From Jeff Bounds of Sun:
IHAC that is planning on rolling out McAfee VirusScan 8.7 w/ Artemis. Artemis
does real-time scanning based on behavior instead of signatures. Currently
WebSpace on Glassfish seems to causes issues with Artemis. When Artemis is
used, it flags the update tool as a potential threat.
Note: In our testing, Artemis deleted a file that is downloaded from and
used by the Update Tool and potentially other tools. The specific
threat was "Artemis!7C926249DCEB (Trojan)". The file seems to be
Currently they are looking at excluding \the webspace-for-gfv2 directory as part
of real-time scans. So this leads to a few questions.
1) Has anyone else run into this, and how did they get around it?
2) Would just restricting the exclusion to the update tool work?
3) Are there any other folders that we would suggest NOT to scan?
>From the customer:
My suggestion is the following:
1. Exclude all files associated with both Glassfish and WebSpace
from On-Access scanning. This would be all files under the folder where
Glassfish is installed, i.e. "glassfish/" as well as all files under the
folder where WebSpace is installed, i.e. "webspace-for-gfv2/". The
rational is that these files are accessed many, many times during the
execution of the WebSpace product, and constant On-Access scanning has a
negative affect on performance.
2. The directory pointed to by the property
"dl.hook.file.system.root.dir" should not be excluded, i.e. scan this
folder structure. This property represents the "FileSystemHook. This is
the location where all the documents will be stored." As these are user
uploaded files, they should be checked.
3. The directory pointed to by the property "lucene.dir" should be
excluded. This property represents "the directory where Lucene indexes