RE:New Version of Retina Nimba Scanner

Sun, 23 Sep 2001 16:48:40 -0700 

Got a single sort of false positive. The scanner found a system that it flagged as 
infected. While it did have an open share, it did not have Nimba. However, it did have 
W32.QAZ. The machine was only used in our QA lab as a dedicated sniffer for testing 
network apps. No idea how it got infected, but naturally we're glad to have found it.

---Matthew

*********** REPLY SEPARATOR  ***********

On 9/21/2001 at 10:13 AM John Stauffacher wrote:

>All,
>
>I just ran this scanner and am picking up more false positives than real
>infections. Not only did it pick up all my Macs (they arent even running
>Dave or have any SMB shares), it picked up my indigo and my Snap Server
>(tell me how a snap server gets infected by this?). I realize that
>diagnosing these things is a shot in the dark - but, telling me "open
>guest share" when the machine is not sharing anything (or even listening
>on 139) is kinda a mis-nomer an a cause for panic (130 "infected" out of
>253 possible)...anyone else seen this kind of false positive from the
>scanner?
>
>-John Stauffacher
>
>+-------------------------+
>! John Stauffacher        !
>! Network Administrator   !
>! Chapman University      !
>! [EMAIL PROTECTED] !
>+-------------------------+
>
>>
>Date: Thu, 20 Sep 2001 17:31:06 -0700
>From: info <[EMAIL PROTECTED]>
>To: [EMAIL PROTECTED], [EMAIL PROTECTED]
>Subject: New Version of Retina Nimba Scanner
>
>A new version of Nimda Scanner has just been posted to the eEye web site
>that will also detect open shares on systems which is a common trait of an
>infection.
>
>http://www.eeye.com/html/Research/Tools/nimda.html
>
>Signed,
>eEye Digital Security
>T.949.349.9062
>F.949.349.9538
>
>
>
>----------------------------------------------------------------------------
>This list is provided by the SecurityFocus ARIS analyzer service.
>For more information on this free incident handling, management
>and tracking system please see: http://aris.securityfocus.com
>
>
>
>
>----------------------------------------------------------------------------
>This list is provided by the SecurityFocus ARIS analyzer service.
>For more information on this free incident handling, management
>and tracking system please see: http://aris.securityfocus.com

Reply via email to