Go Back   FlashFXP Forums > > > >

ioFTPD General New releases, comments, questions regarding the latest version of ioFTPD.

Reply
 
Thread Tools Rate Thread Display Modes
Old 10-19-2004, 03:42 AM   #1
Ofloo
Member
 
Join Date: Jun 2003
Posts: 43
Default Your server is virus ??

the server i was using is picked up as an backdoor program wtf ?? by panda av scanners ..
Ofloo is offline   Reply With Quote
Old 10-19-2004, 01:43 PM   #2
Grendel
Senior Member
FlashFXP Beta Tester
ioFTPD Scripter
 
Grendel's Avatar
 
Join Date: Jul 2004
Posts: 187
Default

My McAfee 8.0i Enterprise did not find any viruses in ioFTPD.exe,
but I know that some other ftp-daemons are blacklisted by McAfee
(like "Servudaemon.exe").
If I raise the Virusscan security policy,
it can happen that ftp-daemons
are blocked by an "unwanted program" policy.
So you have to exclude this filename from scanning.

I will do exactly the same, if I was
working for an antivirus/Security company.
I will try to block all non-OS-included ftp-daemons
by default, who can easily used for a hacked
ftp-server installation via remote.

Every ftp-daemon is a potential security leak for a system.
Panda Antivirus do nearly the same here as McAfee...

It's not a bug - it's a feature
__________________
- FlashFXP v4.0 BETA (v3.7.9 Build 1401) registered
- Windows 7 x64
- McAfee Antivirus Enterprise 8.7i Patch 2 + Antispyware 8.7i
Grendel is offline   Reply With Quote
Old 10-19-2004, 05:21 PM   #3
neoxed
Too much time...
FlashFXP Beta Tester
ioFTPD Scripter
 
Join Date: May 2003
Posts: 1,326
Default

Grendel, anti-virus vendors do not intentionally add false positives or blacklists. What usually happens is, a user or an administrator may discover that their system has been compromised and will submit the "root kit" related files. (Using the reporting tool included with their anti-virus software, etc.) Eventually, the anti-virus vendor will include signatures for those applications; not all vendors spend a great amount of time determining whether those applications are legitimate or actually “root kit” files.
neoxed is offline   Reply With Quote
Old 10-20-2004, 04:34 AM   #4
Grendel
Senior Member
FlashFXP Beta Tester
ioFTPD Scripter
 
Grendel's Avatar
 
Join Date: Jul 2004
Posts: 187
Default

ok, maybe "blacklist" is the wrong word for it...
they called it "unwanted programs"...sounds better.

see here

http://vil.nai.com/vil/content/v_99901.htm
http://vil.mcafeesecurity.com/vil/content/v_99802.htm
http://vil.mcafeesecurity.com/vil/content/v_100451.htm

btw....

I can't find any threads about ioFTPD
on McAfee's Knowledge-bases at the moment.
__________________
- FlashFXP v4.0 BETA (v3.7.9 Build 1401) registered
- Windows 7 x64
- McAfee Antivirus Enterprise 8.7i Patch 2 + Antispyware 8.7i
Grendel is offline   Reply With Quote
Old 10-20-2004, 04:48 AM   #5
Grendel
Senior Member
FlashFXP Beta Tester
ioFTPD Scripter
 
Grendel's Avatar
 
Join Date: Jul 2004
Posts: 187
Default

look-up:

can't find any threads about ioFTPD on Panda's page....
maybe it's a wrong detection by Panda's virus-scanner in this case, who knows...
__________________
- FlashFXP v4.0 BETA (v3.7.9 Build 1401) registered
- Windows 7 x64
- McAfee Antivirus Enterprise 8.7i Patch 2 + Antispyware 8.7i
Grendel is offline   Reply With Quote
Old 10-29-2004, 04:14 PM   #6
Ofloo
Member
 
Join Date: Jun 2003
Posts: 43
Default

no i am sur maybe they made a mestake once and then eventualy fixed it . .. i think its unexcusable crap av companys, if i wanted to look for root kits i would get a program that does that av is not an rootkit scanner at least thats what i think hmm i am gone file a complaint to panda lol ..

what is the point on having one if i see virus i start checking my whole system for more once one back door is detected there is always more so.. this program just wasted several hours of my time bah, it was listed as a backdoor and some weird name for ioftpd something that is like io but not realy the exact name ( i first tought it might of been an pe infected file, that was my main consurn bah ) i think they should stick to what they know and not just start making up viruses


maybe they should make something for hack defender that program still hides shit even when its detected !!!!
Ofloo is offline   Reply With Quote
Reply

Tags
backdoor, program, scanners, server, wtf

Thread Tools
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
sock problem Gip Bug Reports 1 01-26-2003 01:01 PM


All times are GMT -5. The time now is 11:21 PM.

Parts of this site powered by vBulletin Mods & Addons from DragonByte Technologies Ltd. (Details)