Login ProductsSalesSupportDownloadsAbout |
Home » Technical Support » DBISAM Technical Support » Support Forums » DBISAM General » View Thread |
Messages 1 to 10 of 32 total |
Missing BLB Files |
Tue, Oct 30 2007 5:39 PM | Permanent Link |
Tim Young [Elevate Software] Elevate Software, Inc. timyoung@elevatesoft.com | We have finally received a valuable lead today in the mystery of the missing
..BLB files. Apparently a Chinese organization is using DBISAM to create an adware application called pprich: http://www.symantec.com/security_response/writeup.jsp?docid=2006-091415-2444-99 Because it ships with an empty .BLB file, certain anti-spyware software has added the empty .BLB byte signature to its spyware database, and proceeds to remove any .BLB file that fits this scenario (any empty DBISAM .BLB). Currently, we are aware of AOL's anti-spyware software removing .BLB files, but are seeing if any others are doing so also. We suspect that Time Warner may also be using the same software, but we're not positive about this yet. As to a remedy, we are having our lawyer contact AOL in order to get a technical contact that we can pursue this with, mainly because we can't find any specific contact information for AOL anywhere. I will let everyone know what we find out with this route. Needless to say, this is a major no-no on the part of the anti-spyware software and is tantamount to removing all empty Microsoft Excel .xls files just because they fit a certain byte signature. We're not really sure why they aren't scanning the files to see if they are actual executable files, or why they aren't just removing the empty .BLB files with the same name as the adware, but the best we can surmise at this point is that they simply weren't particularly thorough. The only other remedies are: 1) Changing the .blb file extension to something else in your application. 2) Removing the anti-spyware software so that it stops removing the .BLB files. I will let everyone know how things progress on this front. In the meantime, if you do experience this issue, please let us know so that we can figure out which anti-spyware software is responsible. -- Tim Young Elevate Software www.elevatesoft.com |
Wed, Oct 31 2007 3:37 AM | Permanent Link |
Markku Nevalainen | Tim Young [Elevate Software] wrote:
> > added the empty .BLB byte signature to its spyware database, and proceeds to > remove any .BLB file that fits this scenario (any empty DBISAM .BLB). I wonder if there would be some simple hack that would prevent BLB Blob file never been empty. For instance in AfterDelete event write some extra check: If MyTable.Blobfield.IsNull then MyTable.Blobfield.AsString :='Dummy'; (Sorry about the clumsy example, I usually use TStreams to store data to Blobs) > 1) Changing the .blb file extension to something else in your application. For any developers using prior 4.0 versions, this possibility probably is out? > 2) Removing the anti-spyware software so that it stops removing the .BLB > files. I have not yet faced this happen. Perhaps the clients have just been lucky and always have had at least something stored in their BLB files. Markku Nevalainen |
Wed, Oct 31 2007 8:20 AM | Permanent Link |
"Jan Derk" | Tim Young [Elevate Software] wrote:
> Currently, we are aware of AOL's > anti-spyware software removing .BLB files, but are seeing if any > others are doing so also. I sincerly start to think that some anti-virus packages are worse than virusses. If a virus would have done the the exact same thing (deleting important files and breaking many applications), the anti-virus industry would have released many press releases and the (internet) media would be all over it. My first question I ask these days for customers with strange problems is not if they have virusses, but if they have Norton or McAfee installed. I guess we can add AOL to that list. Jan Derk |
Wed, Oct 31 2007 10:14 AM | Permanent Link |
Eryk Bottomley | Markku
> I wonder if there would be some simple hack that would prevent BLB Blob > file never been empty. > > For instance in AfterDelete event write some extra check: > > If MyTable.Blobfield.IsNull > then MyTable.Blobfield.AsString :='Dummy'; That would break the logic for anyone who tests for 'RecordCount=0' or similar in their application. For example, it would turn: while RecordCount > 0 do Delete; ....into an infinite loop. A 'fix' like that would be much, much nastier than the original problem IMO. > For any developers using prior 4.0 versions, this possibility probably > is out? Not if you have the source code. It only requires changing one constant. Eryk |
Wed, Oct 31 2007 11:59 AM | Permanent Link |
Rolf Frei eicom GmbH | Unbelievable!!! AV and AntiSpyware gets more and more to maleware itself.
