Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> Re: McAfee Anti-virus software causing grief to Oracle binaries (win32)

Re: McAfee Anti-virus software causing grief to Oracle binaries (win32)

From: Paul Drake <bdbafh_at_gmail.com>
Date: Sun, 12 Mar 2006 13:37:39 -0500
Message-ID: <910046b40603121037u3c95cd17y49bfe2e76430ad5@mail.gmail.com>


On 3/12/06, Paul Drake <bdbafh_at_gmail.com> wrote:
>
> If you are using McAfee antivirus software on your win32 Oracle servers -
> check your logs.
>
> It attempted to remove files such as Dell OpenManage, Cygwin, perl,
> Sysinternals pstools suite.
> Basically, anything that was in the PATH environment variable was
> targeted.
>
> Not only did it attempt to remove files in the %ORACLE_HOME%\bin
> directory, but also in the .patch_storage folder - so as far as oracle
> files, this was not limited to the PATH environment variable.
>
> This was also capable of navigating mapped drives, so if you had a file
> server setup as a common install location, if filesystem permissions
> permitted modification of such files, you'll want to refresh the
> installation files from the downloaded, compressed source file.
>
> More info to follow - I haven't even made coffee yet.
>
> Paul
>

Apparently, this is a known issue.
Sounds like a good time to roll out 10.1.0.5 + 10.1.0.5 patch 1 (CPUJan2006).

Paul

http://isc.sans.org/diary.php?storyid=1179 Handler's Diary March 11th 2006<http://isc.sans.org/diary.php?date=2006-03-11> previous <http://isc.sans.org/diary.php?storyid=1178> - next<http://isc.sans.org/diary.php?storyid=1180>  McAfee/NAI rolls bad pattern
<http://isc.sans.org/diary.php?storyid=1179> Published: 2006-03-11,
Last Updated: 2006-03-11 01:29:45 UTC by Daniel Wesemann (Version: 1)

 NAI/McAfee today released pattern version 4716 only hours after 4715 had come out. Pattern 4715 triggered false positive virus alerts for "W95/CTX" on a number of files that are part of quite prominent third party products. Good for you if you have your AV configured to "quarantine" bad files and not to delete them outright, this makes restoring the chewed up files after a false positive considerably faster. Nevertheless, things like this can get messy pretty quickly if the AV scanner starts to quarantine vital components of your environment.

If you weren't affected and/or are using a different AV product, it might still be worthwhile to spend a couple of minutes on the following questions:

--
http://www.freelists.org/webpage/oracle-l
Received on Sun Mar 12 2006 - 12:37:39 CST

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US