You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Michael Duffy <du...@yahoo.com> on 2004/09/27 22:46:47 UTC
Norton AntiVirus and False Positives In Tomcat
I have Tomcat 4.0.6 installed on a Windows 2000 server
in our data center.
One of the corp IT server admins just called to tell
me that the server is "riddled" with viruses,
according to Norton Antivirus. One of the bugged
files is TOMCAT_HOME/webapps/ROOT/index.html, which is
dated 8-Oct-2002. There doesn't appear to be anything
odd in this file when I look at it in either a text or
hex editor.
Google brings back a lot of information about "false
positives" from Norton and McAfee when I search.
The server is behind two firewalls. It's part of our
intranet, and not visible to the outside world. It
has access to the Internet, so it could have things
downloaded to it. I don't have an ID on it myself; I
don't know who does besides the admins. I put WAR
files on a share to deploy them, but otherwise I have
no access to the machine.
Has anybody else had this experience, and what can I
do about this? I don't want our corp IT folks to ban
Java and Tomcat. What recourse do I have here? Any
advice?
Thanks - MOD
__________________________________
Do you Yahoo!?
New and Improved Yahoo! Mail - 100MB free storage!
http://promotions.yahoo.com/new_mail
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: Norton AntiVirus and False Positives In Tomcat
Posted by Joel <re...@ddcom.co.jp>.
> > Sounds like NAV may have returned some false
> > positives. The only
> > "virus-like" content I would expect inside a plain
> > HTML doc would be
> > rogue JavaScript.
>
> Indeed. I looked at the HTML page myself - it's
> unaltered, and there's nothing rogue in there that I
> can see.
Links with strange urls?
> > Perhaps you could point your admin to the web
> > resources you found, those
> > concerning false positives from NAV?
>
> I agree - I already sent the link yesterday afternoon.
>
> > This could become a sticky issue of corporate
> > politics, depending on
> > your organization's structure. You may have to get
> > your management to
> > talk to the admin's management.
> >
> > -QM
>
> You're right on there. This could be very sticky and
> uncomfortable. I'm not sure how receptive corp will
> be.
>
> Thanks - MOD
For a little smoke screen, you might even mention the recent jpeg
vulnerabilities and the issues Norton seems to be having seeing those.
Might even create enough reverse heat to motivate a move to *nix.
--
Joel <re...@ddcom.co.jp>
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: Norton AntiVirus and False Positives In Tomcat
Posted by Michael Duffy <du...@yahoo.com>.
> Sounds like NAV may have returned some false
> positives. The only
> "virus-like" content I would expect inside a plain
> HTML doc would be
> rogue JavaScript.
Indeed. I looked at the HTML page myself - it's
unaltered, and there's nothing rogue in there that I
can see.
>
> Perhaps you could point your admin to the web
> resources you found, those
> concerning false positives from NAV?
I agree - I already sent the link yesterday afternoon.
> This could become a sticky issue of corporate
> politics, depending on
> your organization's structure. You may have to get
> your management to
> talk to the admin's management.
>
> -QM
You're right on there. This could be very sticky and
uncomfortable. I'm not sure how receptive corp will
be.
Thanks - MOD
__________________________________
Do you Yahoo!?
New and Improved Yahoo! Mail - Send 10MB messages!
http://promotions.yahoo.com/new_mail
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
RE: Norton AntiVirus and False Positives In Tomcat
Posted by John Najarian <j-...@earthlink.net>.
I assume you are using the version of Norton that isn't
an 'Enterprise' solution.
Norton will do this to some of the files Tomcat installs
as well as the JavaScript files.
We got around this by having the Anti Virus software run
on a different server routing traffic. Also, we've found
McAfee is better to run for JSP/Servlet containers & App
Servers than Norton.
Not a bash on Norton, I love it for home use.
-----Original Message-----
From: QM [mailto:qm300@brandxdev.net]
Sent: Monday, September 27, 2004 1:54 PM
To: Tomcat Users List
Subject: Re: Norton AntiVirus and False Positives In Tomcat
On Mon, Sep 27, 2004 at 01:46:47PM -0700, Michael Duffy wrote:
: One of the corp IT server admins just called to tell
: me that the server is "riddled" with viruses,
: according to Norton Antivirus. One of the bugged
: files is TOMCAT_HOME/webapps/ROOT/index.html, which is
: dated 8-Oct-2002. There doesn't appear to be anything
: odd in this file when I look at it in either a text or
: hex editor.
Sounds like NAV may have returned some false positives. The only
"virus-like" content I would expect inside a plain HTML doc would be
rogue JavaScript.
Perhaps you could point your admin to the web resources you found, those
concerning false positives from NAV?
This could become a sticky issue of corporate politics, depending on
your organization's structure. You may have to get your management to
talk to the admin's management.
-QM
--
software -- http://www.brandxdev.net
tech news -- http://www.RoarNetworX.com
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: Norton AntiVirus and False Positives In Tomcat
Posted by QM <qm...@brandxdev.net>.
On Mon, Sep 27, 2004 at 01:46:47PM -0700, Michael Duffy wrote:
: One of the corp IT server admins just called to tell
: me that the server is "riddled" with viruses,
: according to Norton Antivirus. One of the bugged
: files is TOMCAT_HOME/webapps/ROOT/index.html, which is
: dated 8-Oct-2002. There doesn't appear to be anything
: odd in this file when I look at it in either a text or
: hex editor.
Sounds like NAV may have returned some false positives. The only
"virus-like" content I would expect inside a plain HTML doc would be
rogue JavaScript.
Perhaps you could point your admin to the web resources you found, those
concerning false positives from NAV?
This could become a sticky issue of corporate politics, depending on
your organization's structure. You may have to get your management to
talk to the admin's management.
-QM
--
software -- http://www.brandxdev.net
tech news -- http://www.RoarNetworX.com
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org