lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: zx at castlecops.com (Paul Laudanski)
Subject: Multiple AV Vendors ignoring tar.gz archives

Thanks for replying back so quickly with further details.  I tested a 
standard .tar.bz2 file and found that nod32lms didn't report on diving 
into it.  I'll try to make time later to test it with a .tar.bz2 file 
which contains Eicar.  However, I've also included NOD32 support in this 
reply.

But this is just one company, you do have a point.

On Sat, 5 Feb 2005, Barrie Dempster wrote:

> I didn't configure the AV's I didn't fancy installing all of them and
> thought virus total would give a good indication. It appears from the
> virustotal results and from http://www.nod32.com/products/nt.htm that
> nod32 will scan and detect tar.gz's but not bz2's. This is the most
> common result and could be argued to be valid by the vendors. 
> 
> However you can open tar.bz2's on windows so it's still a valid
> infection vector, although probably not all that useful for viruses. I
> don't believe many users will go googling for the tools needed.
> Nonetheless at least a few of the vendors think it's necessary to go
> beyond the common zip and rar.

-- 
Regards,

Paul Laudanski - Computer Cops, LLC.
CastleCops(SM) - http://castlecops.com
http://cuddlesnkisses.com | http://justalittlepoke.com | http://zhen-xjell.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