Full Disclosure mailing list archives
Re: McAfee VirusScan vs Metasploit Framework v2.x
From: Andre Ludwig <andre.ludwig () gmail com>
Date: Fri, 9 Dec 2005 15:08:12 -0500
Why dont you build a snort signature for it first (what bleeding or VRT dont have one yet???)? Seeing how you guys run snort on your network ;) So chalk it up guys, they use snort and McAfee, care to tell us your firewall types? Maybe an admin pw or something? Dre On 12/9/05, Michael Holstein <michael.holstein () csuohio edu> wrote:
If any of you can name any big network which is using Snort as an example, it will be very helpful./16 on a DS-3 here. Snort on a p4 3.2ghz box, with a fairly large ruleset (not the whole thing, but all the VRT ones, plus a bunch of bleeding ones, plus a bunch of overrides. I have it configured to automatically shutdown infected ports (not something it does natively .. a lot of Perl + MySQL + pixie dust). Rock solid. Thanks Marty :) Cheers, Michael Holstein CISSP GCIA Cleveland State University
On 12/9/05, Michael Holstein <michael.holstein () csuohio edu> wrote:
Looks like some overzealous idiot at McAfee added "Trojan" signatures for 202 files in the latest version of the Metasploit Framework. If you use the Framework for your job and have a McAfee support contract, *please* call them and let them know that their product is incorrectly tagging a standard security tool as a "Trojan" and that this is interfering with your ability to conduct business.A gun is a legitimate tool too .. except when it's in criminal hands. McAfee (and any other A/V product) let you configure exceptions/overrides. In my enterprise environment (McAfee, BTW), I would *want* copies of Metasploit yanked automatically from a PC. My $0.02 Michael Holstein CISSP GCIA Cleveland State University _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- McAfee VirusScan vs Metasploit Framework v2.x H D Moore (Dec 09)
- Re: McAfee VirusScan vs Metasploit Framework v2.x Michael Holstein (Dec 09)
- Re: McAfee VirusScan vs Metasploit Framework v2.x Andre Ludwig (Dec 09)
- Re: McAfee VirusScan vs Metasploit Framework v2.x Michael Holstein (Dec 09)
- Re: McAfee VirusScan vs Metasploit Framework v2.x Dude VanWinkle (Dec 09)
- Re: McAfee VirusScan vs Metasploit Framework v2.x Byron Copeland (Dec 09)
- Re: McAfee VirusScan vs Metasploit Framework v2.x Michael Holstein (Dec 09)
- Re: McAfee VirusScan vs Metasploit Framework v2.x Andre Ludwig (Dec 09)
- Re: McAfee VirusScan vs Metasploit Framework v2.x Michael Holstein (Dec 09)
- Re: McAfee VirusScan vs Metasploit Framework v2.x Dude VanWinkle (Dec 09)
- Re: McAfee VirusScan vs Metasploit Framework v2.x Orlando Padilla (Dec 09)
- Re: McAfee VirusScan vs Metasploit Framework v2.x sk / GroundZero (Dec 09)
- Re: McAfee VirusScan vs Metasploit Framework v2.x Stan Bubrouski (Dec 10)
- RE: McAfee VirusScan vs Metasploit Framework v2.x Pavel Kankovsky (Dec 11)