Can anyone tell me how I can verify if these virus alerts are valid or false positives:
| C:\Program Files\IBM\WebSphere
Studio\eclipse\plugins\org.eclipse.platform.doc.isv_2.0.0\doc.zip/product_update.htm
infected: [EMAIL PROTECTED]
| C:\Program Files\Rational\Rational
Test\QualityArchitect\j2ee.jar/MimeMappingDialog.class infected:
BAT.Trojan.DeltreeY.ax
| C:\Programs\Java\j2ee\j2sdkee1.3.1\lib\j2ee.jar/ObjectKey.class infected:
IRC-Worm.HIQ.A
| C:\Programs\Java\Sun\AppServer\jdk\jre\lib\rt.jar/CacheEntry.class
infected: Backdoor.SDBot.Gen
| C:\Programs\JBoss\jboss-3.2.3\client\jboss-common-client.jar/XmlHelper.class
infected: BAT.SmogDopper
| C:\Programs\JBoss\jboss-3.2.3\client\jbossall-client.jar/XmlHelper.class
infected: BAT.SmogDopper
| C:\Programs\JBoss\jboss-3.2.3\lib\jboss-common.jar/XmlHelper.class
infected: BAT.SmogDopper
| C:\Programs\Java\J2ee\j2sdkee1.3.1\lib\j2ee.jar/ObjectKey.class infected:
IRC-Worm.HIQ.A
If they are valid, how did they get infected? I don't have untrusted entries in the
Run keys of the registry. The only other files showing virus alerts are countless
emails we all receive and know better than to open (e.g., Skynet via PIF files.) All
indication is that barring the J2EE classes above, my machine is not running a virus.
I was able to visually verify that the product_update.htm alert was a false positive,
unless my eye missed something. I didn't see any scripting in the file.
Has anyone automated the process of verifying the integrity of their Java components?
Do I have to compile to be sure? Even so, how do you know javac is not compromised?
In this case, I'd really like to check the integrity of just the individual classes,
but don't really want to go through the hoops of downloading all the source and
compiling, and I'm not sure that's possible in all cases or realistic.
Even on FreeBSD, where I compiled the JVM, I'm not sure what the best process is for
daily checking the integrity of the classes. I dread recompiling the JVM since it
takes so long, and will require bringing the server down.
Due to Window's lame file security, the possibility of having your Java classes in
various libraries become infected is significantly higher on Windows than
BSD/Linux/Unix OS's. The Windows box I'm concerned about is used for testing and
production backup, though.
Until this is resolved, I'm not running J2EE on this computer. Unfortunately, since
this is a test box, this puts a damper on my application escalation process, delying
production updates
View the original post :
http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3830112#3830112
Reply to the post :
http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3830112
-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-user
