Topic
  • 3 replies
  • Latest Post - ‏2014-04-25T15:25:12Z by MichaelBell
basketman2391
basketman2391
1 Post

Pinned topic McAfee detected BixFix as virus

‏2008-05-30T08:21:32Z |
Here is a log file from McAfee

********************************************************************************************
22/04/2008 15:10:34 Not scanned (scan timed out) NT AUTHORITY\SYSTEM BESClient.exe C:\Program Files\BigFix Enterprise\BES Client\__BESData\Enterprise Security\1Superseded.fxf\000004ae.EML (Virus)

********************************************************************************************

Does anybody know about this issue ?
Does it require to send and email for what ?
  • BenKus
    BenKus
    55 Posts

    Re: McAfee detected BixFix as virus

    ‏2008-05-30T16:12:04Z  
    Hi Basketman,

    It looks like your McAfee is having some issues. The first indication of the problem is that the path provided can't possibly be a file... Specifically:
    "C:\Program Files\BigFix Enterprise\BES Client\__BESData\Enterprise Security\1Superseded.fxf" is a file
    "C:\Program Files\BigFix Enterprise\BES Client\__BESData\Enterprise Security\1Superseded.fxf\000004ae.EML" is an invalid path.

    Additionally, we don't use any files with the extension .EML. I believe that extension is used for your email browser.

    So you should talk with McAfee to try to understand what might cause this type of AV error. I think I remember at least one customer reporting something very similar, but it was a long time ago and we never heard about the issue again after they talked to McAfee so I am guessing that they fixed it somehow.

    Ben
  • Security_admin
    Security_admin
    1 Post

    Re: McAfee detected BixFix as virus

    ‏2014-04-24T06:53:59Z  
    • BenKus
    • ‏2008-05-30T16:12:04Z
    Hi Basketman,

    It looks like your McAfee is having some issues. The first indication of the problem is that the path provided can't possibly be a file... Specifically:
    "C:\Program Files\BigFix Enterprise\BES Client\__BESData\Enterprise Security\1Superseded.fxf" is a file
    "C:\Program Files\BigFix Enterprise\BES Client\__BESData\Enterprise Security\1Superseded.fxf\000004ae.EML" is an invalid path.

    Additionally, we don't use any files with the extension .EML. I believe that extension is used for your email browser.

    So you should talk with McAfee to try to understand what might cause this type of AV error. I think I remember at least one customer reporting something very similar, but it was a long time ago and we never heard about the issue again after they talked to McAfee so I am guessing that they fixed it somehow.

    Ben

    We have received the same alert from Mcafee scanner for Virus detection on EML file. this file is located under TEM client. "C:\Program Files\BigFix Enterprise\BES Client\__BESData\BigFix Labs\__Local\Get\Content.fxf\0000992b.EML"

    This alerts are spreading rapidly across organization and we have already checked with Mcafee and as per them this is a false positive alert. However we want to know what these .EML files are used for and do we have an update/hotfix from IBM for this issue.

    We are suspecting it to the be vulnerable for Heartbleed bug, as these files are detected as "Exploit-SSL" virus.

    I would request IBM support to have to have this checked and the earliest and update the forum.

  • MichaelBell
    MichaelBell
    2 Posts

    Re: McAfee detected BixFix as virus

    ‏2014-04-25T15:25:12Z  

    We have received the same alert from Mcafee scanner for Virus detection on EML file. this file is located under TEM client. "C:\Program Files\BigFix Enterprise\BES Client\__BESData\BigFix Labs\__Local\Get\Content.fxf\0000992b.EML"

    This alerts are spreading rapidly across organization and we have already checked with Mcafee and as per them this is a false positive alert. However we want to know what these .EML files are used for and do we have an update/hotfix from IBM for this issue.

    We are suspecting it to the be vulnerable for Heartbleed bug, as these files are detected as "Exploit-SSL" virus.

    I would request IBM support to have to have this checked and the earliest and update the forum.

    BigFix Labs now includes a scanner for CVE-2014-0160 (Heartbleed) and although the scanner itself is NOT distributed via the site, it is referenced in the fixlets as well as general commentary about it. We believe McAfee is producing these .EML files themselves and is picking up on the content (now in a .EML) and incorrectly flagging them most likely based upon the commentary in the description, not any real threat.  There is NO malware being propagated via the site content.

    To confirm, the scanner binary is found at http://support.bigfix.com/labs/downloads/CVE-2014-0160.bfz and McAfee's own scanner shows this file to be free from malware as seen here: http://www.siteadvisor.com/sites/http%3A//support.bigfix.com/labs/downloads/CVE-2014-0160.bfz

    Unfortunately, there is nothing we can do about the false positive other than ensure you we have tested our content. Please contact your McAfee representation and request assistance in having the false positive corrected in your environment.