Results 1 to 7 of 7
  1. #1
    Untangle Ninja
    Join Date
    Jan 2011
    Posts
    1,302

    Default false positive on download from Windows Update

    I was just checking out the stats on a new UT install I did last week for a client, and I saw the virus blocker reported blocking 4 viruses. I went to see what they were, eager to report to the client that the firewall had saved them from a virus already in just the first week.

    lo and behold, I found they were false-positives from Windows Update; it looks like they were trying to download some sort of Excel converter or update. Here are the URL's:
    Code:
    http://download.windowsupdate.com/msdownload/update/software/secu/2011/02/excel_597e2a85104b7c40f9476c881fdb0e3c5e986b6c.cab
    http://download.windowsupdate.com/msdownload/update/software/secu/2011/02/xlconv_0534460886255754833a52aa3c83d1f85813e492.cab
    I downloaded the same cab's just now at home (no untangle here, yet) and MSSE certainly doesn't think they have any virus in them.

    I know occaisional false-positives are a fact of life with any virus scanner. Just a bummer to get one within a week on a new install, when the customer is just getting used to the idea of a magic box between them and the internet.

    I suppose I'll just hope that the next signature update gets rid of the false positive, the windows updates will download properly tomorrow, and no one will ever know the magic box did anything wrong.
    Last edited by johnsonx42; 04-14-2011 at 12:15 AM.

  2. #2
    Untangle Ninja f1assistance's Avatar
    Join Date
    Apr 2009
    Location
    Holly Springs, NC
    Posts
    1,495

    Default Security layers

    Since no AV is 100% effective, I would rather have a false positive as apposed to a false negitive...my reason for the use of UT and its additional security layers.

  3. #3
    Untangle Ninja
    Join Date
    Jan 2011
    Posts
    1,302

    Default

    I wasn't complaining exactly; I was more reporting it and seeing if anyone else had seen the same thing. If I were complaining about the free virus blocker not being perfect, I presume the answer would be that Kaspersky is available for a reason (though I'm sure no one would claim that it is perfect either).

    By the way, where would I find the actual virus detection log?

  4. #4
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    25,095

    Default

    I think that's in /var/log/clamav/clamav.log
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  5. #5
    Untangle Ninja f1assistance's Avatar
    Join Date
    Apr 2009
    Location
    Holly Springs, NC
    Posts
    1,495

    Default

    Quote Originally Posted by johnsonx42 View Post
    I wasn't complaining exactly; I was more reporting it and seeing if anyone else had seen the same thing. If I were complaining about the free virus blocker not being perfect, I presume the answer would be that Kaspersky is available for a reason (though I'm sure no one would claim that it is perfect either).

    By the way, where would I find the actual virus detection log?
    Yeah, I too saw them this morning...

  6. #6
    Untangle Ninja
    Join Date
    Jan 2011
    Posts
    1,302

    Default

    Quote Originally Posted by sky-knight View Post
    I think that's in /var/log/clamav/clamav.log
    the logs in there just show clamav loading and re-loading every hour, I don't see anything about actual scan activity there. there's also the freshclam.log file that shows signature updates.

    I looked around in /var/log and couldn't find anything else that looked likely. it must be here somewhere though.

  7. #7
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    25,095

    Default

    There is some more clamav stuff in /var/log/uvm

    But yeah I don't see anything meaningful in there either. The actual violation logs may only exist in the database.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2