| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: Thierry at sniff-em.com (Thierry Zoller) Subject: Re: Unfiltered escape sequences in filenames contained in ZIP archives wouldn't be escaped on displaying or logging, and can also lead to bypass AV scanning Dear List, Updated: State as of 15/03/2005 >From ftp://ftp.aerasec.de/pub/advisories/unfiltered-escape-sequences/ File unfiltered-escape-sequences-in-filename-eicar.zip ------------------------------------------------------------------- AntiVir : Eicar-Test-Signature Avast : EICAR Test-NOT!! AVG Antivirus : No viruses found BitDefender : EICAR-Test-File (not a virus) (0.52 seconds taken) ClamAV : Eicar-Test-Signature (0.59 seconds taken) Dr.Web : EICAR Test File (NOT a Virus!) (0.90 seconds taken) F-Prot Antivirus : EICAR_Test_File (0.29 seconds taken) Fortinet : EICAR_TEST_FILE (1.20 seconds taken) Kaspersky Anti-Virus : EICAR-Test-File (3.04 seconds taken) mks_vir : Eicar.Test (probable variant) (0.70 seconds taken) NOD32 : Eicar test file (1.55 seconds taken) Norman Virus Control : EICAR_Test_file_not_a_virus! (0.48 seconds taken) ------------------------------------------------------------------- Result: AVG fails. >From ftp://ftp.aerasec.de/pub/advisories/unfiltered-escape-sequences/ File unfiltered-escape-sequences-in-filename-sober.l.zip ------------------------------------------------------------------- AntiVir : Worm/Sober.L (0.42 seconds taken) Avast : Win32:Sober-K (1.53 seconds taken) AVG Antivirus : No viruses found (0.52 seconds taken) BitDefender : Win32.Sober.L@mm (0.53 seconds taken) ClamAV : Worm.Sober.L (0.60 seconds taken) Dr.Web : Win32.HLLM.Generic.328 (0.94 seconds taken) F-Prot Antivirus : W32/Sober.M@mm (0.09 seconds taken) Fortinet : W32/Sober.M-mm (0.45 seconds taken) Kaspersky Anti-Virus : Email-Worm.Win32.Sober.l (1.03 seconds taken) mks_vir : Worm.Sober.L (0.24 seconds taken) NOD32 : Win32/Sober.L (0.48 seconds taken) Norman Virus Control : Sober.L@mm (0.18 seconds taken) ------------------------------------------------------------------- Result: AVG fails. >From ftp://ftp.aerasec.de/pub/advisories/unfiltered-escape-sequences/ File no-escape-sequences-in-filename-eicar.zip ------------------------------------------------------------------- AntiVir : Eicar-Test-Signature (0.38 seconds taken) Avast : EICAR Test-NOT!! (1.52 seconds taken) AVG Antivirus : EICAR_Test (0.52 seconds taken) BitDefender : EICAR-Test-File (not a virus) (0.52 seconds taken) ClamAV : Eicar-Test-Signature (0.59 seconds taken) Dr.Web : EICAR Test File (NOT a Virus!) (0.90 seconds taken) F-Prot Antivirus : EICAR_Test_File (0.09 seconds taken) Fortinet : EICAR_TEST_FILE (0.45 seconds taken) Kaspersky Anti-Virus : EICAR-Test-File (1.00 seconds taken) mks_vir : Eicar.Test (probable variant) (0.23 seconds taken) NOD32 : Eicar test file (0.47 seconds taken) Norman Virus Control : EICAR_Test_file_not_a_virus! (0.18 seconds taken) ------------------------------------------------------------------- Results: No failures. >From ftp://ftp.aerasec.de/pub/advisories/unfiltered-escape-sequences/ File no-escape-sequences-in-filename-sober.l.zip ------------------------------------------------------------------- Short version : Results: No failures. ------------------------------------------------------------------- visitbipin@...oo.com posted this POC (over FD) http://www.geocities.com/visitbipin/test_nav.zip AntiVir : Eicar-Test-Signature Avast : EICAR Test-NOT!! AVG Antivirus : EICAR_Test BitDefender : EICAR-Test-File ClamAV : No viruses found Dr.Web : EICAR Test File F-Prot Antivirus : No viruses found Fortinet : No viruses found Kaspersky Anti-Virus : EICAR-Test-File mks_vir : Eicar.Test (probable variant) NOD32 : No viruses found Norman Virus Control : No viruses found --------------------------------------------------- visitbipin@...mail.com posted this POC http://www.geocities.com/visitbipin/gpbf.zip AntiVir : No viruses found Avast : EICAR Test-NOT!! AVG Antivirus : EICAR_Test BitDefender : EICAR-Test-File (not a virus) ClamAV : Eicar-Test-Signature Dr.Web : EICAR Test File (NOT a Virus!) F-Prot Antivirus : No viruses found Fortinet : EICAR_TEST_FILE Kaspersky Anti-Virus : No viruses found mks_vir : No viruses found NOD32 : Eicar test file Norman Virus Control : No viruses found ------------------------------------------------------------------- Results: Archives modified by visitbipin@...mail.com fail on more scanners. Why, I ignore. -- Thierry Zoller mailto:Thierry@...ff-em.com
Powered by blists - more mailing lists