lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: visitbipin at yahoo.com (bipin gautam)
Subject: All Antivirus, Trojan, Spy ware scanner, Nested file manual scan bypass bugs. [Part IV]

 
> OK.  I  just wrote new super antivirus. It's
> databases currently consist
> from  only  eicar.com  signature  (I'm very new in
> this business) but it
> 100% detects EICAR in the file with removed
> permissions :)
> 
> http://www.security.nnov.ru/files/antieicar.zip

> Now, there is at least one antivirus to break your
> statement :)
> 


good example 3APA3A to teach those software companies
howto, 

anyways... here is a archive, 

http://www.geocities.com/visitbipin/antiPOC.zip

Extract the archive by using "DEFAULT ZIP MANAGER" of
windows xp. It will create a file "NULL.con" (O;
within which there is a "eicar test string file". 

I don't think your super AV will detect the "eicar
test string file" withing "NULL.con" folder??? :)

anyways... let me know HOW? when you figure out to how
to delete "NULL.con" directory.



 You  can  add Kaspersky 4.5x to the list of products
> you can bypass this
> way.  Previous  KAV  4.0  versions  (and  3.x 
> version,  actually it was
> F-Secure  engine)  had kernel driver and it was used
> during manual scan,
> probably  these version are not vulnerable. I didn't
> saw 5.x yet, but it
> is expected to be vulnerable too.
> 
> F-Secure  (at  least  older  versions)  should  not
> be vulnerable, but I
> didn't tested.


		
__________________________________
Do you Yahoo!?
Yahoo! Mail - 50x more storage than other providers!
http://promotions.yahoo.com/new_mail


Powered by blists - more mailing lists