Re: Is NAV "Scan and Deliver" Fake?
- From: Adam Piggott <usenet@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 11 Jul 2005 15:01:09 +0100
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Chris Shearer Cooper wrote:
> Norton Anti-Virus 2005 has a feature where you can submit suspected viruses
> to them, called "Scan and Deliver". I have recently received some emails
> that contained extremely suspicious attachments, and so thought I would
> submit them to see if I was right.
>
> However, every time I tried to submit a virus, NAV gives me the same helpful
> error message - "Error in creating the Symantec Security Response package".
Gotta love them helpful error messages. It could be that your outgoing
email ISP is blocking the submission, but from the error it looks like it
might not even get that far.
Are you running any other anti-virus product? You could try downloading the
EICAR test file from http://www.eicar.org and seeing if you can submit that.
> I tried contacting Symantec tech support
You'd be surprised how one stops even considering ringing Symantec after a
few tries :-)
> Their tech support guy also had this to say -
> "if you are using a current version of Norton AntiVirus and have the most
> recent virus definitions, and Norton AntiVirus set to provide maximum
> protection does not find anything in your emails, then you can be confident
> that those mails are not infected. " which, as I pointed out to them, is not
> only blatantly incorrect, but a legally risky thing to be saying.
I can confirm the tech support's statement is incorrect. To go further, I
once found two suspicious programs running on a (new) customer's computer
which had NAV 2005 with up-to-date definitions. Not only did NAV not think
they were viruses, I was also told after submitting them to SARC that they
were benign. Two weeks later they were added as some Kasbot variant I think.
You can also try emailing any suspect files to scan@xxxxxxxxxxxxxx with the
subject: SCAN
....to have them scanned by numerous different anti-virus products or go to
Norman's "sandbox" technology page which gives you an analysis of what a
program does:
http://sandbox.norman.no/live_4.html
> Which got me thinking - they probably don't really need customers to submit
> suspected viruses to them, so maybe the whole feature is really just there
> to make people _think_ that they have a virus submission function? Maybe it
> doesn't work for anyone?
I'm using NAV 2002 and submitting a suspect file via the Quarantine does
work. Although it does only allow you to do it once a day which can be
annoying.
Symantec also provide a utility called SACERT.exe which is a stand-alone
program for submitting suspect files. If you can't find a link to download
it on Symantec's site and would like it, let me know by email.
> p.s. For the curious, here's why I found the attachment suspicious.
> 1) Emails sent to an address I only use when posting to newsgroups
> 2) Emails not sent from anybody I know
> 3) Contents of email either blank or obvious come-on ("See Paris Hilton
> Naked")
> 4) Attachment is a zipped EXE
You're quite right, although the term "definitely a virus" would be more
pertinent that "suspicious" ;-)
Cheers
- --
Adam Piggott, Proprietor, Proactive Services (Computing).
http://www.proactiveservices.co.uk/
Please replace dot invalid with dot uk to email me.
Apply personally for PGP public key.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (MingW32)
iD8DBQFC0nuj7uRVdtPsXDkRArALAKCD2LSb1X5qcF3pjQrIdXUlfxFG4QCbBbk6
VHCxWx/H1sRG8SGcGzxY03Y=
=fZDN
-----END PGP SIGNATURE-----
.
- Follow-Ups:
- Re: Is NAV "Scan and Deliver" Fake?
- From: * * Chas
- Re: Is NAV "Scan and Deliver" Fake?
- Prev by Date: Re: Win32 services
- Next by Date: Re: my Trend Internet Security now out of date what next?
- Previous by thread: Protection Pilot and remote sites.
- Next by thread: Re: Is NAV "Scan and Deliver" Fake?
- Index(es):
Relevant Pages
|
