McAfee falls foul of faulty virus detection update

By Steve Malone

Posted on 14 Mar 2006 at 10:10

Security firm McAfee has a great deal of egg on its face after it inadvertently released a new set of virus signature files that falsely identified dozens of ordinary programs as malware. The company now has to face complaints from angry users who may have deleted their files.

The problem started last Friday when the company released the 4715 DATs which contained an incorrect identification for the W95/CTX virus. As a result, a long list of ordinary files, including Microsoft's Excel, the Google Toolbar installer, Java and the Macromedia Flash Player, were marked as hostile and users were prompted to either quarantine or delete them.

The mistake was quickly discovered and within five hours when customers started reporting a host of false positives for the W95/CTX virus. Realising the problem, McAfee withdrew the erroneous signature file and replaced it with the correct DATs. However, by then much of the damage had been done and many users - McAfee won't say how many - were faced with the prospect of trying to recover quarantined or deleted files.

The software affected was VirusScan Enterprise 7.1 and above, Managed VirusScan 3.5 and 4.0 Beta, VirusScan Online 10, LinuxShield and VirusScan 7.03.