| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <009001c37cbc$98dc5be0$8f04d882@bzdrnja> From: Bojan.Zdrnja at LSS.hr (Bojan Zdrnja) Subject: Exploiting Multiple Flaws in Symantec Antivirus 2004 for Windows Mobile > -----Original Message----- > From: full-disclosure-admin@...ts.netsys.com > [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of > auto9115@...hmail.com > Sent: Wednesday, 17 September 2003 7:59 a.m. > To: full-disclosure@...ts.netsys.com > Subject: [Full-Disclosure] Exploiting Multiple Flaws in > Symantec Antivirus 2004 for Windows Mobile > > or eicar.txt). At least, at first glance it appears to detect it. However, > you can easily defeat this by adding a few bytes of random text before > or after the Eicar string. For example, if you use a hex/text editor > to add a few random bytes of text before and after the string, then Symantec > won't detect it! However, other AVs easily detect it, as they should. > An AV scanner should be able to detect a byte stream anywhere in the > file, but Symantec is easily bypassed with this rudimentary trick. Sigh, this was discussed before, search Bugtraq archives. If you add a few random bytes of text before or after the string, IT'S NOT EICAR anymore. Not discussing about other things, Symantec's behaviour is correct here, and other AV programs are wrong (if they detect EICAR after you change those bytes). Regards, Bojan Zdrnja
Powered by blists - more mailing lists