Posted by Virus Bulletin on Oct 24, 2002
F-Prot users relying on the on-access protection against W32/Nimda.A are safe
In the June 2002 comparative review of anti-virus products for Windows XP (see VB, June 2002, p.19), we stated that W32/Nimda.A samples were missed by F-Prot 3.12 'due to extension issues In the Wild on access.' The files in question were the EML files dropped by Nimda. VB's documented testing procedure involves the opening/closing of tested files and, for practical reasons, does not include the execution of any malicious code. In the vast majority of cases such methods are sufficient to trigger a reaction from tested products. However, it has been drawn to our attention that the on-access protection implemented in F-Prot purposely ignores the opening of an EML file as a non-threat event (treating such a file as a container) - yet, if an infected EML message is accessed in the real world (an attempt made to execute its contents), the product will detect and block the execution of the malicious code. We have tested the claim and are happy to report that, although the product did not detect Nimda's EML files, F-Prot users relying on the on-access protection against W32/Nimda.A are safe
Posted on 24 October 2002 by Virus Bulletin
