funsec mailing list archives
RE: The false positive in McAfee GroupShield
From: "Craig Schmugar" <craig () getvirushelp com>
Date: Tue, 9 Oct 2007 19:56:02 -0700
One man's false positive is another man's proactive protection. Looking at the driver, "Exploit-CVE2007-3845" is a bit too specific of a name for such a heuristic detection. But, I'm not overly concerned about it catching other exploit code. OK, the context may not be exactly right in this specific Groupshield example, but I'm not one to sacrifice genericisity and performance for the sake of allowing security researchers to swap exploit code. Craig Schmugar Threat Researcher McAfee Avert Labs -----Original Message----- From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On Behalf Of rms () computerbytesman com Sent: Tuesday, October 09, 2007 12:03 PM To: funsec () linuxbox org Subject: Re: [funsec] The false positive in McAfee GroupShield This warning is kind of funny. I wonder what triggered the false positive in my original message. Richard
McAfee GroupShield™ Alert McAfee GroupShield discovered a problem with this email. If you do not know the sender, it is probably a virus. If you do know the sender but were not expecting an attachment from them or the subject or message text "doesn't sound like something they would say," it is probably a virus. Simply delete this message if you believe this message contains a virus. Do not be alarmed that you got a virus-laden message--some people are getting a dozen per day. Welcome to the club :-) Call the help desk at x5ITC if you need further information. Date/Time sent: 09 Oct 2007 14:48:21 Subject line: Re: [funsec] Adobe confirms critical vulnerability after a remarkable delay From: funsec-bounces () linuxbox org To: Juha-Matti Laurio Action taken: Replaced Reason: Anti-Virus Rule Group: Virus (if found): Exploit-CVE2007-3845 Quarantined file: Filename: Ticket: 10ac-470b-ccf5-0001 _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- McAfee GroupShield Alert rand (Oct 09)
- <Possible follow-ups>
- McAfee GroupShield Alert rand (Oct 09)
- Re: The false positive in McAfee GroupShield rms (Oct 09)
- Re: The false positive in McAfee GroupShield John Payne (Oct 09)
- RE: The false positive in McAfee GroupShield Craig Schmugar (Oct 09)
- Re: The false positive in McAfee GroupShield rms (Oct 09)