The Built In Anti Virus

[Phil Crane]

When you run this it brings up near enough every file in the ipb region as so called alerts if no edits have been made to these files and they still come up is this a bug of some sort? imho if you have a board with no mods on it at all just the invision files nothing else and you scan through acp, surely nothing at all should come up but it does, im a little baffled to why they come up if they are standard ipb files

[Grant]

The Anti-virus is built to imform you that some of the files in your IPB folder have a lot of queries and other things in them. The reason that a lot of IPB's files are shown in this system is because there are a lot of queries in them. As the administrator and regularly looking at this screen, you should have good idea about which files should be in that folder. It is just another way that you can protect your board.

[bfarber]

It is not really based on a lot of queries, but the concept is similar. It's based on file size, file owner, last modified date and so on.

If you have a freshly installed IPB, the modified date on the files is going to be recent (whenever you installed). IPB does not know that the files have not been hacked...it is just simply alerting you to certain characteristics that can be suspicous. :)

[Black Prowler]

why would charectoristics be suspicious on freshly installed ipb files? I never understood this since it's inception in 2.1.6(or was it 2.1.7? :huh: ) I can't tell if I have infected files or not cause most of them show as infected(and I accounted for the files that were modded already.) :ermm:

[Justin]

It's only like that because it looks at the last modified timestamp...which is the same as your creation timestamp because it's a fresh installation... this layer of security will only be relevant to you as your board gets older... when you _know_ you havent installed any modifications or done any other kind of hacking on the files, and all of a sudden there is a file that popups up in the checker that was changed 6 hours ago... it's a red flag for you to investigate the matter further...

All of these new security tools in v2.2 are each seperate layers of plastic wrap... each of them by themselves are not totally strong or very good...but when layered together provide you a nice and flexible shield to protect yourself from outside forces... Also, these tools are merely there to point out possible red flags in the system, given the dynamic and unique lifestyle that each board installation lives through there isnt any reliable way for IPS to create a system that says "ok this file is a trojan FOR SURE, and this other file is NOT for SURE!"... all they can do is look at various critical information and make a best guess...

[Matt]

All of these new security tools in v2.2 are each seperate layers of plastic wrap... each of them by themselves are not totally strong or very good...but when layered together provide you a nice and flexible shield to protect yourself from outside forces... Also, these tools are merely there to point out possible red flags in the system, given the dynamic and unique lifestyle that each board installation lives through there isnt any reliable way for IPS to create a system that says "ok this file is a trojan FOR SURE, and this other file is NOT for SURE!"... all they can do is look at various critical information and make a best guess...

Couldn't have put it better myself.

[Phil Crane]

well that clears things up guys, thanks for the input and roll on 2.2 when it comes that is lol

[Mark]

I'm not sure if this is a bug or not, but if you add the .htaccess files using the 'IPB .htaccess Protection' tool - the files created are picked up by the IPB Unauthorized File Checker as a rating of 10.

[bfarber]

It's not a bug. As stated before, IPB has no way of knowing if it's valid or not, so it's simply telling you it's suspicious. Check the file out, if it's all valid, then ignore it. :)

[Ryan Becker]

I personally think that there should be an option to ignore a file until its modified datestamp is changed. Once it's changed, IPB should red flag it and alert the administrator. However, the file should remain ignored as long as the modified datestamp remains unchanged.

[Biker.GA]

It's not a bug. As stated before, IPB has no way of knowing if it's valid or not, so it's simply telling you it's suspicious. Check the file out, if it's all valid, then ignore it. <img src="http://forums.invisionpower.com/style_emoticons/<#EMO_DIR#>/original.gif" style="vertical-align:middle" emoid=":)" border="0" alt="original.gif" />

I have to agree that flagging the files, even when it's a fresh, new installation makes little sense. To someone not familiar with how it works, it could cause undue panic. I find that I pretty much ignore everything it says in the security center and check the files at the server level.

[Ryan Becker]

I have to agree that flagging the files, even when it's a fresh, new installation makes little sense. To someone not familiar with how it works, it could cause undue panic. I find that I pretty much ignore everything it says in the security center and check the files at the server level.

When I first saw that, it did freak me out a bit that IPB was flagging its own files as suspicious, but I didn't take any action against it, because I figured it might screw something up.