Date: Thu, 1 Jan 1998 16:22:28 +0100 (MET) From: j@uriah.heep.sax.de (J Wunsch) To: freebsd-bugs@freebsd.org Cc: ccosolo@ulti.net Subject: Re: misc/5383: bloodhound.MBR Virus detected by Norton AV after Boot Mgr Install Message-ID: <199801011522.QAA16587@uriah.heep.sax.de> In-Reply-To: <199712271647.IAA05026@hub.freebsd.org> References: <199712271647.IAA05026@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
ccosolo@ulti.net wrote: > After successfully installing freeBSD with The supplied boot > manager, I rebooted and selected dos. This boots win95 and executes > Norton AV win95's navboot.exe /startup from autoexec.bat. While > booting navboot detects bloodhound.MBR on the master boot record. I > selected the repair option and rebooted. This was certainly a mistake. :) Well, virus scanning is signature-based, and as such always risky at misdetecting something for a virus that isn't one. This is inherent to the virus scanning itself, and cannot reliably prevented. One customer of us once told me that his virus scanner `detected' a virus in /sbin/init. :-) >>Fix: > Modify code fragment to mismatch virus def on executable in bootmanager. Rather, tell the vendor of your virus scanner to increase the amount of data they are using to check the virus signature. Sorry, it's not a viable option for us to change the bootblocks to not incidentally match what virus scanner XYZ is using to check for virus ABC. What to do if this change makes the virus scanner misdetect it as something else? No, thanks. Besides, you didn't even tell us _what_ exactly the signature might be. How do you expect us to know? We don't have your virus scanner (and i'm not like buying it just for you -- i don't have any DOS files at all, so i don't need a virus scanner). > Or scan for possible virus in distribution And then? Besides(2), this would require bundling of a virus scanner product which is usually payware. We can guarantee you that there are no viruses in the files we are creating, and in order to check whether the files remained untouched, you can always match them against the MD5 checksums we are providing. Sorry to say, but that's really all we can do for this matter. p.s.: Yes, we should adopt a more recent version of booteasy anyway, for other reasons. This might or might not solve your problem. You can also try os-bs (should be found in the tools/ directory), maybe this doesn't check out as a pseudo-virus in your scanner... -- cheers, J"org joerg_wunsch@uriah.heep.sax.de -- http://www.sax.de/~joerg/ -- NIC: JW11-RIPE Never trust an operating system you don't have sources for. ;-)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199801011522.QAA16587>