Home page logo

pen-test logo Penetration Testing mailing list archives

RE: Panda ActiveScan false positive with Nessus .nasl files
From: "Pedro Bustamante" <pbustamante () pandasoftware com>
Date: Wed, 16 Aug 2006 15:42:34 +0200

Recently I checked mi winXP system with Panda online ActiveScan,
and I think it has found some false positive when checking some
nessus's .nasl files:

C:\Documents and Settings\FALSEUSER\Mis documentos\ FALSEPATH

I am curious about the first file's "DISINFECTED" status. 

In the case of port_shell_execution.nasl the Panda ActiveScan message
is misleading. Droppers cannot be disinfected, only deleted. Viruses
can be disinfected.  Linux/Test10879 is marked as a dropper, so
therefore the "disinfection" message you're seeing actually means that
the file was deleted. Anyhow, it has now been fixed.

Hacktool:DoS/42zip Not disinfected C:\Documents and Settings\
FALSEUSER \Mis documentos\FALSEPATH\nessus-

Regarding smtp_AV_42zip_DoS.nasl the detection is correct. Most AVs today will scan base64 embedded files with text 


Pedro Bustamante
Panda Software International

This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]