SonicWALL Gateway Antivirus detects a worm

Started by JRBlood

JRBlood

SonicWALL Gateway Antivirus detects a worm   17 May 2014, 03:15

Just so everyone is aware, when trying to download the latest NetScan, devices behind SonicWALL firewalls running the Gateway Antivirus will detect it as Suspicious#mpress.2 (Worm)

Here's an example from the logs (private info munged):

Time UTC 05/16/2014 17:03
Priority Alert
Category Security Services
Message Gateway Anti-Virus Alert: Suspicious#mpress.2 (Worm) blocked.
Source 54.231.1.81, 80, X1, s3-1-w.amazonaws.com
Destination 192.168.x.x, 32079, X0, pc.example.local
SoftPerfect Support forum - Andrew avatar image

Re: SonicWALL Gateway Antivirus detects NetScan as Suspicious#mpress.2 (Worm)   19 May 2014, 12:04

It's a false positive and these occur frequently with various antivirus products. Unless some day they whitelist our digital signature, there is really no way around it.

This particular detection happens because the network scanner is compressed with MPress.

Some malware authors used the same compressor for their works, which results in this compressor being misdetected.

Reply to this topic

Sometimes you can find a solution faster if you try the forum search, have a look at the knowledge base, or check the software user manual to see if your question has already been answered.

Our forum rules are simple:

  • Be polite.
  • Do not spam.
  • Write in English. If possible, check your spelling and grammar.

Author:

Email:

Subject

A brief and informative title for your message, approximately 4–8 words:

     

Spam prevention: please enter the following code in the input field below.

 ********  **     **  **        **    **  ********  
 **    **  **     **  **        ***   **  **     ** 
     **    **     **  **        ****  **  **     ** 
    **     **     **  **        ** ** **  **     ** 
   **       **   **   **        **  ****  **     ** 
   **        ** **    **        **   ***  **     ** 
   **         ***     ********  **    **  ********  

Message: