lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <GueLfSR6HHYDFAUZ@thus.net>
Date: Thu, 27 Oct 2005 07:21:46 +0100
From: Dave English <dave.english@...s.net>
To: bugtraq@...urityfocus.com
Subject: Re: Multiple Vendor Anti-Virus Software Detection Evasion Vulnerability through


In message <019d01c5d96c$87e6ea80$0501a8c0@...e>, Andrey Bayora 
<andrey@...urityelf.org> writes
>Multiple Vendor Anti-Virus Software Detection Evasion Vulnerability through
>forged magic byte.

Interesting

Have you considered the possibility that some vendors at least may 
include with each virus signature a set of file formats for which the 
signature is valid, or just a flag to signify "all formats"?

If so, then the vendors will consider themselves not vulnerable, they 
can simply update their virus definitions when and if variants with 
different headers appear.

Even with 1:1 file format signatures, a vendor could presumable include 
multiple virus definitions for one virus, one per file format, as 
required

...

>For more details, screenshots and examples please read my article "The Magic
>of magic byte" at www.securityelf.org
...
-- 
Dave English                      Senior Software & Systems Engineer
                              Internet Platform Development, Thus plc

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