| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20041002175752.4338.qmail@web20224.mail.yahoo.com> From: visitbipin at yahoo.com (bipin gautam) Subject: All Antivirus, Trojan, Spy ware scanner, Nested file manual scan bypass bugs. [Part IV] > OK. I just wrote new super antivirus. It's > databases currently consist > from only eicar.com signature (I'm very new in > this business) but it > 100% detects EICAR in the file with removed > permissions :) > > http://www.security.nnov.ru/files/antieicar.zip > Now, there is at least one antivirus to break your > statement :) > good example 3APA3A to teach those software companies howto, anyways... here is a archive, http://www.geocities.com/visitbipin/antiPOC.zip Extract the archive by using "DEFAULT ZIP MANAGER" of windows xp. It will create a file "NULL.con" (O; within which there is a "eicar test string file". I don't think your super AV will detect the "eicar test string file" withing "NULL.con" folder??? :) anyways... let me know HOW? when you figure out to how to delete "NULL.con" directory. You can add Kaspersky 4.5x to the list of products > you can bypass this > way. Previous KAV 4.0 versions (and 3.x > version, actually it was > F-Secure engine) had kernel driver and it was used > during manual scan, > probably these version are not vulnerable. I didn't > saw 5.x yet, but it > is expected to be vulnerable too. > > F-Secure (at least older versions) should not > be vulnerable, but I > didn't tested. __________________________________ Do you Yahoo!? Yahoo! Mail - 50x more storage than other providers! http://promotions.yahoo.com/new_mail
Powered by blists - more mailing lists