Does this only affect DBISAM 4 "empty" BLB files or V3 too? Do you know already which other products than AOL does this? Regards Rolf |
Wed, Oct 31 2007 12:44 PM | Permanent Link |
Tim Young [Elevate Software] Elevate Software, Inc. timyoung@elevatesoft.com | Markku,
<< I wonder if there would be some simple hack that would prevent BLB Blob file never been empty. >> Sure, that will work also. Any time the .BLB is increased from the empty 512-byte header to something else, it will fix the problem. << For any developers using prior 4.0 versions, this possibility probably is out? >> It's not out, but it is immensely more difficult to do. << I have not yet faced this happen. Perhaps the clients have just been lucky and always have had at least something stored in their BLB files. >> So far I can only track it down to AOL anti-spyware, which is weird because they supposedly use a slightly-customized version of McAfee Internet Security Suite. -- Tim Young Elevate Software www.elevatesoft.com |
Wed, Oct 31 2007 12:47 PM | Permanent Link |
Tim Young [Elevate Software] Elevate Software, Inc. timyoung@elevatesoft.com | Rolf,
<< Unbelievable!!! AV and AntiSpyware gets more and more to maleware itself. >> Yes. Removing virus and adware/malware .EXE/.DLL files is one thing. Removing random data files is another. << Does this only affect DBISAM 4 "empty" BLB files or V3 too? >> Sorry, I should have mentioned that. It only affects DBISAM 4 .BLB files, as far as I know. << Do you know already which other products than AOL does this? >> I've tested Symantec's virus scanning, and they don't report the .BLB files as being part of a virus, etc. I'm geting McAfee now to try it out. I swore that I would never give those people any money, but sometimes I guess I need to bite the bullet and do it anyways. -- Tim Young Elevate Software www.elevatesoft.com |
Wed, Oct 31 2007 12:49 PM | Permanent Link |
Tim Young [Elevate Software] Elevate Software, Inc. timyoung@elevatesoft.com | Eryk,
<< That would break the logic for anyone who tests for 'RecordCount=0' or similar in their application. >> Yes, it would. However, if you add a record with BLOB data and then delete it, you will change the .BLB file size with some extra empty space without changing the RecordCount logic. -- Tim Young Elevate Software www.elevatesoft.com |
Wed, Oct 31 2007 12:55 PM | Permanent Link |
Tim Young [Elevate Software] Elevate Software, Inc. timyoung@elevatesoft.com | Jan,
<< I sincerly start to think that some anti-virus packages are worse than virusses. If a virus would have done the the exact same thing (deleting important files and breaking many applications), the anti-virus industry would have released many press releases and the (internet) media would be all over it. >> Yes, that's the unfortunate sad state of affairs that we've come to. I don't know why they even bother with spyware signatures and definitions - the nastier ones hook themselves into the WinLogon process and other internals in order to avoid being subject to removal through any other method than the Repair/Recovery Console. -- Tim Young Elevate Software www.elevatesoft.com |
Wed, Oct 31 2007 3:40 PM | Permanent Link |
"Rita" | Give me some monry and I will tell you the fix
Rita "Tim Young [Elevate Software]" <timyoung@elevatesoft.com> wrote in message news:8F9E4DB1-9D26-4CB0-BC6C-0AE165AFDE75@news.elevatesoft.com... > Rolf, > > << Unbelievable!!! AV and AntiSpyware gets more and more to maleware > itself. > >> > > Yes. Removing virus and adware/malware .EXE/.DLL files is one thing. > Removing random data files is another. > > << Does this only affect DBISAM 4 "empty" BLB files or V3 too? >> > > Sorry, I should have mentioned that. It only affects DBISAM 4 .BLB files, > as far as I know. > > << Do you know already which other products than AOL does this? >> > > I've tested Symantec's virus scanning, and they don't report the .BLB > files as being part of a virus, etc. I'm geting McAfee now to try it out. > I swore that I would never give those people any money, but sometimes I > guess I need to bite the bullet and do it anyways. > > -- > Tim Young > Elevate Software > www.elevatesoft.com > |
Page 1 of 4 | Next Page » | |
Jump to Page: 1 2 3 4 |
This web page was last updated on Tuesday, May 14, 2024 at 07:14 PM | Privacy PolicySite Map © 2024 Elevate Software, Inc. All Rights Reserved Questions or comments ? E-mail us at info@elevatesoft.com |