| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: pbieringer at aerasec.de (Dr. Peter Bieringer) Subject: Trend Micro Interscan Viruswall: missing whole_file_scan=yes let pass at least one Sobig.f eMail Hi again, --On Mittwoch, 3. September 2003 13:22 +0200 "Dr. Peter Bieringer" <pbieringer@...asec.de> wrote: > --On Mittwoch, 3. September 2003 12:56 +0200 "Dr. Peter Bieringer" > <pbieringer@...asec.de> wrote: > >> seen on Interscan Viruswall for Linux 3.8 Build 1080, one email >> containing a Sobig.f passed the scanner without any detection. >> >> A Trend Micro "vscan" run on the received plain mail will detect the >> virus. >> >> Response from support: add in section "[smtp]" option >> "whole_file_scan=yes" >> >> Interesting, looks like the default is "no" (very dangerous imho), also >> it looks like this option is neither documented nor changeable via web >> interface. I would only note that we also found at least one Bugbear (PE_BUGBEAR.DAM) passing if "whole_file_scan=yes" is not enabled. In addition a short note about the scan version engines: VSAPI v5.600-1011 (contained in Linux 3.8/build 1080) didn't found this Bugbear in any case found Sobig.f with whole_file_scan VSAPI v6.510-1002 (latest found on de.trendmicro-europe.com) found this Bugbear only with whole_file_scan -> Check version of scan engine and update, if not current: # /opt/trend/ISBASE/IScan.BASE/vscan -v Hope this helps, Peter -- Dr. Peter Bieringer Phone: +49-8102-895190 AERAsec Network Services and Security GmbH Fax: +49-8102-895199 Wagenberger Stra?e 1 Mobile: +49-174-9015046 D-85662 Hohenbrunn E-Mail: pbieringer@...asec.de Germany Internet: http://www.aerasec.de
Powered by blists - more mailing lists