lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <000001c62a2e$9dd63040$0200a8c0@prashant>
Date: Sun, 5 Feb 2006 08:31:52 -0000
From: "Prashant Meswani" <prashant.meswani@...nline.co.uk>
To: 'Mert Sarıca' <mert.sarica@...il.com>,
	<bugtraq@...urityfocus.com>
Subject: RE: Trend Micro ServerProtect version 5.58 can be easily circumvented via the mechanism that limits how many files to scan.


You need to weigh up the pros and cons of using the maximum number of files
to scan in a compressed files option in any product. You have to ask
yourself, if I extract all these files, what are the chances the infected
file will be picked up by the real-time scanner against the option of
scanning every single file in a compressed file and overutilising the CPU
and memory  resources on the server. Serverprotect is one of TrendMicro's
first AV to corporate market and did not get much major development since
release. Serverprotect has now been superceded by Officescan 7.x (which is
supported on servers). Maybe it's worth looking at whether Officescan has
the same issues and weigh up the risks of that issue in relation to the
security of the server. Is 500+ files in a zip file that has not been
scanned a real threat / security breach?


Regards,

 

Prashant Meswani.

 

The opinions outlined in this email is that of my own and does not represent
the Residents Association or any other organisation I am related to.


-----Original Message-----
From: Mert Sarıca [mailto:mert.sarica@...il.com] 
Sent: Friday, February 03, 2006 8:46 AM
To: bugtraq@...urityfocus.com
Subject: Trend Micro ServerProtect version 5.58 can be easily circumvented
via the mechanism that limits how many files to scan.

http://www.packetstormsecurity.org/filedesc/Bypass.pdf.html

Some people say this method works also on Trend Micro InterScan Messaging
Security Suite and InterScan Web Security Suite. I really appreciate if you
use one of these and can able to test.




Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