James,
I spoke to Network Associates with regard to this problem. They stated that,
"There
was indeed a problem with the detection of this virus in the 4067 DAT
files, but the 4068 DAT files have been corrected and no longer detect this
as infected. ". I have tested with the updated DAT and sure enough, there is no
virus.
Sorry for the semi-alarm.
Regards,
Ken Viola
James_Shanks@tivoli.com wrote:
> Well, OK, but my take on this is still the same -- that even this virus only
> affects executbale code and that's not what those files were. I don't know
> exactly how or where those catalogs are used but if they are called by a
> running
> routine, I would expect an access violation or Dr. Watson sooner or later if
> they aren't there. You may have to re-install 5.1.2 to get them back.
>
> I can tell you that I can find no record of anything like this having been
> reported before, and 5.1.2 is now old hat. We released 5.1.3 to manufacturing
> this week and it will be shipping next week.
>
> James Shanks
> Tivoli (NetView for UNIX and NT) L3 Support
>
> Kenneth Viola <kviola@cpcug.org> on 03/10/2000 12:14:52 PM
>
> Please respond to IBM NetView Discussion <nv-l@tkg.com>
>
> To: IBM NetView Discussion <nv-l@tkg.com>
> cc: (bcc: James Shanks/Tivoli Systems)
> Subject: Re: [NV-L] virus on Netview NT 5.1.2 CD?
>
> James,
>
> The following is all I know currently on this. I have not contacted McAfee
> yet, but will next week as I'm currently in travel. Hopefully, there is no
> call for alarm, but it does need further investigation.
>
> Information from
> McAfee's readme on this release shows:
>
> W32/ File-infector or boot-sector
> virus. Runs in 32-bit Windows
> environments (Windows 95,
> Windows 98 or Windows NT)
>
> .CMP. Companion file. This designates a
> companion file that the virus
> adds to an existing executable
> file. McAfee software deletes the
> companion file to prevent later
> infections .MP. Multi-partite
> virus. A McAfee designation
>
> .GR Generic detection and removal.
> Native routines in McAfee software
> detect and remove this virus without
> using specific code strings.
>
> WINDOWS PORTABLE EXECUTABLE FILE VIRUSES (9)
> --------------------------------------------
> W32/AZACO.CMP.GR
>
> 3/7/00 1:15 PM Scan Started Administrator Scan CDROM
> 3/7/00 1:15 PM Scan Error Administrator Error occured while
> scanning boot sector of F.
> 3/7/00 1:19 PM Infected Administrator
> F:\intel\nvfiles\filtered.cat W32/Azaco.cmp.GR (Removable)
> 3/7/00 1:22 PM Scan Summary Administrator Scan Summary
> 3/7/00 1:22 PM Scan Summary Administrator Boot sectors
> scanned : 1
> 3/7/00 1:22 PM Scan Summary Administrator Boot sectors
> infected : 0
> 3/7/00 1:22 PM Scan Summary Administrator Boot sectors
> cleaned : 0
> 3/7/00 1:22 PM Scan Summary Administrator Files scanned
> : 5787
> 3/7/00 1:22 PM Scan Summary Administrator Files infected
> : 1
> 3/7/00 1:22 PM Scan Summary Administrator Files cleaned
> : 0
> 3/7/00 1:22 PM Scan Summary Administrator Files deleted
> : 0
> 3/7/00 1:22 PM Scan Summary Administrator Files moved
> : 0
> 3/7/00 1:22 PM Scan Complete Administrator Scan CDROM
>
> Regards,
>
> Ken Viola
> kviola@cpcug.org
>
> On Fri, 10 Mar 2000 James_Shanks@tivoli.com wrote:
>
> >
> >
> > Well, it is highly likely that this is a fluke and you should take it up
> > with
> > VirusScan. Even before looking, I can tell you that all the build machines
> run
> > Norton AntiVirus regularly.
> >
> > I just updated my Norton anti-virus to the latest defs, which are dated
> > 03/01/2000 and it found no viruses on a scan of that same CD. I check the
> virus
> > list, but did not find one labelled W32/Azaco.cmp.GR though I did see one
> > labeled W32.Azaco.8192.A. I have no idea if they are the same or not. But
> > W32.Azaco.8192.A. infects only EXE files and is very rare. What does
> > W32/Azaco.cmp.GR infect? The files you have identified are read-only
> > message
> > catalogs and contian no executable code.
> >
> > James Shanks
> > Tivoli (NetView for UNIX and NT) L3 Support
> >
> >
> >
> > Viola Kenneth <Kenneth.Viola@irs.gov> on 03/10/2000 11:07:12 AM
> >
> > Please respond to IBM NetView Discussion <nv-l@tkg.com>
> >
> > To: "'nv-l@tkg.com'" <nv-l@tkg.com>
> > cc: "'kviola@cpcug.org'" <kviola@cpcug.org> (bcc: James Shanks/Tivoli
> Systems)
> > Subject: [NV-L] virus on Netview NT 5.1.2 CD?
> >
> >
> >
> >
> > Greetings all,
> >
> > I found a virus using VirusScan NT (Network Associates) scan engine 4.0.02
> > with virus definition file version 4.0.4067 dated March 1, 2000. It is
> > identified as W32/Azaco.cmp.GR and appears to infect file:
> > \usr\ov\nls\c\filtered.cat. The virus is also on the CD in file:
> > intel\nvfiles\filtered.cat.
> >
> > Does anyone know if this is a serious virus or if it's being reported by
> > VirusScan in error? The virus could not be removed automatically by
> > VirusScan so I removed the read attribute and deleted it manually. Is this
> > an important file for Netview operation?
> >
> > Does IBM know about this?
> >
> > Please help.
> >
> > Regards,
> >
> > Ken Viola
> > IRS NMC staff
> > kviola@cpcug.org
> >
> >
>
> _________________________________________________________________________
>
> NV-L List information (unsubscribing, policies, posting, digest version,
> searchable archives): http://www.tkg.com/nv-l
>
> _________________________________________________________________________
>
> NV-L List information (unsubscribing, policies, posting, digest version,
> searchable archives): http://www.tkg.com/nv-l
|