How should I interpret these virus statements by F-Prot

What does it mean when F-prot v6 says that it disinfected 9 out of 11
infected objects? I rescanned and no objects were found.

The following is copied from F-prot's ScanReport.txt

------------------------------------------------------------ ---------
Scan ended: 4/28/2007, 6:05:16 PM
Duration: 0:10:36

Scan result:

Scanned files: 107152
Infected objects: 11
Disinfected objects: 0
Quarantined files: 9
------------------------------------------------------------ ---------

The following two message types are from the Windows ZP Event Viewer

Information ---------------------------------------------
File
E:\Mail\Pmail\NewMail\PVV62QLJ.CNM->email-details.zip->email -details.htm
..exe quarantined

Warning -----------------------------------------------
Found file,
E:\Mail\Pmail\NewMail\PVV62QLJ.CNM->email-details.zip->email -details.htm
..exe, infected with W32/Mytob.NA@mm

------------------------------------------------------------ -------

I think I understand that quarantined means that the file is placed
where it cannot do any harm.

But when F-prot does NOT say quarantined, does that mean it is active
and doing harm? Or what?

I will appreciate any advice,
Stan Hilliard

Re: How should I interpret these virus statements by F-Prot

On Sat, 28 Apr 2007 19:17:47 -0500, Stan Hilliard
wrote:

>What does it mean when F-prot v6 says that it disinfected 9 out of 11
>infected objects? I rescanned and no objects were found.
>
>The following is copied from F-prot's ScanReport.txt
>
>----------------------------------------------------------- ----------
>Scan ended: 4/28/2007, 6:05:16 PM
>Duration: 0:10:36
>
>Scan result:
>
>Scanned files: 107152
>Infected objects: 11
>Disinfected objects: 0
>Quarantined files: 9
>----------------------------------------------------------- ----------


I now understand the two message types below -- F-prot gives two
messages per object -- that the object was found, and that it was
quarantined.

But that doesn't explain why the disinfected objects (0) plus
quarantined objects (9) don't add up to the infected objects (11).

Why is that?

Information will be appreciated,
Stan Hilliard

>The following two message types are from the Windows ZP Event Viewer
>
>Information ---------------------------------------------
>File
>E:\Mail\Pmail\NewMail\PVV62QLJ.CNM->email-details.zip->emai l-details.htm
>.exe quarantined
>
>Warning -----------------------------------------------
>Found file,
>E:\Mail\Pmail\NewMail\PVV62QLJ.CNM->email-details.zip->emai l-details.htm
>.exe, infected with W32/Mytob.NA@mm
>
>----------------------------------------------------------- --------
>
>I think I understand that quarantined means that the file is placed
>where it cannot do any harm.
>
>But when F-prot does NOT say quarantined, does that mean it is active
>and doing harm? Or what?
>
>I will appreciate any advice,
>Stan Hilliard

Re: How should I interpret these virus statements by F-Prot

On Apr 28, 9:28 pm, Stan Hilliard
wrote:
> On Sat, 28 Apr 2007 19:17:47 -0500, Stan Hilliard
>
>
>
>
>
> wrote:
> >What does it mean when F-prot v6 says that it disinfected 9 out of 11
> >infected objects? I rescanned and no objects were found.
>
> >The following is copied from F-prot's ScanReport.txt
>
> >----------------------------------------------------------- ----------
> >Scan ended: 4/28/2007, 6:05:16 PM
> >Duration: 0:10:36
>
> >Scan result:
>
> >Scanned files: 107152
> >Infected objects: 11
> >Disinfected objects: 0
> >Quarantined files: 9
> >----------------------------------------------------------- ----------
>
> I now understand the two message types below -- F-prot gives two
> messages per object -- that the object was found, and that it was
> quarantined.
>
> But that doesn't explain why the disinfected objects (0) plus
> quarantined objects (9) don't add up to the infected objects (11).
>
> Why is that?
>
> Information will be appreciated,
> Stan Hilliard
>
>
>
> >The following two message types are from the Windows ZP Event Viewer
>
> >Information ---------------------------------------------
> >File
> >E:\Mail\Pmail\NewMail\PVV62QLJ.CNM->email-details.zip->emai l-details.htm
> >.exe quarantined
>
> >Warning -----------------------------------------------
> >Found file,
> >E:\Mail\Pmail\NewMail\PVV62QLJ.CNM->email-details.zip->emai l-details.htm
> >.exe, infected with W32/Mytob.NA@mm
>
> >----------------------------------------------------------- --------
>
> >I think I understand that quarantined means that the file is placed
> >where it cannot do any harm.
>
> >But when F-prot does NOT say quarantined, does that mean it is active
> >and doing harm? Or what?
>
> >I will appreciate any advice,
> >Stan Hilliard- Hide quoted text -
>
> - Show quoted text -- Hide quoted text -
>
> - Show quoted text -

