On Wed, Jan 21, 2004 at 05:03:11PM -0500, Thomas Reinke wrote:
> The recent bagle_remover.nasl script sets a somewhat dangerous
> precedent, IMHO, of crossing the line from vulnerability detection
> to remediation. Not to mention that you are trusting the bagle
> remover script to do its own removal cleanly. There are a number
> of reasons why this is bad, not the least of which is that I
> personally would not trust a virus to remove itself cleanly to
> begin with. It is by definition, after all, untrusted code.
I raised the description level to security hole, and put the script in the
DANGEROUS family.
However I don't really see what the issue is - the remote host is
infected by a virus which has a backdoor listening on it. You have the
choice of either:
- Disabling that virus and notify the owner of the machine
or
- Notify the owner and let the virus spread itself
-- Renaud
_______________________________________________
Nessus mailing list
[EMAIL PROTECTED]
http://mail.nessus.org/mailman/listinfo/nessus
