Full Disclosure mailing list archives

Re: Just when you thought Macafee stuff was safe!

From: "Keith W. McCammon" <keith-list () mccammon org>
Date: Tue, 23 Sep 2003 10:12:37 -0400

Any chance this is caused by not excluding the spamkiller programdirectories and/or repositories within the Virusscan engine?

Never used VSO, but this is standard practice for these types of"overlapping" tools. For example, directories associated with mailserver engines, SMTP gateways, etc. must be excluded from the systemengine to prevent duplicative scanning, as well as some more seriousstability issues.


gregh wrote:

Try this one out for yourself.

1) Make sure you have all this set up on an email address that is getting
lots of the latest virus infected emails.

2) Install Macafee Virusscan Online (AKA Macafee VSO).

3) Install Macafee's Spamkiller.

4) Note they are from the same company.

5) Pick up email with Spamkiller while VSO is running in the background.

6) Note how, for every infected email, you have to click "continue what I
was doing" and "No" to "Do you want to scan your computer?"......as said for
EVERY DAMNED EMAIL!

7) At some point during the email being checked by Spamkiller, watch
Spamkiller stuff up as VSO has deleted log files etc that it decided were
infected and auto cleaned.

8) Now imagine you have a network of around 20 or so users (more, if you
like) all with Macafee VSO and Spamkiller all going through what you just
put yourself through and realise that your users probably just use computers
to do their work on (and dirty web browsing habits - but that's another
story!) and cant afford the time to keep answering two questions per
incoming email and then deal with the fact that Spamkiller has crashed or
otherwise made life difficult. Imagine, if you were that user rushing to
meet a deadline, what you would do? If you had the ability, you would stop
Macafee VSO and/or Spamkiller and continue on.

9) Now with Spamkiller AND Macafee VSO stopped, imagine what work YOU will
have very shortly, fixing this.

10) Now start to wonder what the Bofh'n heck you chose these two products
for when they do that and why it is that Macafee hasnt fixed this!

.....sorta makes you realise why a major epidemic like we are currently
experiencing works when users are forced to turn off the things meant to
make their life easier and protect them to some extent, huh?

Greg.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Erm, Excuse Me, Honeynet.... sockz loves you (Sep 23)
- Re: Erm, Excuse Me, Honeynet.... morning_wood (Sep 23)
  - Re: Erm, Excuse Me, Honeynet.... V.O. (Sep 23)
  - Just when you thought Macafee stuff was safe! gregh (Sep 23)
    - Re: Just when you thought Macafee stuff was safe! Keith W. McCammon (Sep 23)
    - Re: Just when you thought Macafee stuff was safe! gregh (Sep 23)
    - RE: Just when you thought Macafee stuff was safe! Jeroen Massar (Sep 23)
    - Re: Just when you thought Macafee stuff was safe! gregh (Sep 23)
- **NEW** OpenSSH Vuln Today Jeremiah Cornelius (Sep 23)
- Re: Erm, Excuse Me, Honeynet.... Jeremiah Cornelius (Sep 23)
  - Re: Erm, Excuse Me, Honeynet.... Valdis . Kletnieks (Sep 23)
    - Re: Erm, Excuse Me, Honeynet.... Jeremiah Cornelius (Sep 23)
    - Re: Erm, Excuse Me, Honeynet.... Valdis . Kletnieks (Sep 24)
    - Re: Erm, Excuse Me, Honeynet.... Jeremiah Cornelius (Sep 23)