LISTSERV - CLEANACCESS Archives - LISTSERV.MIAMIOH.EDU

CLEANACCESS Archives

April 2007

CLEANACCESS@LISTSERV.MIAMIOH.EDU

	LISTSERV Archives
	CLEANACCESS Home
	CLEANACCESS April 2007

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: What do these Clean Access agent files do?
From:	Alex Lanstein <[log in to unmask]>
Reply To:	Cisco Clean Access Users and Administrators <[log in to unmask]>
Date:	Fri, 27 Apr 2007 08:25:26 -0400
Content-Type:	text/plain
Parts/Attachments:	text/plain (96 lines)

Cisco must have used the the red phone

Mike Diggins wrote:
> Looks like Sophos has fixed the issue with the latest update.
>
> -Mike
>
>
> On Thu, 26 Apr 2007, Prem Ananthakrishnan (prananth) wrote:
>
>> Folks,
>>
>> We are looking into this. It appears to be an issue with Sophos
>> recognizing the .DLL wrongly.
>> It's a false positive. Will keep you guys posted
>>
>> We have made Sophos aware from our side as well
>>
>> Regards
>> Prem
>>
>> -----Original Message-----
>> From: Cisco Clean Access Users and Administrators
>> [mailto:[log in to unmask]] On Behalf Of Mike Diggins
>> Sent: Thursday, April 26, 2007 1:02 PM
>> To: [log in to unmask]
>> Subject: Re: What do these Clean Access agent files do?
>>
>> Just checked and we're seeing the same thing with Agent 4.0.4! Sophos
>> 6.5.5 is claiming C:\Program Files\Cisco Systems\Clean Access
>> Agent\AV41\AV\SpyBot.dll is infected with Mal/Behav-102. Virustotal
>> reports no infection so I assume it's a false positive too. I'll submit
>> a report to Sophos as well.
>>
>> -Mike
>>
>>
>> On Thu, 26 Apr 2007, Josh Heller wrote:
>>
>>> You can get a thorough and practically real-time analysis at
>>> virustotal.com
>>>
>>> Probably a good idea to check it out there as well.
>>>
>>> Best,
>>>
>>> Josh
>>>
>>> -----Original Message-----
>>> From: Cisco Clean Access Users and Administrators
>>> [mailto:[log in to unmask]] On Behalf Of David Stempien
>>> Sent: Thursday, April 26, 2007 3:18 PM
>>> To: [log in to unmask]
>>> Subject: What do these Clean Access agent files do?
>>>
>>> We are getting reports from our users that the file C:\Program
>>> Files\Cisco Systems\Clean Access Agent\AV41\AV\SpyBot.dll is infected
>> with a virus.
>>> We're using Sophos Anti-Virus with a definition file dated today, so a
>>
>>> change in the new definition file thinks the SpyBot.dll file is
>> infected.
>>> Obviously, this is a false positive (I hope).  I submitted the file to
>>
>>> Sophos for research.
>>>
>>> My question is: does anyone know what all of the .dll files in the
>>> path above actually contain/do in regards to Clean Access agent
>>> operation?  I assume something to identify installation of AV
>> software...
>>>
>>> Thanks,
>>>
>>> -- 
>>> Dave Stempien, Network Security Engineer University of Rochester
>>> Medical Center Information Systems Division
>>> 585-784-2427
>>>
>>
>>
>>             _________________________________________
>>
>> Mike Diggins                   Voice:  905.525.9140 Ext. 27471
>> Network Analyst, Enterprise Networks    FAX:    905.528.3773
>> University Technology Services         E-Mail: [log in to unmask]
>> McMaster University, Hamilton, Ontario
>>
>
>
>             _________________________________________
>
> Mike Diggins                   Voice:  905.525.9140 Ext. 27471
> Network Analyst, Enterprise Networks    FAX:    905.528.3773
> University Technology Services         E-Mail: [log in to unmask]
> McMaster University, Hamilton, Ontario

ATOM RSS1 RSS2

LISTSERV.MIAMIOH.EDU