A result from Symantec:- “Submission # 3271252.The Trojan Horse detection was removed this morning and the correction is available in the 10/7/03 Intelligent Updater files.Submission # 3273288.We’ve corrected this detection. The fix will be available in the 10/8/03 virus definitions.”
Now all I have to do is work out why Outlook insists on not being able to find a dll even after I’ve deleted the extend.dat file.
my firebird.dll was submitted to Norton’s SARC this afternoon so hopefully it will get removed as a false positive. Apparently you can only submit one file a day, so the pspv.zip file gets sent to them tomorrow. UpdateThe (automated) response came back in saying that the file is infected -“result: This file is infected with Trojan Horse.
Developer notes: X:\Program Files\MozillaFirebird\FireDLL.dll is non-repairable threat. NAV with the latest
beta definition detects this. Please delete this file and replace it if neccessary. Please follow the instruction at the end of this email message to install the latest beta definitions. ”
Nowhere have they said that oh sorry, this might be a false positive – grrrrr
Update 2Looking on google it looks like some other people have had the same problem with firedll.dll. It turns out that this is a tool that was available for download on grc.com which tests whether your personal firewall is subject to leaks, allowing utils access to the internet that you’ve specifically not authorised. Norton (and others) have now decided this is not acceptable to have on your pc. Related to this, you can see if your AV software acts in the same way by checking to see whether you can download these two files from the firehole site
Two useful pages on troubleshooting communication between a Symantec client and the Symantec Corporate Edition client. These were given as part of a solution to a problem I have but unfortunately have *nothing* to do with the actual problem but are handy for other situations. A guide to the Grc.dat file in Symantec AntiVirus Corporate Edition 8.0, How to troubleshoot Symantec AntiVirus Corporate dition 8 communication problems
The problem with Norton has been fixed. I tracked the bandwidth down to our main update server downloading antivirus updates every 10 minutes – the same updates every 10 minutes. Once I disabled “continuous live updates” which should only attempt to get live updates if the definitions are more than 10 days old (they were uptodate) , I found it was *still* trying to download the updates. A long call to Symantec helpline and he asked me to check everything that I had already done, which was comforting to know that I was on the right track. We re-enabled continuous updates,clicked apply and then disabled it again….and the updates still kept being downloaded every 10 minutes. It was decided that maybe a reboot would force the system to reread the configuration and start downloading once a day (although I had already done one reboot). I scheduled a reboot for 10pm and went home – At 7pm the updates stopped.Reboot at 10pm and a scheduled download at 4am – as per configuration. Very strange.
Somewhere in our configuration I think we’ve set something up wrong as yesterday our central Norton AntiVirus server downloaded 324MB of updates via the http protocol…so today is being spent troubleshooting it 🙁
now this is the sort of message I’d expect to see – I’m very impressed with this AV for Exchange – content filtering could be good fun if you set the word “the” as objectional content 🙂
Location of the infected item: //Mailing Lists/uniVerse
Sender of the infected item: MS Corporation Internet Security Center
Subject of the message: Newest Net Security Pack
The attachment “PACK817.exe” was Quarantined for the following reasons:
The file was unrepairable. Virus Info:
Virus W32.Swen.A@mm was found.
This was done due to the following Symantec AVF settings:
Policy: Standard
SubPolicy: Error SubPolicy
Rule: Unrepairable Virus Rule
I think there might be a variant on the swen virus doing the rounds as since 8.19 this morning we are getting similar looking emails coming into the office but NAV is not able to scan them and instead of “Attachment something.exe was Deleted for the following Reasons: Virus W32.Swen.A@mm was found” we are now getting “No action was taken on the attachment. Attachment something.exe was Logged Only for the following reasons: Scan Engine Failure (0x80004005). The symantec query results look like its a problem with some compressed files but I’m shortly about to upgrade our email scanning software so we’ll see if we still get it then.
We had several detections of the Worm.Automat.AHB. Interestingly this has now been renamed W32.Swen.A@mm. I checked the server that gets updates every night and it was using definitions dated 18th September (which catches this worm) and despite it updating every night, it hadn’t downloaded the definitions dated 19th September which according to Symantec’s Virus watch page detects 5 more new virus’s
Unixgirl details New lows in pop-ups where a message appears telling you that you have a virus if you go to http://www.ownbox.com/treasure . I’ve deliberately not linked the url. I can just see this being used by spyware authors and phonedialers
I’ve found that there is an alternative to AVG free Anti-Virus Software called BitDefender. I’ve not tried this yet though. It will be interesting to see if it clashes with bigfix like AVG does (although that clash is fixed by hitting the “fix button”)