[Logwatch-Devel] should cltreq.asp and owssvr.dll be removed from the exploits list in scripts/services/http?

Gilles Detillieux grdetil at scrc.umanitoba.ca
Wed Jun 29 10:06:01 MST 2005


Just as myphpadmin was recently removed from the exploits list, because 
of too many false positives, I'd like to suggest removing cltreq.asp and 
owssvr.dll as well, for the same reason.  These two files are referenced 
by any MS IE client on which has the "Discuss" toolbar added to it from 
MS Office.  See http://www.xav.com/scripts/guardian/help/1022.html for 
details.  While it's true that these two files were also probed by the 
Nimda worm, it also probed other files like root.exe, but nowadays any 
activity you're likely to see on these two files is going to be legitimate.

-- 
Gilles R. Detillieux              E-mail: <grdetil at scrc.umanitoba.ca>
Spinal Cord Research Centre       WWW:    http://www.scrc.umanitoba.ca/
Dept. Physiology, U. of Manitoba  Winnipeg, MB  R3E 3J7  (Canada)


More information about the Logwatch-Devel mailing list