It could be that they didn't do anything with the files in question,
did you re-run the AV to see?

either it fixed and didn't notify you, or it didn't fix OR notify
you... seems like a bad dialog box with virtually no useable info....

I use AVG, aVast and CA-EZ all together, and have now for 4 years,
(knock-knock) and have never gotten a virus or a web-script

RedForeman

Re: How should I interpret these virus statements by F-Prot

RedForeman wrote:


> I use AVG, aVast and CA-EZ all together, and have now for 4 years,
> (knock-knock) and have never gotten a virus or a web-script

I never used virus scanner and never got any system infection either. Seem
like your argument has no base whatsoever.

Re: How should I interpret these virus statements by F-Prot

On May 2, 4:30 pm, "Sebastian G." wrote:
> RedForeman wrote:
> > I use AVG, aVast and CA-EZ all together, and have now for 4 years,
> > (knock-knock) and have never gotten a virus or a web-script
>
> I never used virus scanner and never got any system infection either. Seem
> like your argument has no base whatsoever.

You're right... of course...

I have no argument... I have no base... I have no system.... I have
nothing whatsoever...

:-)

Have a great day

Re: How should I interpret these virus statements by F-Prot

RedForeman wrote:

> On May 2, 4:30 pm, "Sebastian G." wrote:
>> RedForeman wrote:
>>> I use AVG, aVast and CA-EZ all together, and have now for 4 years,
>>> (knock-knock) and have never gotten a virus or a web-script
>> I never used virus scanner and never got any system infection either. Seem
>> like your argument has no base whatsoever.
>
> You're right... of course...
>
> I have no argument... I have no base... I have no system.... I have
> nothing whatsoever...


Maybe you didn't get the point, hein? If a system without these exists that
is clean as well, there's no indication whatsoever that your system being
clean (presumably you're competent to make such a judgement) has any
relation to the stated virus scanners. This is even further surported by the
simple technical fact that virus scanners can't protect against viruses.

Re: How should I interpret these virus statements by F-Prot

On May 3, 2:52 pm, "Sebastian G." wrote:
> RedForeman wrote:
> > On May 2, 4:30 pm, "Sebastian G." wrote:
> >> RedForeman wrote:
> >>> I use AVG, aVast and CA-EZ all together, and have now for 4 years,
> >>> (knock-knock) and have never gotten a virus or a web-script
> >> I never used virus scanner and never got any system infection either. Seem
> >> like your argument has no base whatsoever.
>
> > You're right... of course...
>
> > I have no argument... I have no base... I have no system.... I have
> > nothing whatsoever...
>
> Maybe you didn't get the point, hein? If a system without these exists that
> is clean as well, there's no indication whatsoever that your system being
> clean (presumably you're competent to make such a judgement) has any
> relation to the stated virus scanners. This is even further surported by the
> simple technical fact that virus scanners can't protect against viruses.

I got it, I just don't believe it... and don't want to argue about it
because I don't know as much about the subject as you...

Re: How should I interpret these virus statements by F-Prot

RedForeman wrote:


> I got it, I just don't believe it...


Hm... seems you like have a problem with reality.

> and don't want to argue about it because I don't know as much about the

> subject as you...

Well, let me rephrase this: You don't know what a virus scanner works like,
where its limits are and how to use it correctly. Yet you want to use it to
increase the security of your computer system. May I call BULLSHIT?

