Security Basics mailing list archives

Re: virus got past mcafee viruscan 8.7

From: Jeffrey Walton <noloader () gmail com>
Date: Wed, 6 May 2009 14:54:19 -0400

Unfortunately, anti-virus isn't capable of stopping the most common or
basic of malware.  Simply moving the hostile payload beyond the first
hundred bytes or so of an executable is enough to prevent most AV
software from detecting/alerting.

Could you qualify this statement? I don't believe it accurately
reflects the current state of the art in detection. For a survey, read
Szor's 'The Art of Virus Research and Defense'. I'd suspect the
malware is relatively new or otherwise has not been analysed. Perhaps
the OP should submit the malware for analysis.

Jeff

On 5/6/09, Michael Graham <jmgraham () gmail com> wrote:

Unfortunately, anti-virus isn't capable of stopping the most common or
basic of malware.  Simply moving the hostile payload beyond the first
hundred bytes or so of an executable is enough to prevent most AV
software from detecting/alerting.  Beyond that, the number of
third-party applications with serious vulnerabilities (Acrobat seems
to be this year's problem) means that relying on anti-virus to prevent
malware infection is likely to result in an unpleasant surprise.

On Tue, May 5, 2009 at 7:49 PM, Anand Narine <anand.narine () gmail com> wrote:

Hi all
Our client workstations all have Mcafee antivirus installed, but a
virus infected on particular pc
and has been sending out spam by making outbound connections on port 25.
Mcafee viruscan 8.7 blocks programs from making outbound connections
on port 25 by
default so how did the virus get past ? I verified that the mcafee was
working since I could
not telnet to any mail server on the internet via port 25.

[SNIP]


------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both Instructor-Led and Online formats is the most 
concentrated exam prep available. Comprehensive course materials and an expert instructor means you pass the exam. Gain 
a laser like insight into what is covered on the exam, with zero fluff! 

http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html
------------------------------------------------------------------------

Current thread:

virus got past mcafee viruscan 8.7 Anand Narine (May 06)
- Re: virus got past mcafee viruscan 8.7 Phil Bieber (May 06)
- Re: virus got past mcafee viruscan 8.7 Michael Graham (May 06)
  - Re: virus got past mcafee viruscan 8.7 Michael Graham (May 06)
    - Re: virus got past mcafee viruscan 8.7 Phil Bieber (May 06)
    - Message not available
    - Re: virus got past mcafee viruscan 8.7 Phil Bieber (May 07)
  - Re: virus got past mcafee viruscan 8.7 Jeffrey Walton (May 06)
    - Re: virus got past mcafee viruscan 8.7 Michael Graham (May 07)
    - Re: virus got past mcafee viruscan 8.7 Jeffrey Walton (May 07)
    - Re: virus got past mcafee viruscan 8.7 Anand Narine (May 07)
    - RE: virus got past mcafee viruscan 8.7 Lape, Steve (May 07)
    - Re: virus got past mcafee viruscan 8.7 Mike Acker (May 08)
    - RE: virus got past mcafee viruscan 8.7 Oliver Friedrichs (May 08)
- Re: virus got past mcafee viruscan 8.7 Shreyas Zare (May 06)
- <Possible follow-ups>
- Fwd: virus got past mcafee viruscan 8.7 Alan Strader` (May 08)