[Logwatch-Devel] should cltreq.asp and owssvr.dll be removed from
the exploits list in scripts/services/http?
grdetil at scrc.umanitoba.ca
Wed Jun 29 10:06:01 MST 2005
Just as myphpadmin was recently removed from the exploits list, because
of too many false positives, I'd like to suggest removing cltreq.asp and
owssvr.dll as well, for the same reason. These two files are referenced
by any MS IE client on which has the "Discuss" toolbar added to it from
MS Office. See http://www.xav.com/scripts/guardian/help/1022.html for
details. While it's true that these two files were also probed by the
Nimda worm, it also probed other files like root.exe, but nowadays any
activity you're likely to see on these two files is going to be legitimate.
Gilles R. Detillieux E-mail: <grdetil at scrc.umanitoba.ca>
Spinal Cord Research Centre WWW: http://www.scrc.umanitoba.ca/
Dept. Physiology, U. of Manitoba Winnipeg, MB R3E 3J7 (Canada)
More information about the Logwatch-Devel