From: Presley, Steve (spresleyQUALCOMM.COM)
Date: Fri Oct 10 2003 - 17:37:02 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I have been working with Trend over the past few weeks on this very
issue when I discovered that the EICAR was no longer working correctly
with Scanmail 6.1. I will try to avoid bashing Trend here (my opinion
of them has changed from what it was a few weeks ago due to this issue).
Basically it comes down to what type of scanning you are doing. If you
are using the "Active Action" scanning, then it will pass the EICAR.
This is at least how they designed it. In my situation I was not using
"Active Action", yet the EICAR was still being passed. After 2 weeks,
5+ engineers, and a kb article we discovered why the EICAR was being
passed (a design change that no one knew about) and I had a "hot fix".
I have inquired with Trend as to why they changed it and I was told that
it was a request from marketing (I am not making this up). I also asked
if this is something that will go in for all of their products and I was
told that it would (so this is not limited to Scanmail 6.x).

I have written a number of emails to them on why this is a bad idea and
also why I think the way they did it was also not the best way. They
did not tell any of their customers that they were planning on doing
this (us at least..so I assume they did not tell others as well as their
support staff who no clue on this matter until they went and asked
development). Having to resort to sending live viruses through a mail
infrastructure or having to apply a hotfix (when the problem originated
from a pattern file) is a problem for me. I hope they realize this is a
bad idea and fix it soon.

Best regards,

Steve

-----
Wondering as to whether the list is running? The NTBugtraq archives are
updated first before messages are emailed to subscribers. Check the
archives first to see if you have missed any messages;

http://www.ntbugtraq.com/archives

-----

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]