Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Bad Symantec Virus Defintions Update - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Bad Symantec Virus Defintions Update

We had a report earlier today about problems with non-malicious PDF files getting flagged by the Symantec AntiVirus 10 and Symantec Endpoint Protection 11 products.  The March 26, 2007 rev 7 definitions appear to be the cause of the issue.  The PDF files were getting flagged as Bloodhound.PDF.6 based on hueristics detection.

There is also a thread about this issue on Symantec's forum today.

If you upgrade your signatures to revision 67 or later, or use the Rapid Release definitions whose sequence number is 93430 or higher, the problem appears to have been resolved.

 

David

78 Posts

Sign Up for Free or Log In to start participating in the conversation!