Have you a FP from this page ?

Discussion in 'other anti-virus software' started by Mack Jones, Jul 3, 2006.

Thread Status:
Not open for further replies.
  1. mrtwolman

    mrtwolman Eset Staff Account

    Joined:
    Dec 5, 2002
    Posts:
    613
    To add my point of view: anyone who can cut and paste can save it and eventually execute.... That why we detect it. Even it the source code of the page creates displayed worm code using escape characters.
     
    Last edited: Jul 7, 2006
  2. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    Well I just installed Bit Defender Pro 9 and it does NOT detect anything there. Four top AV do not detect anything there: KAV 2006, F-Prot 6.0.4.1, McAfee VirusScan Enterprise, 8.5i Beta II and Bit Defender Pro 9.5.

    I don't believe there is anything there that is dangerous.
     
  3. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    8,213
    Location:
    The land of no identity :D
    Have you set the BitDefender RTM to report incomplete virus bodies?

    Interestingly, Virus Chaser found this file as 'suspicious' but did not alert me about it. Instead, it simply ignored it (heuristic detections are not reported by VC yet).
     
  4. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    I don't see how to set the Real Time scanner to report "incomplete virus bodies". I see the setting (which is checked) to do that for the on demand scanner.
     
  5. Schouw

    Schouw AV Expert

    Joined:
    Jan 4, 2004
    Posts:
    29
    Location:
    Netherlands
    Yes, there is malware code, but in this form it poses no threat.

    AV experts still debate about this issue.

    Imo this is one of the cases where there's no false positive and no false negative. :)

    I don't think any AVendor will add detection for this, nor will there be AVendors who will remove detection. :)
     
  6. StevieO

    StevieO Registered Member

    Joined:
    Feb 2, 2006
    Posts:
    1,067
    The http posted appears to be wrong, and didn't work for me anway. I changed it to hxxp://www.bellamyjc.org/fr/iloveyou.html without the xx's of course, and got there.

    http://img143.imageshack.us/img143/7696/v115in.png

    As you can see BitDefender does detect and block it. I'm using the latest version BD 9.5 standard.

    That websites analysis of iloveyou and with AV alerting code in the page, is very similar to another one i seem to remember from a while back. I'm sure that page was in English though, and the owner responded to questions about in a thread on here !


    StevieO
     
  7. RejZoR

    RejZoR Lurker

    Joined:
    May 31, 2004
    Posts:
    6,426
  8. Inspector Clouseau

    Inspector Clouseau AV Expert

    Joined:
    Apr 2, 2006
    Posts:
    1,329
    Location:
    Maidenhead, UK
    As Schouw KL stated already - that is basically a "drawn" :D
    It is NOT a malicious website from the point that something could execute, but it contains well know script parts from the worm. Now the thing is that .HTML files basically are belonging into the AV "Script-Type". Loveletter to.
    That means the "matching filetype" condition is even fulfilled :rolleyes: It would be worse if someone finds a Windows Executable FileInfector in a HTML file... :D

    However, i ALWAYS adviced to such guys which are trying to explain how Viruses are working NOT TO QUOTE OR PASTE directly source code into HTML files, because this always might lead to false positives. Instead of this a black and white PNG picture with the code is ABSOLUTELY SAFE regarding false positives of text based detections.

    Mike
     
  9. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    I don't see any proof of BD detecting it from you.

    BD 9.5 Pro does NOT detect it on my computer. I can't upload a screen shot as Gadwin Print Screen makes it a bit too large for here....isn't it about time this site allow larger screen shots? :(
     
  10. RejZoR

    RejZoR Lurker

    Joined:
    May 31, 2004
    Posts:
    6,426
    Or if you just start using Alt+Prt Scrn :p Or maybe resizing. Or even thumbnails. Countless possibilities :p
     
  11. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    That is an excellent idea. Although I wouldn't suggest PNG but JPEG....much nicer pic.
     
  12. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    See....it is not worth the hassle. I should not have to go through hoops to post a screen shot here. Gadwin Print Screen does it in one fell swoop. I don't have to jump through hoops on ANY website except this one and this one has enough members now to change the stupid policy...charge us for membership if necessary.

    Who could read a thumbnail? And if you resize then it is too small to read. I can't read a lot of what is posted here.

    PLEASE JUST CHARGE A MEMBERSHIP FEE SO WE CAN POST DECENTLY.
     
  13. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    I'm not sure what your definition of "larger screen shots" is....but as of a month ago a conversion was made and images uploaded will be dropped in display size to 800 pixels, either in width of height or whichever is larger on the image....which should be more than adequate to retain good quality. Attachments smaller than 800 pixels, will display in real size.

    Having said that and realizing I am just as guilty for taking this thread OT with the above explanation....I will ask that we continue with the actual thread topic matter and those having a problem with our "stupid policy" simply continue their concerns by creating a thread in our General Topics Forum where we discuss forum related issues.

    Edit
    OT posts removed concerning attachments.

    While I understand certain posters may have missed my request....I'll ask again that We keep to the thread topic matter and continue the attachment discussion in a more appropriate forum.

    Thanks,
    Bubba
     
    Last edited: Jul 6, 2006
  14. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    8,213
    Location:
    The land of no identity :D
    I'm sorry Mele, I was telling you from memory rather then actually looking at BD and finding out.

    While this would certainly be a nice thing, several people like to test their AVs with real malware instead of the EICAR test file. I guess the code is copy-pasted so that such people can directly put this code in a Visual Basic Runtime Compiler and test it out.

    ~snip....'removed possibly off-topic remark'....Bubba~

    @Inspector Clouseau: :D :D
     
    Last edited by a moderator: Jul 6, 2006
  15. StevieO

    StevieO Registered Member

    Joined:
    Feb 2, 2006
    Posts:
    1,067
    Mele20, i don't whether your remark was pointed towards me, but if it was i can guarantee you that my BD definately detected what it did on that website !

    ~snip....removed off-topic remark....Bubba~


    StevieO
     
    Last edited by a moderator: Jul 6, 2006
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.