...so what happens when a malware writer decides to name one of his or
her products "msvcr80.dll"?
I've posted a question on Barracuda's support forum. It's pending approval.
Ionreflex wrote:
> Better now than never! Since there was no feedback, I though I could
> confirm that the Barracuda Web Filter appliance detects the stated
> infection since version 0.99.2 up to 0.99.5...
>
>
> *From*: Gerald Combs <gerald@xxxxxxxxxxxxx <mailto:[email protected]>>
> *Date*: Tue, 03 Oct 2006 09:11:17 -0700
>
> I received a message from a user that the Barracuda spam/virus firewall
> has detected the ILookup.Sbus worm in the Wireshark 0.99.2 release.
> This appears to a false positive -- the worm comes in a file named
> "sbus.dll", which is the same name used by Wireshark's S-Bus plugin.
>
> Are there any Barracuda users on the list that can verify this?
>
>
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Wireshark-users mailing list
> Wireshark-users@xxxxxxxxxxxxx
> http://www.wireshark.org/mailman/listinfo/wireshark-users