| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: visitbipin at yahoo.com (bipin gautam) Subject: Re: Norton AntiVirus Scanner Remote DoS [temp. FIX!] [Part: !!!] --- Stuart Moore <smoore@...urityglobal.net> wrote: > Bipin, > > Hi. When I download > http://www.geocities.com/visitbipin/EXTRACTit1st.zip > and then extract > it to REVANGE_tmm.tar.bz2 and then run NAV on the > bz2 file, Norton scans very quickly and > does not find any viruses. > > Am I doing something wrong? Is there really an > EICAR string in REVANGE_tmm.tar.bz2? > > Stuart > > EXTRACTit1st.zip wasn't ment for Notron antivirus........ > There is an option to allow users to abort the scan. > Is it set ? (O; I don't think NAV engineers are still able to spot the problem; Lets HELP THEM OUT! The problem doesn't lie within the NAV virus scan engine; instead the problem lies within NAV file repair engine! Well, within few seconds... after the AV scan have started norton quickly scan's the infected file and smartly* skips the empty folder within the zip archive! But after norton detects virus in the archive it tries to delete the virus within the archive, and re-create the un-infected/fresh archive........ again! The problem triggers when NAV tries to re-create the 50000 empty folders and construct the archive. *ANY* av scanners that autometically tries to delete the infected file and re-create the archive should be vulnerable to this exploit!!! Note: mark the fact... in the "AutoProtect Menu" of the option tab in Norton AV the option........ *autometically repair the infected file <--- is set by default! you could temporarily be immune by this bug by setting the option, *deny access to the infected file. Did i just saved your MAIL SERVER??? (O; The compressed archive mustn't necessarily be a zip archive to trigger this attack. You could experiment this with other archive types...... HAS ANYONE TRIED THE EXPLOIT ON SOME OTHER AV SCANNERS?????? These are time's when you want to download some other AV scanners for a 30 days evaulation... There is a high chance you may never switch back again! bipin gautam http://www.geocities.com/visitbipin/ __________________________________ Do you Yahoo!? Yahoo! Mail - 50x more storage than other providers! http://promotions.yahoo.com/new_mail
Powered by blists - more mailing lists