| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: safeer_00 at msn.com (L G) Subject: NAV (or any AV tool) and MSBlast I believe, at least in theory, unless the infected filename, or name of the worm (msblast.exe)for that matter, is not changed, the file will stay in quarantine, until removed and/or cleaned, thereby not enabling the same filename to be run. >From: L G [mailto:safeer_00@....com] >Sent: Wednesday, August 13, 2003 1:55 PM >To: full-disclosure@...ts.netsys.com >Subject: [Full-Disclosure] NAV (or any AV tool) and MSBlast > > >Hi all, > >A quick query... > >If an XP machine has the most recent NAV definitions, and the machine is >hit >by the RPC worm (msblast or any variant for which AV signature exists) > >1. Will the file get quarantined? > >2. If the machine is already infected, given that av will catch it during a >scan, after a reboot will msblast.exe continue to infect the computer or >could it be assumed "safe" in the quarantine folder? > >3. In short, what protection does any AV provide other than the fact that >the user is told that the machine is infected? > >Thanks. > >_________________________________________________________________ >MSN 8 with e-mail virus protection service: 2 months FREE* >http://join.msn.com/?page=features/virus > >_______________________________________________ >Full-Disclosure - We believe in it. >Charter: http://lists.netsys.com/full-disclosure-charter.html _________________________________________________________________ Help STOP SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail
Powered by blists - more mailing lists