So, the scan pinpoint again to sbus.dll as a ILookup.Sbus threat; I already had the file scanned by VirusTotal online solution, and the file is as clean as a surgeon before an operation!
Gerald, since you already have a case open with Barracuda Networks, I'm gonna personally post you everything I have regarding that issue; I don't think harass them in double would be wise. I have double check everything, shouldn't be any dark spot left... Keep on sniffing :o) 2007/4/19, Ionreflex <[EMAIL PROTECTED]>:
Well, I printed the report (should've kept a digital one!) and the spyware scantool from the Web-Filter appliance is clearly stating otherwise! I'm gonna rescan my laptop tonight, and post a follow-up tomorrow... Ion 2007/4/19, Gerald Combs <[EMAIL PROTECTED]>: > > I received a response about the false positive issue. According to > Barracuda, it shouldn't be possible. > > Their response follows: > -------- > Gerald, > > We investigated your claim and found that our Web Filter could not be > blocking the dll as described. Please see the attached explanation from > one of our Spyware engineers. > > We appreciate your feedback and please feel free to contact me directly > if you have any additional questions. > > > Thanks, > > Sean > > -- > Sean Heiney > Product Manager > Barracuda Networks, Inc. > www.barracuda.com > Office: +x.xxx.xxx.xxxx > xxxxxxx (at) barracuda.com > > -----Original Message----- > From: Dave Michmerhuizen > Sent: Wednesday, April 18, 2007 4:03 PM > > Subject: RE: wireshark > > wireshark is the successor to ethereal. > > We don't have an sbus.dll in our spyware database. > > In any case, we don't match on file names - we match on MD5 hashes of > files. > > Our definition for Adware.Toolbar.ILookup.Sbus has no associated files. > It only triggers on outboud traffic to toolbar.searchbus.com. > > If the customer is seeing a block message (ie, a message in their > browser) with Adware.Toolbar.ILookup.Sbus on it, that would be... odd, > unless they were navigating to that url. > > If the customer is seeing infection activity in their WebFilter UI - > that is not file related. The WebFilter only cares about traffic. An > entry on the infection activity tab that reads > Adware.Toolbar.ILookup.Sbus should be the result of outbound traffic to > toolbar.searchbus.com. If there is doubt about that I can usually > verify it by looking at the WebFilter through the support tunnel. It's > best to coordinate something like that with someone on the WebFilter > support team. > > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED] > Sent: Tuesday, April 17, 2007 4:45 PM > > The message has been included below. > > Username of poster: Gerald Combs > ---------------------------- > Message Subject: Wireshark sbus.dll false positive? > > I've received a couple of reports from users that the Barracuda Web > Filter has been triggering a false positives for each release of > [url= http://www.wireshark.org/]Wireshark[/url<http://www.wireshark.org/%5DWireshark%5B/url>]. Wireshark's > S-Bus > plugin is named "sbus.dll", and the Web Filter apparently thinks this is > the ILookup.Sbus worm. One such report can be found here: > [url]http://www.wireshark.org/lists/wireshark-users/200704/msg00112.html > [/url] > > Can someone at Barracuda confirm and fix this? > > > ---------------------------------- > Barracuda Networks makes the best spam firewalls and web filters. > www.barracuda.com > _______________________________________________ > Wireshark-users mailing list > [email protected] > http://www.wireshark.org/mailman/listinfo/wireshark-users >
_______________________________________________ Wireshark-users mailing list [email protected] http://www.wireshark.org/mailman/listinfo/wireshark-users
