False positives, requests
|
Logged in as: Guest
|
|
Users viewing this topic:
none
|
|
Login  | |
|
False positives, requests - 6.Nov.2009 12:36:16 PM
|
|
|
spongecat
Posts: 3
Joined: 6.Nov.2009
Status: offline
|
I'll start with false positives.
On linux host openssl, version 0.9.8k is being detected as vulnerable. I get a suggestion that latest secure version is 0.9.8d.
Languard detects open ports but does not detect all running services so it suggest it might be a trojan. It fails to detect apache, squid and webmin on standard ports.
On windows machines seamonkey 2.0 is detected as version earlier than 1.1.5 and in return vulnerable. Antivirus application (eset nod32) is detected properly, however it doesn't detect management server running on port 2222 and it claims that port is possibly open by trojan.
As for the requests, is it possible to specify logon credentials for unix machines and separate credentials for su and sudo. Most unix configurations prevent remote root logins and some have root account disabled. Also, is it possible to change windows administrative shares classification based on ip adresses. For lan ips it would probably belong in information, as most likely these shares are enabled by admins.
|
|
|
|
|
RE: False positives, requests - 9.Nov.2009 8:08:48 AM
|
|
|
DrewE
Posts: 1058
Joined: 28.Apr.2008
From: Cary, NC
Status: offline
|
The first thing I'd like to ensure is that you DISABLE the AntiVirus application on the GFI Languard machine and try another scan - Does anything change?
Also, these steps - http://kbase.gfi.com/showarticle.asp?id=KBID002722 - Will help you create a certificate for using SSH to login to the server and perform the necessary scanning steps. These certificates are typically considered more secure than regular passwords.
_____________________________
Drew Easley - Technical Support Representative
GFI Software - www.gfi.com
|
|
|
|
|
RE: False positives, requests - 9.Nov.2009 12:45:53 PM
|
|
|
spongecat
Posts: 3
Joined: 6.Nov.2009
Status: offline
|
No luck with antivirus disabled. I even modified scripts responsible for detection of openssl and seamonkey and still I get insecure application warnings.
|
|
|
|
|
RE: False positives, requests - 9.Nov.2009 1:06:35 PM
|
|
|
DrewE
Posts: 1058
Joined: 28.Apr.2008
From: Cary, NC
Status: offline
|
Can you contact us at http://support.gfi.com/Support/support.aspx?lcode=en so we can best assist you with this trouble?
_____________________________
Drew Easley - Technical Support Representative
GFI Software - www.gfi.com
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
|
Printable Version
