Full Disclosure mailing list archives
RE: NAV (or any AV tool) and MSBlast
From: "L G" <safeer_00 () msn com>
Date: Thu, 14 Aug 2003 09:16:48 -0500
I believe, at least in theory, unless the infected filename, or name of the worm (msblast.exe)for that matter, is not changed, the file will stay in quarantine, until removed and/or cleaned, thereby not enabling the same filename to be run.
From: L G [mailto:safeer_00 () msn com] Sent: Wednesday, August 13, 2003 1:55 PM To: full-disclosure () lists netsys com Subject: [Full-disclosure] NAV (or any AV tool) and MSBlast Hi all, A quick query...If an XP machine has the most recent NAV definitions, and the machine is hitby the RPC worm (msblast or any variant for which AV signature exists) 1. Will the file get quarantined? 2. If the machine is already infected, given that av will catch it during a scan, after a reboot will msblast.exe continue to infect the computer or could it be assumed "safe" in the quarantine folder? 3. In short, what protection does any AV provide other than the fact that the user is told that the machine is infected? Thanks. _________________________________________________________________ MSN 8 with e-mail virus protection service: 2 months FREE* http://join.msn.com/?page=features/virus _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_________________________________________________________________Help STOP SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- NAV (or any AV tool) and MSBlast L G (Aug 13)
- <Possible follow-ups>
- RE: NAV (or any AV tool) and MSBlast L G (Aug 14)