--On Wednesday, October 17, 2007 23:51:39 +0200 Peo Nilsson
<[EMAIL PROTECTED]> wrote:
I scanned my FreeBSD 6.2-Release (ports up to date) with
Avira Antivir personal ed, some days ago. The scanner returned
this:
...<snap>
checking drive/path (cwd): /
/usr/ports/security/p5-openxpki-client-html-mason/pkg-plist
Date: 11.10.2007 Time: 16:04:06 Size: 9975
ALERT:
[HTML/MHT.Gen]
/usr/ports/security/p5-openxpki-client-html-mason/pkg-plist <<< Contains
detection pattern of the HTML script virus HTML/MHT.Gen <snap>...
The information Avira has one can read here:
http://www.avira.com/en/threats/section/details/id_vir/3679/html_mht.gen.
html
I posted a question to [EMAIL PROTECTED]
They proposed that the scanner probably was "to nervous" for using with
Unix. (I can't tell myself)
Don't know if this says anything, but I though I would mention it
when I saw your posts.
I've never heard of a "nervous" anti-virus scanner, but that "detection" is
clearly a false positive. The pkg-plist file is a list of the files and
directories installed by the port, so that they can be removed when you run
"make deinstall". Avira probably saw one of the strings in the file as a
possible match to a known malicious script.
In fact, their description says it's "a generic detection routine designed
to detect common family characteristics shared in several variants"
<http://www.avira.com/en/threats/section/fulldetails/id_vir/3679/html_mht.gen.html>
If you're so inclined, you could report it to Avira so they can tweak their
detection accordingly.
--
Paul Schmehl ([EMAIL PROTECTED])
Senior Information Security Analyst
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
