CLEANACCESS Archives

April 2007

CLEANACCESS@LISTSERV.MIAMIOH.EDU
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: What do these Clean Access agent files do?
From:
"Prem Ananthakrishnan (prananth)" <[log in to unmask]>
Reply To:
Cisco Clean Access Users and Administrators <[log in to unmask]>
Date:
Thu, 26 Apr 2007 15:09:14 -0700
Content-Type:
text/plain
Parts/Attachments:
text/plain (77 lines) 
Folks,

We are looking into this. It appears to be an issue with Sophos
recognizing the .DLL wrongly.
It's a false positive. Will keep you guys posted

We have made Sophos aware from our side as well

Regards
Prem 

-----Original Message-----
From: Cisco Clean Access Users and Administrators
[mailto:[log in to unmask]] On Behalf Of Mike Diggins
Sent: Thursday, April 26, 2007 1:02 PM
To: [log in to unmask]
Subject: Re: What do these Clean Access agent files do?

Just checked and we're seeing the same thing with Agent 4.0.4! Sophos
6.5.5 is claiming C:\Program Files\Cisco Systems\Clean Access
Agent\AV41\AV\SpyBot.dll is infected with Mal/Behav-102. Virustotal
reports no infection so I assume it's a false positive too. I'll submit
a report to Sophos as well.

-Mike


On Thu, 26 Apr 2007, Josh Heller wrote:

> You can get a thorough and practically real-time analysis at 
> virustotal.com
>
> Probably a good idea to check it out there as well.
>
> Best,
>
> Josh
>
> -----Original Message-----
> From: Cisco Clean Access Users and Administrators 
> [mailto:[log in to unmask]] On Behalf Of David Stempien
> Sent: Thursday, April 26, 2007 3:18 PM
> To: [log in to unmask]
> Subject: What do these Clean Access agent files do?
>
> We are getting reports from our users that the file C:\Program 
> Files\Cisco Systems\Clean Access Agent\AV41\AV\SpyBot.dll is infected
with a virus.
> We're using Sophos Anti-Virus with a definition file dated today, so a

> change in the new definition file thinks the SpyBot.dll file is
infected.
> Obviously, this is a false positive (I hope).  I submitted the file to

> Sophos for research.
>
> My question is: does anyone know what all of the .dll files in the 
> path above actually contain/do in regards to Clean Access agent 
> operation?  I assume something to identify installation of AV
software...
>
> Thanks,
>
> --
> Dave Stempien, Network Security Engineer University of Rochester 
> Medical Center Information Systems Division
> 585-784-2427
>


             _________________________________________

Mike Diggins       			Voice:  905.525.9140 Ext. 27471
Network Analyst, Enterprise Networks    FAX:    905.528.3773
University Technology Services 		E-Mail: [log in to unmask]
McMaster University, Hamilton, Ontario

ATOM RSS1 RSS2