Alan Hargreaves' Blog

The ramblings of an Australian SaND TSC* Principal Field Technologist

McAfee data file 6282 reporting a trojan on Solaris (SPARC and x64) ?

I had a few support calls today and yesterday with folks asking us about their scanners reporting:

Found the PWS-SPyEye!env.a trojan !!!

against a lot of different files on Solaris ranging from database install executables to parts of a python patch.

I found a thread on the McAfee community site discussing this. It wasn’t only Solaris that was having the problem. There were a few people who had run tests against files which had not been modified (and stored on DVD) from before the time that this trojan hit being reported as vulnerable.

I had another look this morning and it appears that these reports only occur on version 6282 of the virus definitions file and that todays file (version 6286) no longer shows these files as hits.

Before logging an Oracle support call if you see this, could you try updating the virus definitions file to at least version 6286?

Kudos to McAfee for sorting this out quickly.

Advertisements

Written by Alan

March 16, 2011 at 10:02 am

Posted in Security, Solaris, Work

One Response

Subscribe to comments with RSS.

  1. […] Verify that the system really is vulnerable. As I pointed out in an earlier blog, looking at the version label is not always enough to say that a version is vulnerable. Let alone the fact that sometimes even the best of tools get false positives. […]


Comments are closed.

%d bloggers like this: