Penetration Testing mailing list archives
RE: Panda ActiveScan false positive with Nessus .nasl files
From: "Pedro Bustamante" <pbustamante () pandasoftware com>
Date: Wed, 16 Aug 2006 15:42:34 +0200
Recently I checked mi winXP system with Panda online ActiveScan, and I think it has found some false positive when checking some nessus's .nasl files:
Virus:Linux/Test10879 Disinfected C:\Documents and Settings\FALSEUSER\Mis documentos\ FALSEPATH \nessus-installer.sh[nessus.tar.gz][nessus.tar][nessus- plugins/scripts/port_shell_execution.nasl]
I am curious about the first file's "DISINFECTED" status.
In the case of port_shell_execution.nasl the Panda ActiveScan message is misleading. Droppers cannot be disinfected, only deleted. Viruses can be disinfected. Linux/Test10879 is marked as a dropper, so therefore the "disinfection" message you're seeing actually means that the file was deleted. Anyhow, it has now been fixed.
Hacktool:DoS/42zip Not disinfected C:\Documents and Settings\ FALSEUSER \Mis documentos\FALSEPATH\nessus- installer.sh[nessus.tar.gz][nessus.tar][nessus-plugins/ scripts/smtp_AV_42zip_DoS.nasl][42.zip]
Regarding smtp_AV_42zip_DoS.nasl the detection is correct. Most AVs today will scan base64 embedded files with text files. Regards, Pedro Bustamante Panda Software International www.pandasoftware.com ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php ------------------------------------------------------------------------
Current thread:
- Panda ActiveScan false positive with Nessus .nasl files LEAD Soluciones Informaticas (Aug 12)
- <Possible follow-ups>
- RE: Panda ActiveScan false positive with Nessus .nasl files Pedro Bustamante (Aug 16)