Friday, March 27, 2009 3:16 PM
cmosby
Bad Symantec Virus Definitions Update – SANS Internet Storm Center
digg_url = 'http://isc.sans.org/diary.html?storyid=6082&rss';
digg_title = 'Bad Symantec Virus Defintions Update';
digg_skin='compact';
digg_topic = 'security';
We had a report earlier today about problems with non-malicious PDF files getting flagged by the Symantec AntiVirus 10 and Symantec Endpoint Protection 11 products. The March 26, 2007 rev 7 definitions appear to be the cause of the issue. The PDF files were getting flagged as Bloodhound.PDF.6 based on hueristics detection.
There is also a thread about this issue on Symantec's forum today.
If you upgrade your signatures to revision 67 or later, or use the Rapid Release definitions whose sequence number is 93430 or higher, the problem appears to have been resolved.