Re: How should I interpret these virus statements by F-Prot

On May 4, 10:18 am, "Sebastian G." wrote:
> RedForeman wrote:
> > I got it, I just don't believe it...
>
> Hm... seems you like have a problem with reality.
>
> > and don't want to argue about it because I don't know as much about the
>
> > subject as you...
>
> Well, let me rephrase this: You don't know what a virus scanner works like,
> where its limits are and how to use it correctly. Yet you want to use it to
> increase the security of your computer system. May I call BULLSHIT?

I used to love playing that game.... Bulllll shit....

Virus scanners work on signatures... signature based scanners see the
'signature' of the virus in a file, thus reacting to the file's finger-
print on/in the file. right or wrong? and no I didn't google it...
yet...

Ok, a fully patched OS, sitting behind a firewall, with properly setup
ACLs and firewall rules will be as protected from the external world
as a pc with virus scanners, sitting behind the same firewall... that
much I agree.... both machines are protected by inbound rules, access
list, and packet rules.... if the perimeter had AV scanning there,
then you wouldn't need a desktop AV solution...

Well, my web saavy friend likes to get on the web and look at old car
pictures.... one day his friend sent him a link that sent him to a
page that he downloaded... and the rest is history....

Isn't alot of this trivial? We're splitting hairs when it's all said
and done....

The fact remains, security is a state of mind, and is relative to the
situation, the setup, configuration, etc....

Re: How should I interpret these virus statements by F-Prot

RedForeman wrote:

> On May 4, 10:18 am, "Sebastian G." wrote:
>> RedForeman wrote:
>>> I got it, I just don't believe it...
>> Hm... seems you like have a problem with reality.
>>
>>> and don't want to argue about it because I don't know as much about the
>> > subject as you...
>>
>> Well, let me rephrase this: You don't know what a virus scanner works like,
>> where its limits are and how to use it correctly. Yet you want to use it to
>> increase the security of your computer system. May I call BULLSHIT?
>
> I used to love playing that game.... Bulllll shit....
>
> Virus scanners work on signatures... signature based scanners see the
> 'signature' of the virus in a file, thus reacting to the file's finger-
> print on/in the file. right or wrong?


Which has two trivial implications:

- a malware whichs signature is not in the list will slip by
- attack vectors not involving files (f.e. exploiting webbrowsers) can't be
checked either

Thus, in general virus scanners fail and therefore don't protect. They can't
replace safe hex and keeping the system up-to-date and well-configured.

(However, they might be usable as intrusion detection system)

> Ok, a fully patched OS, sitting behind a firewall, with properly setup
> ACLs and firewall rules will be as protected from the external world
> as a pc with virus scanners, sitting behind the same firewall... that
> much I agree.... both machines are protected by inbound rules, access
> list, and packet rules.... if the perimeter had AV scanning there,
> then you wouldn't need a desktop AV solution...


You don't need any virus scanners, especially if a system is protected that
well (according to your description). Heck, it simply won't change anything,
except for possibly creating new security holes.

> Well, my web saavy friend likes to get on the web and look at old car
> pictures.... one day his friend sent him a link that sent him to a
> page that he downloaded... and the rest is history....


Your point being?

> The fact remains, security is a state of mind, and is relative to the
> situation, the setup, configuration, etc....

While I agree with the latter, the first one is bullshit. Security is an
objective property of a system (wrt. to some criteria) and must be well
measurable, calculable and reliable to a certain anything. Just believing in
security ("state of mind") won't change anything.

Re: How should I interpret these virus statements by F-Prot

On May 4, 3:37 pm, "Sebastian G." wrote:
> > Virus scanners work on signatures... signature based scanners see the
> > 'signature' of the virus in a file, thus reacting to the file's finger-
> > print on/in the file. right or wrong?
>
> Which has two trivial implications:
>
> - a malware whichs signature is not in the list will slip by
> - attack vectors not involving files (f.e. exploiting webbrowsers) can't be
> checked either
>
> Thus, in general virus scanners fail and therefore don't protect. They can't
> replace safe hex and keeping the system up-to-date and well-configured.
>
> (However, they might be usable as intrusion detection system)

We could go on and on, and I'm just gonna keep learning stuff from
you.... you gotta problem with that?

