On the 22nd and 23rd our Security detected the following:
Threat Alert
OfficeScan detected TROJ_NOTTY.MCL on <computer name>(<user id>) in Netadmins domains.
File: C:\Program Files\Novell\ZENworks\cache\zmd\ZenCache\47c074a7-6b46-42c4-bb1e-06be4872144b\CASA.MSI
Detection date: 3/23/2009 8:18:41
Action: Virus successfully detected, cannot perform the Clean action (Quarantine)
Threat Alert
OfficeScan detected TROJ_NOTTY.MCL on <computer name>(<user id>) in Workgroup domains.
File: C:\PROGRAM FILES\NOVELL\CASA\BIN\LCREDMGR.DLL
Detection date: 3/23/2009 8:18:05
Action: Virus successfully detected, cannot perform the Clean action (Quarantine)
Every Zen 10 client had a notice from our virus scanning software and the servers had certain MSI files removed from them (I do not have access to that console to get the exact names, but I bet CASA).


Is anyone else seeing this? Are these false positives? From what I can tell the files have not been modified. Can Novell contact TrendMicro on this? We are going to see about opening an Incident with them to find out more information.