Security Basics mailing list archives

Re: virus got past mcafee viruscan 8.7

From: Shreyas Zare <shreyas () technitium com>
Date: Thu, 7 May 2009 00:19:09 +0530

Hi Anand,

Antivirus will detect viruses only that it knows, so it wont
detect/block any executable unless it has a matching signature for it.
New malware is found in hundreds everyday, so the AV company itself
may not have a sample of the virus you got. Also, AV themselves are
s/w written by someone, and are bound to have bugs. Such bugs can be
exploited to bypass AV detection mechanisms. In your case, the malware
is doing some action to bypass the Mcafee filter which looks like a
bug being exploited.

Regards,

On Wed, May 6, 2009 at 5:19 AM, Anand Narine <anand.narine () gmail com> wrote:

Hi all
Our client workstations all have Mcafee antivirus installed, but a
virus infected on particular pc
and has been sending out spam by making outbound connections on port 25.
Mcafee viruscan 8.7 blocks programs from making outbound connections
on port 25 by
default so how did the virus get past ? I verified that the mcafee was
working since I could
not telnet to any mail server on the internet via port 25.




-- 
("Computers have a strange habit of doing what you say, not what you
mean." - SANS Top 25 Most Dangerous Programming Errors)

Shreyas Zare
Co-Founder, Technitium
eMail: shreyas () technitium com

..::< The Technitium Team >::..
Visit us at www.technitium.com
Contact us at theteam () technitium com

Join Sci-Tech News group and get the latest science & technology news
in your inbox. Visit http://tech.groups.yahoo.com/group/sci-tech-news
to join.

------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both Instructor-Led and Online formats is the most 
concentrated exam prep available. Comprehensive course materials and an expert instructor means you pass the exam. Gain 
a laser like insight into what is covered on the exam, with zero fluff! 

http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html
------------------------------------------------------------------------

Current thread:

Re: virus got past mcafee viruscan 8.7, (continued)
- - Re: virus got past mcafee viruscan 8.7 Michael Graham (May 06)
    - Re: virus got past mcafee viruscan 8.7 Phil Bieber (May 06)
    - Message not available
    - Re: virus got past mcafee viruscan 8.7 Phil Bieber (May 07)
  - Re: virus got past mcafee viruscan 8.7 Jeffrey Walton (May 06)
    - Re: virus got past mcafee viruscan 8.7 Michael Graham (May 07)
    - Re: virus got past mcafee viruscan 8.7 Jeffrey Walton (May 07)
    - Re: virus got past mcafee viruscan 8.7 Anand Narine (May 07)
    - RE: virus got past mcafee viruscan 8.7 Lape, Steve (May 07)
    - Re: virus got past mcafee viruscan 8.7 Mike Acker (May 08)
    - RE: virus got past mcafee viruscan 8.7 Oliver Friedrichs (May 08)
- Re: virus got past mcafee viruscan 8.7 Shreyas Zare (May 06)
- Fwd: virus got past mcafee viruscan 8.7 Alan Strader` (May 08)