Virus Signature Updates

A result from Symantec:- “Submission # 3271252.The Trojan Horse detection was removed this morning and the correction is available in the 10/7/03 Intelligent Updater files.Submission # 3273288.We’ve corrected this detection. The fix will be available in the 10/8/03 virus definitions.”
Now all I have to do is work out why Outlook insists on not being able to find a dll even after I’ve deleted the extend.dat file.

Top 75 Network security tools

Out of the Top 75 Network Security Tools listed on the page I have only NOT heard of 8 of the top 50. I’ve used probably half of the ones listed, the ones that I haven’t used are mainly the linux based ones but that will change over the next few months. (I’ve downloaded and played with Nmap recently – the front end to this makes light work of scanning a network although I still prefer GFI’s Scanner.

Submission to SARC

my firebird.dll was submitted to Norton’s SARC this afternoon so hopefully it will get removed as a false positive. Apparently you can only submit one file a day, so the pspv.zip file gets sent to them tomorrow. UpdateThe (automated) response came back in saying that the file is infected -“result: This file is infected with Trojan Horse.
Developer notes: X:\Program Files\MozillaFirebird\FireDLL.dll is non-repairable threat. NAV with the latest
beta definition detects this. Please delete this file and replace it if neccessary. Please follow the instruction at the end of this email message to install the latest beta definitions. ”
Nowhere have they said that oh sorry, this might be a false positive – grrrrr
Update 2Looking on google it looks like some other people have had the same problem with firedll.dll. It turns out that this is a tool that was available for download on grc.com which tests whether your personal firewall is subject to leaks, allowing utils access to the internet that you’ve specifically not authorised. Norton (and others) have now decided this is not acceptable to have on your pc. Related to this, you can see if your AV software acts in the same way by checking to see whether you can download these two files from the firehole site

SpamDrop

I downloaded and installed SurfSecret’s Spamdrop the other day on the office pc, and so far out of the 217 messages received today, not one of them has been detected as spam. The interface is VERY similar to the cloudmark SpamNet software but a bit clunkier. It does provide whitelisting and blacklisting though which is good however in order to get to this functionality and to see the spam stats you need to go to Tools/Options/Spamdrop/Advanced/ – a one click button on the toolbar that gets installed would be a lot friendlier. The other thing is that their faq page says it works via a web proxy, but when I checked our firewall logs traffic on port 8600 was being blocked.

Rss feeds working great.

After tinkering with my rss feed and from the encouraging response back on my question about whether the rss feed is valid I did some more tinkering this evening and I’ve now managed to create two feeds for RoseisRose and Rudy from comics.com by using dos batch file programming, sed and wget to do all the work. By running this script on my w2k machine each day I’ll have a feed updated with the latest daily cartoon. I can’t make this feed available for general consumption because of copyright issues but I don’t think it breaking copyright by using it myself. See cxliv or dwlt for more discussions on this issue.