From owner-freebsd-questions  Tue Feb 22 21:41:37 2000
Delivered-To: freebsd-questions@freebsd.org
Received: from rivendell.mel.vet.com.au (rivendell.mel.vet.com.au [203.103.154.61])
	by hub.freebsd.org (Postfix) with ESMTP id 01BD937B937
	for <questions@FreeBSD.ORG>; Tue, 22 Feb 2000 21:41:30 -0800 (PST)
	(envelope-from lodea@vet.com.au)
Received: (from lodea@localhost)
	by rivendell.mel.vet.com.au (8.9.3/8.9.3) id QAA18472;
	Wed, 23 Feb 2000 16:41:21 +1100 (EST)
Date: Wed, 23 Feb 2000 16:41:21 +1100
From: "Lachlan O'Dea" <lodea@vet.com.au>
To: "Ronald G. Arnold Jr." <rarnold@colemantx.com>
Cc: questions@FreeBSD.ORG
Subject: Re: *sigh* Re: Just thought you'd like to know...
Message-ID: <20000223164121.G18242@vet.com.au>
Mail-Followup-To: "Ronald G. Arnold Jr." <rarnold@colemantx.com>,
	questions@FreeBSD.ORG
References: <000801bf7db7$a7502d80$0f646464@david> <20000222211407.N21720@fw.wintelcom.net> <001101bf7dbb$558ca420$8b7b403f@ronaldjr>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.1.4i
In-Reply-To: <001101bf7dbb$558ca420$8b7b403f@ronaldjr>; from rarnold@colemantx.com on Tue, Feb 22, 2000 at 11:03:31PM -0600
X-Operating-System: FreeBSD 3.3-STABLE i386
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Tue, Feb 22, 2000 at 11:03:31PM -0600, Ronald G. Arnold Jr. wrote:
> I somewhat agree with you about NAV, but for some reason, when I had
> Linux and used LILO, it don't give the Bloodhound.MBR warning.

I can see two reasons for that. Either NAV knows the template for a LILO
MBR, or its "Bloodhound" heuristic scanner doesn't think it's a virus.

It seems that the FreeBSD boot manager MBR is not known to NAV, and
there's something about it which is triggering the heuristics. This MBR
actually provides Symantec with a useful real-world sample they could
use to improve their heuristics, if they were so inclined.

-- 
Lachlan O'Dea <mailto:lodea@vet.com.au>   Computer Associates Pty Ltd
Webmaster                                   Vet - Anti-Virus Software
http://www.vet.com.au/

"Try not. Do. Or do not. There is no try." - Yoda, Jedi Master



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message