Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Bad Symantec Virus Defintions Update SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Bad Symantec Virus Defintions Update

We had a report earlier today about problems with non-malicious PDF files getting flagged by the Symantec AntiVirus 10 and Symantec Endpoint Protection 11 products.  The March 26, 2007 rev 7 definitions appear to be the cause of the issue.  The PDF files were getting flagged as Bloodhound.PDF.6 based on hueristics detection.

There is also a thread about this issue on Symantec's forum today.

If you upgrade your signatures to revision 67 or later, or use the Rapid Release definitions whose sequence number is 93430 or higher, the problem appears to have been resolved.

 

David

78 Posts

Sign Up for Free or Log In to start participating in the conversation!