commercial use <http://www.pgpi.com> iQA/AwUBOMUpZjMB44xYPakpEQKvZQCfeGv+CsXz/90gfTddmu9LSyJq8J0An3RQ 6kNQBYSgnZHsFTpUsC15L1Xj =EsNY -----END PGP SIGNATURE-----
Current thread:
- NAI/McAfee Viruscan Engine does not scan .VBS files by default Bram Kerkhof (Mar 07)
- Re: NAI/McAfee Viruscan Engine does not scan .VBS files by default Eric Chien (Mar 08)
- Re: NAI/McAfee Viruscan Engine does not scan .VBS files by default Paul Hoffman (Mar 09)
- Re: NAI/McAfee Viruscan Engine does not scan .VBS files by defau Nick FitzGerald (Mar 08)
- Re: NAI/McAfee Viruscan Engine does not scan .VBS files by default Roy Voortman (Mar 08)
- Realnetworks is trojaning people...again!!! pedward () WEBCOM COM (Mar 08)
- [TL-Security-Announce] mtr-0.41 and earlier TLSA2000003-1 (fwd) Katie Moussouris (Mar 08)
- [TL-Security-Announce] htdig-3.1.2-1 and earlier TLSA200005-1 (fwd) Katie Moussouris (Mar 08)
- <Possible follow-ups>
- Re: NAI/McAfee Viruscan Engine does not scan .VBS files by default Roy Voortman (Mar 10)
- Re: NAI/McAfee Viruscan Engine does not scan .VBS files by default Eric Chien (Mar 08)