Your server is virus ??

Ofloo · 10-19-2004, 03:42 AM

the server i was using is picked up as an backdoor program wtf ?? by panda av scanners ..

Grendel · 10-19-2004, 01:43 PM

My McAfee 8.0i Enterprise did not find any viruses in ioFTPD.exe,
but I know that some other ftp-daemons are blacklisted by McAfee
(like "Servudaemon.exe").
If I raise the Virusscan security policy,
it can happen that ftp-daemons
are blocked by an "unwanted program" policy.
So you have to exclude this filename from scanning.

I will do exactly the same, if I was
working for an antivirus/Security company.
I will try to block all non-OS-included ftp-daemons
by default, who can easily used for a hacked
ftp-server installation via remote.

Every ftp-daemon is a potential security leak for a system.
Panda Antivirus do nearly the same here as McAfee...

It's not a bug - it's a feature

neoxed · 10-19-2004, 05:21 PM

Grendel, anti-virus vendors do not intentionally add false positives or blacklists. What usually happens is, a user or an administrator may discover that their system has been compromised and will submit the "root kit" related files. (Using the reporting tool included with their anti-virus software, etc.) Eventually, the anti-virus vendor will include signatures for those applications; not all vendors spend a great amount of time determining whether those applications are legitimate or actually âroot kitâ files.

Grendel · 10-20-2004, 04:34 AM

ok, maybe "blacklist" is the wrong word for it...

they called it "unwanted programs"...sounds better.

see here

http://vil.nai.com/vil/content/v_99901.htm
http://vil.mcafeesecurity.com/vil/content/v_99802.htm
http://vil.mcafeesecurity.com/vil/content/v_100451.htm

btw....

I can't find any threads about ioFTPD
on McAfee's Knowledge-bases at the moment.

Grendel · 10-20-2004, 04:48 AM

look-up:

can't find any threads about ioFTPD on Panda's page....
maybe it's a wrong detection by Panda's virus-scanner in this case, who knows...

Ofloo · 10-29-2004, 04:14 PM

no i am sur maybe they made a mestake once and then eventualy fixed it . .. i think its unexcusable crap av companys, if i wanted to look for root kits i would get a program that does that av is not an rootkit scanner at least thats what i think hmm i am gone file a complaint to panda lol ..

what is the point on having one if i see virus i start checking my whole system for more once one back door is detected there is always more so.. this program just wasted several hours of my time bah, it was listed as a backdoor and some weird name for ioftpd something that is like io but not realy the exact name ( i first tought it might of been an pe infected file, that was my main consurn bah ) i think they should stick to what they know and not just start making up viruses

maybe they should make something for hack defender that program still hides shit even when its detected !!!!