Koozali.org: home of the SME Server
Legacy Forums => General Discussion (Legacy) => Topic started by: Brenno on January 09, 2004, 02:50:23 PM
-
Hello all,
My RAV scan report this morning detected the following:
/home/e-smith/files/users/admin/home/backup2ws/wrar310.exe->(RARSfx)->Default.SFX->(UPXW) Infected: Backdoor:Win32/BBD.A.Drop
What's going on here? How could this file have become infected? It's not in a publicly accessible area of the server and my SME 5.6 box runs in server-only mode inside our network, primarily as a mail server and small intranet server.
Doing a Google for "Win32/BBD.A.Drop" yeilded no results.
Anybody else had this and know a) how did this happen and b) how do I clean it?
Thanks in advance for your assistance!
[%sig%]
-
This was mentioned previously. Try using a different virus scanner, I never found any virus in that file.
Regs
Ray
-
I have the same on my server & it also reports it on a Nero install file. I have mailed RAV support & they are investigating. Support are still very responsive BTW.
I'm sure it's a false positive as it only started happening after the Friday RAV update & those files have been on the server for months.
[%sig%]
-
Nick,
Please let me know what RAV support says. I agree with your observation about the files being there for months prior to them being listed as infected, although I wasn't as observant about the exact update that triggered the false positive.
Thanks!
-
Got an email from them early evening saying the problem had been found & fixed. Sure enough, no virus report this morning.
Not a bad turnaround - less than 8 hours.
[%sig%]