OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Raymond CL Ho (raymond.ho_at_hyd.gov.hk)
Date: Wed Jul 10 2002 - 20:26:43 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
    majordomoiss.net Contact issforum-owneriss.net for help with any problems!
    ----------------------------------------------------------------------------

    Hi John,

    So do we need to scan the sensor directory? Please advise.

    Raymond

    John Taylor <john.taylortolerant.co.uk> on 11/07/2002 01:00:36
                                                                                    
                                                                                    
                                                                                    

                                                                  
                                                                  
                                                                  
     To: Adi Sakti <adi_saktihotmail.com>, issforumiss.net
                                                                  
     cc: (bcc: Raymond CL HO/HYD/HKSARG)
                                                                  
                                                                  
                                                                  
     Subject: RE: evd000.nc - Worms or not ?
                                                                  

    TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
    majordomoiss.net Contact issforum-owneriss.net for help with any problems!
    ----------------------------------------------------------------------------

    Adi,

    I think I know what this may be, it depends upon how intelligent the av you
    use is! It looks to me that Norton is picking up the string in the Sensor
    code relative to detecting code red and identifying it wrongly as Code red
    worm! I had similar problems with Norton but never saw it with McAffee.

    John

    -----Original Message-----
    From: Adi Sakti [mailto:adi_saktihotmail.com]
    Sent: Wednesday, July 10, 2002 12:55 AM
    To: issforumiss.net
    Subject: evd000.nc - Worms or not ?

    TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
    majordomoiss.net Contact issforum-owneriss.net for help with any
    problems!
    ----------------------------------------------------------------------------

    Dear all,

    After installing Norton Anti Virus on which server sensor v6.5 installed I
    got
    warning from NAV saying that it detects worm from file "evd000.enc".
    Does anybody knows whether this is worm or NAV misdetect it as worm.
    If this is not worm what is evd000.enc actually ?

    ===== Message from NAV ======

    Scan type: Realtime Protection Scan
    Event: Virus Found!
    Virus name: CodeRed Worm
    File: C:\Program
    Files\ISS\issSensors\server_sensor_web_english\BlackICE\evd000.enc
    Location: Quarantine
    Computer: JKTMPDCEHP01
    User: SYSTEM
    Action taken: Clean failed : Quarantine succeeded :
    Access denied
    Date found: Sat Jul 06 05:44:40 2002
    =======================================================

    Regards
    Adi

    _________________________________________________________________
    Join the world's largest e-mail service with MSN Hotmail.
    http://www.hotmail.com