Security Basics mailing list archives
Re: virus got past mcafee viruscan 8.7
From: Jeffrey Walton <noloader () gmail com>
Date: Wed, 6 May 2009 14:54:19 -0400
Unfortunately, anti-virus isn't capable of stopping the most common or basic of malware. Simply moving the hostile payload beyond the first hundred bytes or so of an executable is enough to prevent most AV software from detecting/alerting.
Could you qualify this statement? I don't believe it accurately reflects the current state of the art in detection. For a survey, read Szor's 'The Art of Virus Research and Defense'. I'd suspect the malware is relatively new or otherwise has not been analysed. Perhaps the OP should submit the malware for analysis. Jeff On 5/6/09, Michael Graham <jmgraham () gmail com> wrote:
Unfortunately, anti-virus isn't capable of stopping the most common or basic of malware. Simply moving the hostile payload beyond the first hundred bytes or so of an executable is enough to prevent most AV software from detecting/alerting. Beyond that, the number of third-party applications with serious vulnerabilities (Acrobat seems to be this year's problem) means that relying on anti-virus to prevent malware infection is likely to result in an unpleasant surprise. On Tue, May 5, 2009 at 7:49 PM, Anand Narine <anand.narine () gmail com> wrote:Hi all Our client workstations all have Mcafee antivirus installed, but a virus infected on particular pc and has been sending out spam by making outbound connections on port 25. Mcafee viruscan 8.7 blocks programs from making outbound connections on port 25 by default so how did the virus get past ? I verified that the mcafee was working since I could not telnet to any mail server on the internet via port 25. [SNIP]
------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both Instructor-Led and Online formats is the most concentrated exam prep available. Comprehensive course materials and an expert instructor means you pass the exam. Gain a laser like insight into what is covered on the exam, with zero fluff! http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html ------------------------------------------------------------------------
Current thread:
- virus got past mcafee viruscan 8.7 Anand Narine (May 06)
- Re: virus got past mcafee viruscan 8.7 Phil Bieber (May 06)
- Re: virus got past mcafee viruscan 8.7 Michael Graham (May 06)
- Re: virus got past mcafee viruscan 8.7 Michael Graham (May 06)
- Re: virus got past mcafee viruscan 8.7 Phil Bieber (May 06)
- Message not available
- Re: virus got past mcafee viruscan 8.7 Phil Bieber (May 07)
- Re: virus got past mcafee viruscan 8.7 Michael Graham (May 06)
- Re: virus got past mcafee viruscan 8.7 Jeffrey Walton (May 06)
- Re: virus got past mcafee viruscan 8.7 Michael Graham (May 07)
- Re: virus got past mcafee viruscan 8.7 Jeffrey Walton (May 07)
- Re: virus got past mcafee viruscan 8.7 Anand Narine (May 07)
- RE: virus got past mcafee viruscan 8.7 Lape, Steve (May 07)
- Re: virus got past mcafee viruscan 8.7 Mike Acker (May 08)
- RE: virus got past mcafee viruscan 8.7 Oliver Friedrichs (May 08)
- <Possible follow-ups>
- Fwd: virus got past mcafee viruscan 8.7 Alan Strader` (May 08)