Wireshark-users: Re: [Wireshark-users] Barracuda false positive?

From: Gerald Combs <gerald@xxxxxxxxxxxxx>
Date: Tue, 17 Apr 2007 16:40:13 -0700
...so what happens when a malware writer decides to name one of his or
her products "msvcr80.dll"?

I've posted a question on Barracuda's support forum.  It's pending approval.

Ionreflex wrote:
> Better now than never! Since there was no feedback, I though I could
> confirm that the Barracuda Web Filter appliance detects the stated
> infection since version 0.99.2 up to 0.99.5...
> 
> 
> *From*: Gerald Combs <gerald@xxxxxxxxxxxxx <mailto:[email protected]>>
> *Date*: Tue, 03 Oct 2006 09:11:17 -0700
> 
> I received a message from a user that the Barracuda spam/virus firewall
> has detected the ILookup.Sbus worm in the Wireshark 0.99.2 release.
> This appears to a false positive -- the worm comes in a file named
> "sbus.dll", which is the same name used by Wireshark's S-Bus plugin.
> 
> Are there any Barracuda users on the list that can verify this?
> 
> 
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Wireshark-users mailing list
> Wireshark-users@xxxxxxxxxxxxx
> http://www.wireshark.org/mailman/listinfo/wireshark-users