RE: New Version of Retina Nimba Scanner

Sun, 23 Sep 2001 16:52:34 -0700 

Hi John,

I've also been receiving a few false/positives; as well as the scan is missing some 
infected devices that our AV is picking up. One of the devices that states 'open guest 
share' - infected is clean; well, per the AV program.

Teresa A. Regalia
Information Security Analyst
UCSF Information Technology Services
Telephone: 415.502.1567
Mailto:[EMAIL PROTECTED]
http://isecurity.ucsf.edu


-----Original Message-----
From: John Stauffacher [mailto:[EMAIL PROTECTED]]
Sent: Friday, September 21, 2001 10:13 AM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: RE:New Version of Retina Nimba Scanner


All,

I just ran this scanner and am picking up more false positives than real
infections. Not only did it pick up all my Macs (they arent even running
Dave or have any SMB shares), it picked up my indigo and my Snap Server
(tell me how a snap server gets infected by this?). I realize that
diagnosing these things is a shot in the dark - but, telling me "open
guest share" when the machine is not sharing anything (or even listening
on 139) is kinda a mis-nomer an a cause for panic (130 "infected" out of
253 possible)...anyone else seen this kind of false positive from the
scanner?

-John Stauffacher

+-------------------------+
! John Stauffacher        !
! Network Administrator   !
! Chapman University      !
! [EMAIL PROTECTED] !
+-------------------------+

>
Date: Thu, 20 Sep 2001 17:31:06 -0700
From: info <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: New Version of Retina Nimba Scanner

A new version of Nimda Scanner has just been posted to the eEye web site
that will also detect open shares on systems which is a common trait of an
infection.

http://www.eeye.com/html/Research/Tools/nimda.html

Signed,
eEye Digital Security
T.949.349.9062
F.949.349.9538



----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com




----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Reply via email to