On Thu, Sep 04, 2003 at 05:28:46PM -0400, George Theall wrote: > By the way, it might be nicer to incorporate this into smb_virii.nasl. Here's > a patch that does just that: ... > +exp[i] = "%System%\wins\svchost.exe";
I just realized this should be all lower-case since check_reg()
compares it to a lower-cased return value.
And while we're talking about smb_virii.nasl, there are a couple of
other bugs I see:
o The check for [EMAIL PROTECTED] should also always fail, for
the same reason.
o The key used to check for CodeRed should start with "SYSTEM\".
And reading the URL in the comment it would appear that
the values for item and exp are incorrect.
Does anyone have access to machines infected with these viruses so that
they could test the plugin?
George
--
[EMAIL PROTECTED]
pgp00000.pgp
Description: PGP signature
