Home page logo

basics logo Security Basics mailing list archives

Re: McAfee Anti Virus V4.5.1 SP1
From: "Lou" <LouC () tmlp com>
Date: Fri, 28 Nov 2003 13:37:08 -0500

not to sound full of myself, but i think everyone replying to this is wrong.
i dont know the EXACT reason as to why this is happening.  however, i
encountered the same problem back when the slammer worm was going around.  i
had norton on my machine actually and black ice at the same time.  my
machine would appear to be toally clean except my black ice .log files which
would say they were infected with the SQL slammer virus.  seeing that this
is impossible unless the code was injected into the log, i quickly convinced
myself that it was an uncooparable pair of programs working together, and
later removed black ice, and got a REAL firewal (hardware).  anyway i hope
that answers your question, or atleast relieves you.
----- Original Message ----- 
From: "Mike" <mjcarter () ihug co nz>
To: <security-basics () securityfocus com>
Sent: Friday, November 28, 2003 1:02 AM
Subject: McAfee Anti Virus V4.5.1 SP1

Hi All,
I have a question and  I can't get an answer from the vendor, their
is not free for this question.
We have had 3 or 4 machines come up infected with Nachi today but the on
access scanner didn't pick it up. Carrying out a full system scan did pick
it up.

I found the infected machines by going through Black Ice logs on my local
machine that showed RPC scans and then connecting to the remote machine's
C:\winnt\system32\wins directory and scanning the dllhost.exe and
svchost.exe files.

I don't have access to any kind of network scanner, our security policy
doesn't allow me to use them (I'm just a field ops support person).

Anyway... I'm trying to figure out why McAfee on access scanner isn't
picking these files up but the full system scan is. There is no difference
in the setup we have between on access or full scan.

Everything is up to date, including the MS patch levels, but that's

Is there another variant that might be stopping the on access scanner ???

Any ideas?





  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]