CLEANACCESS Archives

April 2007

CLEANACCESS@LISTSERV.MIAMIOH.EDU
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: What do these Clean Access agent files do?
From:
David Stempien <[log in to unmask]>
Reply To:
Cisco Clean Access Users and Administrators <[log in to unmask]>
Date:
Fri, 27 Apr 2007 08:40:00 -0400
Content-Type:
text/plain
Parts/Attachments:
text/plain (102 lines) 
I concur.  I received notification from Sophos as well that this problem has

been fixed.  Thanks all for your help and input!



-- Dave





On 4/27/07 8:23 AM, "Mike Diggins" <[log in to unmask]> wrote:



> Looks like Sophos has fixed the issue with the latest update.

> 

> -Mike

> 

> 

> On Thu, 26 Apr 2007, Prem Ananthakrishnan (prananth) wrote:

> 

>> Folks,

>> 

>> We are looking into this. It appears to be an issue with Sophos

>> recognizing the .DLL wrongly.

>> It's a false positive. Will keep you guys posted

>> 

>> We have made Sophos aware from our side as well

>> 

>> Regards

>> Prem

>> 

>> -----Original Message-----

>> From: Cisco Clean Access Users and Administrators

>> [mailto:[log in to unmask]] On Behalf Of Mike Diggins

>> Sent: Thursday, April 26, 2007 1:02 PM

>> To: [log in to unmask]

>> Subject: Re: What do these Clean Access agent files do?

>> 

>> Just checked and we're seeing the same thing with Agent 4.0.4! Sophos

>> 6.5.5 is claiming C:\Program Files\Cisco Systems\Clean Access

>> Agent\AV41\AV\SpyBot.dll is infected with Mal/Behav-102. Virustotal

>> reports no infection so I assume it's a false positive too. I'll submit

>> a report to Sophos as well.

>> 

>> -Mike

>> 

>> 

>> On Thu, 26 Apr 2007, Josh Heller wrote:

>> 

>>> You can get a thorough and practically real-time analysis at

>>> virustotal.com

>>> 

>>> Probably a good idea to check it out there as well.

>>> 

>>> Best,

>>> 

>>> Josh

>>> 

>>> -----Original Message-----

>>> From: Cisco Clean Access Users and Administrators

>>> [mailto:[log in to unmask]] On Behalf Of David Stempien

>>> Sent: Thursday, April 26, 2007 3:18 PM

>>> To: [log in to unmask]

>>> Subject: What do these Clean Access agent files do?

>>> 

>>> We are getting reports from our users that the file C:\Program

>>> Files\Cisco Systems\Clean Access Agent\AV41\AV\SpyBot.dll is infected

>> with a virus.

>>> We're using Sophos Anti-Virus with a definition file dated today, so a

>> 

>>> change in the new definition file thinks the SpyBot.dll file is

>> infected.

>>> Obviously, this is a false positive (I hope).  I submitted the file to

>> 

>>> Sophos for research.

>>> 

>>> My question is: does anyone know what all of the .dll files in the

>>> path above actually contain/do in regards to Clean Access agent

>>> operation?  I assume something to identify installation of AV

>> software...

>>> 

>>> Thanks,

>>> 

>>> --

>>> Dave Stempien, Network Security Engineer University of Rochester

>>> Medical Center Information Systems Division

>>> 585-784-2427

>>> 

>> 

>> 

>>             _________________________________________

>> 

>> Mike Diggins          Voice:  905.525.9140 Ext. 27471

>> Network Analyst, Enterprise Networks    FAX:    905.528.3773

>> University Technology Services   E-Mail: [log in to unmask]

>> McMaster University, Hamilton, Ontario

>> 

> 

> 

>              _________________________________________

> 

> Mike Diggins          Voice:  905.525.9140 Ext. 27471

> Network Analyst, Enterprise Networks    FAX:    905.528.3773

> University Technology Services   E-Mail: [log in to unmask]

> McMaster University, Hamilton, Ontario

ATOM RSS1 RSS2