0 Replies Latest reply on Jan 3, 2008 6:58 AM by HarryWaldron

    McAfee DAT 5197 - Creating JS/Exploit False Positives

      A "false positive" is where legitmate programs are detected as a virus. Virus signature strings are only dozens of characters long and sometimes a legitimate script or executable might have code closely resembling the virus somewhere within the larger file itself. DAT 5198 was released promptly by AVERT Labs to correct this issue. Most everyone should have updated to 5198 automatically. If anyone is on DAT 5197, they should move to this corrected DAT. Please use the HELP / ABOUT on the Shield or background scanner to find out which version you are using.

      McAfee DAT 5197 - Creating JS/Exploit False Positives
      http://isc.sans.org/diary.html?storyid=3803

      QUOTE: Some users reported that their AV was detecting JS/Exploit-BO virus, on sites like ESPN and Friendster, for instance. The problem is with the McAfee AV. McAfee just released an Emergency DAT to fix the false on some JavaScripts, detecting as JS/Exploit-BO on virus database (DAT file) 5197 released today.