« previous next »
Pages: [1]   Go Down

Author Topic: Win32: SQLSlammer keeps showing up  (Read 3313 times)

0 Members and 1 Guest are viewing this topic.

Notar

  • Guest
Win32: SQLSlammer keeps showing up
« on: March 27, 2005, 04:52:51 AM »
   Hi, I have risked using  WebShield again with Opera browser . Last night I ran an offline scan and detected this virus in C:\Program Files\Sygate\SPF\rawlog.log.

Now, whilst I am online I ran a scan of this file and twice as of this moment I have found this virus in this abovementioned folder.   I also checked this file with AVG anti virus.   Also, have just completed Trend Micro Housecall online scan. Both came up clean.  Could this be a false positive  by avast.

 It would appear WebShield and Sygate are incompatible as expessed in several recent threads.

Should I just give up on using Webshield with Sygate Firewall free version?

 I will not give up using Sygate as I have been using it for years and  consider it to be a very good firewall.

I hope somebody can advise some workaround.
Logged

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11658
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re: Win32: SQLSlammer keeps showing up
« Reply #1 on: March 27, 2005, 10:56:43 AM »
There're basically two questions in your post. Let's answer them one by one.

Quote
Last night I ran an offline scan and detected this virus in C:\Program Files\Sygate\SPF\rawlog.log.

If it was SQLSlammer, it's not such a deal. I mean, I can imagine such a situation very well. The Sygate RawLog file (given its name) probably stores individual packets coming to your machine, on certain ports. So it's quite possible that a remote machine send you a packet with SQLSlammer payload, and avast is now picking it up in the log... There's nothing to worry about here, really...

It w
Quote
ould appear WebShield and Sygate are incompatible as expessed in several recent threads.

I think you misunderstood the problem. It's the fact that Sygate has problems with local proxies, in the sense that it's not able to control traffic going thru them. However, in build 4.6.623, WebShield was modified in the sense that it's now opt-in only. I.e. it filters traffic coming from certain processes only, thus mitigating the problem to a large extent.

For more, please a number of Sygate-WebShield related threads on this forum.


Thanks
Vlk
Logged
If at first you don't succeed, then skydiving's not for you.

stevejrc

  • Guest
Re: Win32: SQLSlammer keeps showing up
« Reply #2 on: March 27, 2005, 02:47:47 PM »
I asked same question in sygate forum and they also said its just the packet data blocked at the firewall. Avast picks it up as its heuristics see a "sign" of slammer. You can disable full packet logging (it only slows pc down and unnecessary unless troubleshooting) or delete the file (its recreated by sygate).
Logged

Notar

  • Guest
Re: Win32: SQLSlammer keeps showing up
« Reply #3 on: March 27, 2005, 03:22:07 PM »
  @ stevejrc

   Thanks for the information.  I have deleted this file and realised that it  recreates itself. I noticed that the packet logging is  a default setting and was wondering how to disable it.
Logged

stevejrc

  • Guest
Re: Win32: SQLSlammer keeps showing up
« Reply #4 on: March 27, 2005, 05:23:43 PM »
in options (right click sygate icon or tools>options in sygate screen) untick "full packet logging" under the Log tab. I think its normally unticked by default.
Logged

Notar

  • Guest
Re: Win32: SQLSlammer keeps showing up
« Reply #5 on: March 28, 2005, 01:43:58 AM »
 LOL :) I  haven't looked in options in years.  I have unticked it now. Thanks
Logged
Pages: [1]   Go Up
« previous next »