Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: Bad Symantec Virus Defintions Update SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Bad Symantec Virus Defintions Update

We had a report earlier today about problems with non-malicious PDF files getting flagged by the Symantec AntiVirus 10 and Symantec Endpoint Protection 11 products.  The March 26, 2007 rev 7 definitions appear to be the cause of the issue.  The PDF files were getting flagged as Bloodhound.PDF.6 based on hueristics detection.

There is also a thread about this issue on Symantec's forum today.

If you upgrade your signatures to revision 67 or later, or use the Rapid Release definitions whose sequence number is 93430 or higher, the problem appears to have been resolved.

 

David

78 Posts

Sign Up for Free or Log In to start participating in the conversation!