Bloodhound.Exploit.45

[Adam Piggott]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Thanks Ian, I would submit the suspect emf files but they get locked by
word while the doc is open and cleaned up when it is closed. I would
submit my word document but it is a commercially sensitve specification
that I am working on and I am not really able to distribute it....

I have created a test document with the realtime protection turned off
that causes the virus alert with real time turned on. I will forward
this and see what feedback I get.

Problems with Bloodhound.Exploit.45 pattern in Symantec AV (NEW)
http://isc.sans.org/diary.php?date=2005-11-10

Sounds like Symantec's Bloodhound has gone a bit rabid ;-)
- --
Adam Piggott, Proprietor, Proactive Services (Computing).
http://www.proactiveservices.co.uk/

Please replace dot invalid with dot uk to email me.
Apply personally for PGP public key.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)

iD8DBQFDcyqi7uRVdtPsXDkRAlAWAKCGnivCYunuP3oV4lcJIaGpMvXxXwCgofK6
GPbLeC7VRTN2ikDePvzf8sI=
=Ytfy
-----END PGP SIGNATURE-----

 

[David H. Lipman]

From: "Adam Piggott" <[email protected]>


| Problems with Bloodhound.Exploit.45 pattern in Symantec AV (NEW)
| http://isc.sans.org/diary.php?date=2005-11-10
|
| Sounds like Symantec's Bloodhound has gone a bit rabid ;-)


Well stated ;-)

 

[Adam Piggott]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

From: "Adam Piggott" <[email protected]>


| Problems with Bloodhound.Exploit.45 pattern in Symantec AV (NEW)
| http://isc.sans.org/diary.php?date=2005-11-10
|
| Sounds like Symantec's Bloodhound has gone a bit rabid ;-)


Well stated ;-)

Irony is I've found it to be in a deep slumber when it comes to detecting
intruders. Typical that it would wake up and bite the postman. NOD32 once
my subscription is up!

- --
Adam Piggott, Proprietor, Proactive Services (Computing).
http://www.proactiveservices.co.uk/

Please replace dot invalid with dot uk to email me.
Apply personally for PGP public key.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)

iD8DBQFDc2y+7uRVdtPsXDkRAr+kAJ41gukn3tkjD8FF4gqoYWOOYBw7xQCeK5AL
9na0iEHGdkvIflZMcmYKSx4=
=fKMR
-----END PGP SIGNATURE-----

 

[Ian Kenefick]

Ok I tried that and it works fine. I had only come across the concept
of heuristics in research methods and didn't realise it had meaning in
AntiVirus circles. Thanks for everyones help and suggestions.

You're very welcome. I'm glad I was able to help.