Norton Antivirus and *.LK , *.OV files (AREV Specific)
At 05 APR 1999 02:29:02PM Bob Feinberg wrote:
Hello,
I am trying to sell the idea of excluding *.LK and *.OV files from the NAV scan, as a client is having a problem I've seen mentioned here: NAV flagging a *.OV file as being infected with a virus.
If this happens because NAV is incorrectly seeing these as *.OVL files, why doesn't this happen all the time?
Thanks for any information you can send my way.
Bob Feinberg
bfeinberg@sccme.com
At 05 APR 1999 02:34PM Matt Sorrell wrote:
Bob,
We had to do the same thing here. This issue was (as I recall) that because of the .OV extension NAV thought it had to scan the files, not that it necessarily flagged them as infected. This greatly increased the amount of time it took a scan to run, and also caused problems on a client machine with NAV installed that tried to run AREV.
We simply excluded the files and everything cleared right up.
Matt Sorrell
At 05 APR 1999 03:36PM Victor Engel wrote:
We had an incident a couple months ago where a virus was actually detected on an Arev file. There actually was no virus, but the header information in the file I guess looked like a virus to NAV.
At 06 APR 1999 01:24AM Warren wrote:
Excluding the .OV files is a must in any anti-virus scanner. Almost all virus scanners recognize these as overlay files for EXEs and as such they should never be updated or written to. Depending on how your scanner is setup it may try intercept all writes to certain types of files (EXE, COM, OV* etc). If this is the case you could end up with a truncated file.
The other possibility is that a random string in the header or data may be recognized as a virus signature (false alarm) and again the the write to the file may be intercepted and you'll wind up with a truncated or corrupt file.
This happened to a client of mine until I had them exclude rev*.lk and rev*.ov from NAV.