> > Ok, a fully patched OS, sitting behind a firewall, with properly setup
> > ACLs and firewall rules will be as protected from the external world
> > as a pc with virus scanners, sitting behind the same firewall... that
> > much I agree.... both machines are protected by inbound rules, access
> > list, and packet rules.... if the perimeter had AV scanning there,
> > then you wouldn't need a desktop AV solution...
>
> You don't need any virus scanners, especially if a system is protected that
> well (according to your description). Heck, it simply won't change anything,
> except for possibly creating new security holes.

Need, want, desire... I'm still running a windows box, so there's the
need for more and more and more.... More software, creating more
holes, resulting in more software to patch the holes made by more
software... it's the total Microsuck cycle....

> > Well, my web saavy friend likes to get on the web and look at old car
> > pictures.... one day his friend sent him a link that sent him to a
> > page that he downloaded... and the rest is history....
>
> Your point being?

I dunno... just some filler....

> > The fact remains, security is a state of mind, and is relative to the
> > situation, the setup, configuration, etc....
>
> While I agree with the latter, the first one is bullshit. Security is an
> objective property of a system (wrt. to some criteria) and must be well
> measurable, calculable and reliable to a certain anything. Just believing in
> security ("state of mind") won't change anything.- Hide quoted text -

and it was... I was just BS'ing because I am not as armed as you are
on this topic...

Curious.... wouldn't happen to be Sebastian Gottschall,
would it?

wrt, huh? I liked open, never tried dd....

Re: How should I interpret these virus statements by F-Prot

RedForeman wrote:

> Need, want, desire... I'm still running a windows box, so there's the
> need for more and more and more.... More software, creating more
> holes, resulting in more software to patch the holes made by more
> software... it's the total Microsuck cycle....


You recognize the fallacy, yet you refuse to draw the conclusion? Maybe I'll
have to do it for you: A system is made more secure by *decreasing* the
system's complexity. This means that you should remove software and
components, and every security software is only worth it if its increase in
security strictly justifies the increased complexity.

Guess why I'm not running Windows Firewall? It's 300 KB usermode privileged
service code + 100 KB kernelmode code. WIPFW is 50 KB usermode + 30 KB
kernelmode code, and is more potent.

> wrt, huh? I liked open, never tried dd....

wrt = with respect to (actually a well-known abbreviation)

Re: How should I interpret these virus statements by F-Prot

On May 7, 11:01 am, "Sebastian G." wrote:
> RedForeman wrote:
> > Need, want, desire... I'm still running a windows box, so there's the
> > need for more and more and more.... More software, creating more
> > holes, resulting in more software to patch the holes made by more
> > software... it's the total Microsuck cycle....
>
> You recognize the fallacy, yet you refuse to draw the conclusion? Maybe I'll
> have to do it for you: A system is made more secure by *decreasing* the
> system's complexity. This means that you should remove software and
> components, and every security software is only worth it if its increase in
> security strictly justifies the increased complexity.

If it were a snake it woulda bit me... yes, I saw the trees, but not
the forest...

> Guess why I'm not running Windows Firewall? It's 300 KB usermode privileged
> service code + 100 KB kernelmode code. WIPFW is 50 KB usermode + 30 KB
> kernelmode code, and is more potent.

I'll try that.... r u running the stable, current, or experimental
version?

> > wrt, huh? I liked open, never tried dd....
>
> wrt = with respect to (actually a well-known abbreviation)

Didn't know that... man... the more we converse...

so I take that (lack of an answer) as a yes?

RedForeman

Re: How should I interpret these virus statements by F-Prot

RedForeman wrote:

>> [wipfw]
> I'll try that.... r u running the stable, current, or experimental
> version?


There are very few software packages where running anything but the most
recent stable/release version is would be a sound advice. After all, do you
want to work on a stable system or experiment around with the integrity of
your data?

Re: How should I interpret these virus statements by F-Prot

On May 7, 12:40 pm, "Sebastian G." wrote:
> RedForeman wrote:
> >> [wipfw]
> > I'll try that.... r u running the stable, current, or experimental
> > version?
>
> There are very few software packages where running anything but the most
> recent stable/release version is would be a sound advice. After all, do you
> want to work on a stable system or experiment around with the integrity of
> your data?

True, but I rarely 'rollout' to my own machine.... it's invariably one
of the 'other' boxes...

I'll have to play with wipfw.conf some more, but it seems basic
enough...

RedForeman