Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: CA Apologizes for False Positive - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
CA Apologizes for False Positive

One of our readers, Melvin, was kind enough to send us a heads up on an issue with CA DAT files.   The site refers to a "false positive" detection for Win32/Amalum for detections via Microsoft Windows Service Pack 3 and commercial application, Cygwin.  The files are quarantined and the file is appended with the extension "*.AVB".  The files will still be intact and organizations running ISS should restore files from the GUI.  For those using ITM, a search tool is available from CA support upon request. 

Please update your signatures to DAT 6606 to ensure protection from the false positive.  Here is a link to the CA statement. 

Mari Nichols

iMarSolutions.com

Mari Nichols

76 Posts

Sign Up for Free or Log In to start participating in the conversation!