lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 26 Jul 2004 22:26:39 +0200 (CEST) From: Hugo van der Kooij <hvdkooij@...derkooij.org> To: bugtraq@...urityfocus.com Subject: Re: eSafe: Could this be exploited? On Mon, 26 Jul 2004, MegaHz wrote: > I have tested it out, and esafe blocked the hole email that contains > the eicar virus. > Of course I have configure esafe to block virus infected emails > instead of modifying them and removing the virus. SMTP (or SMTP via CVP) is handled as a store and forward mechanisme. Hence the 80% rule does not apply. The issue was seen with both v3.5 in CVP mode as well as v4 in bridging mode. No further labtest were done to see if a full live EICAR version could be passed along. If someone is able to create a test executable based on the EICAR string the point might be proven. Unfortunatly I am not a programmer and lack window compiler tools all together. But if someone thinks (s)he can create a sample binary that may run when the last bit is shot to pieces and still contain a valid EICAR definition to show to the screen the issue might be proven. Putting it on a webserver and posting the URL would allow anyone who wants to to verify the issue themselves. Hugo. -- All email sent to me is bound to the rules described on my homepage. hvdkooij@...derkooij.org http://hvdkooij.xs4all.nl/ Don't meddle in the affairs of sysadmins, for they are subtle and quick to anger.
Powered by blists - more mailing lists