Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: McAfee VirusScan vs Metasploit Framework v2.x

From: Stan Bubrouski <stan.bubrouski () gmail com>
Date: Sat, 10 Dec 2005 11:06:07 -0500
McAfee sucks when it comes to security tools, they call them all
trojans and hacks.  A couple years ago I reported a few bugs in a
LanSuite Pro and included a perl script to show the attacks on
Bugtraq.  McAfee was blocking it a week later... but here's the
kicker:

Everyone on the list and any lists it had been forwarded to who had
McAfee were sending me e-mails claiming I sent them a virus.  I got
thousands of these messages flooding my Inbox.  McAfee's response was
that it was my problem... about 4 months later I stopped getting the
messages... but still this is how they act so it shouldn't surprise
you metasploit is blocked.

-sb



On 12/9/05, sk / GroundZero <fd-list () g-0 org> wrote:

Sure because they can pay NOT to be included by virii scanners so they make more sales ;)
Maybe it wasnt even an error, maybe a little tip from someone to the virii companies.. who knows.
Reminds me of the Sony case somehow.

-sk
Http://www.groundzero-security.com
----- Original Message -----
From: "Orlando Padilla" <xbud () g0thead com>
To: <full-disclosure () lists grok org uk>
Sent: Friday, December 09, 2005 9:18 PM
Subject: Re: [Full-disclosure] McAfee VirusScan vs Metasploit Framework v2.x



Would you yank out Canvas, and Core Impact products as well?

oh, wait... there probably isn't a sig for those so you wouldn't know.

On Friday 09 December 2005 11:38 am, Michael Holstein wrote:

Looks like some overzealous idiot at McAfee added "Trojan" signatures for
202 files in the latest version of the Metasploit Framework. If you use
the Framework for your job and have a McAfee support contract, *please*
call them and let them know that their product is incorrectly tagging a
standard security tool as a "Trojan" and that this is interfering with
your ability to conduct business.


A gun is a legitimate tool too .. except when it's in criminal hands.

McAfee (and any other A/V product) let you configure exceptions/overrides.

In my enterprise environment (McAfee, BTW), I would *want* copies of
Metasploit yanked automatically from a PC.

My $0.02

Michael Holstein CISSP GCIA
Cleveland State University
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: