Security Basics mailing list archives
Re: virus got past mcafee viruscan 8.7
From: Shreyas Zare <shreyas () technitium com>
Date: Thu, 7 May 2009 00:19:09 +0530
Hi Anand, Antivirus will detect viruses only that it knows, so it wont detect/block any executable unless it has a matching signature for it. New malware is found in hundreds everyday, so the AV company itself may not have a sample of the virus you got. Also, AV themselves are s/w written by someone, and are bound to have bugs. Such bugs can be exploited to bypass AV detection mechanisms. In your case, the malware is doing some action to bypass the Mcafee filter which looks like a bug being exploited. Regards, On Wed, May 6, 2009 at 5:19 AM, Anand Narine <anand.narine () gmail com> wrote:
Hi all Our client workstations all have Mcafee antivirus installed, but a virus infected on particular pc and has been sending out spam by making outbound connections on port 25. Mcafee viruscan 8.7 blocks programs from making outbound connections on port 25 by default so how did the virus get past ? I verified that the mcafee was working since I could not telnet to any mail server on the internet via port 25.
-- ("Computers have a strange habit of doing what you say, not what you mean." - SANS Top 25 Most Dangerous Programming Errors) Shreyas Zare Co-Founder, Technitium eMail: shreyas () technitium com ..::< The Technitium Team >::.. Visit us at www.technitium.com Contact us at theteam () technitium com Join Sci-Tech News group and get the latest science & technology news in your inbox. Visit http://tech.groups.yahoo.com/group/sci-tech-news to join. ------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both Instructor-Led and Online formats is the most concentrated exam prep available. Comprehensive course materials and an expert instructor means you pass the exam. Gain a laser like insight into what is covered on the exam, with zero fluff! http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html ------------------------------------------------------------------------
Current thread:
- Re: virus got past mcafee viruscan 8.7, (continued)
- Re: virus got past mcafee viruscan 8.7 Michael Graham (May 06)
- Re: virus got past mcafee viruscan 8.7 Phil Bieber (May 06)
- Message not available
- Re: virus got past mcafee viruscan 8.7 Phil Bieber (May 07)
- Re: virus got past mcafee viruscan 8.7 Michael Graham (May 06)
- Re: virus got past mcafee viruscan 8.7 Jeffrey Walton (May 06)
- Re: virus got past mcafee viruscan 8.7 Michael Graham (May 07)
- Re: virus got past mcafee viruscan 8.7 Jeffrey Walton (May 07)
- Re: virus got past mcafee viruscan 8.7 Anand Narine (May 07)
- RE: virus got past mcafee viruscan 8.7 Lape, Steve (May 07)
- Re: virus got past mcafee viruscan 8.7 Mike Acker (May 08)
- RE: virus got past mcafee viruscan 8.7 Oliver Friedrichs (May 08)