Wireshark-users: Re: [Wireshark-users] Barracuda false positive?
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: Ionreflex <ionreflex@xxxxxxxxx>
Date: Tue, 17 Apr 2007 20:39:08 -0400
I hope you'll keep us informed... thanks!


2007/4/17, Gerald Combs <gerald@xxxxxxxxxxxxx>:
...so what happens when a malware writer decides to name one of his or
her products "msvcr80.dll"?

I've posted a question on Barracuda's support forum.  It's pending approval.

Ionreflex wrote:
> Better now than never! Since there was no feedback, I though I could
> confirm that the Barracuda Web Filter appliance detects the stated
> infection since version 0.99.2 up to 0.99.5...
>
>
> *From*: Gerald Combs <gerald@xxxxxxxxxxxxx <mailto:gerald@DOMAIN.HIDDEN>>
> *Date*: Tue, 03 Oct 2006 09:11:17 -0700
>
> I received a message from a user that the Barracuda spam/virus firewall
> has detected the ILookup.Sbus worm in the Wireshark 0.99.2 release.
> This appears to a false positive -- the worm comes in a file named
> "sbus.dll", which is the same name used by Wireshark's S-Bus plugin.
>
> Are there any Barracuda users on the list that can verify this?
>
>
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Wireshark-users mailing list
> Wireshark-users@xxxxxxxxxxxxx
> http://www.wireshark.org/mailman/listinfo/wireshark-users

_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users