lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Subject: All Antivirus, Trojan, Spy ware scanner, Nested file manual scan bypass bugs. [Part IV]

Dear bipin gautam,

Actually  my  super  antivirus  easily  detects  eicar  in  nul.con. For
example, for c:\NUL.CON\


antieicar \\.\c:\NUL.CON\

Antiviral vendors aware about this problem, it was discussed in past.

--Saturday, October 2, 2004, 9:57:52 PM, you wrote to

>> OK.  I  just wrote new super antivirus. It's
>> databases currently consist
>> from  only  signature  (I'm very new in
>> this business) but it
>> 100% detects EICAR in the file with removed
>> permissions :)

>> Now, there is at least one antivirus to break your
>> statement :)

bg> good example 3APA3A to teach those software companies
bg> howto, 

bg> anyways... here is a archive, 


bg> Extract the archive by using "DEFAULT ZIP MANAGER" of
bg> windows xp. It will create a file "NULL.con" (O;
bg> within which there is a "eicar test string file". 

bg> I don't think your super AV will detect the "eicar
bg> test string file" withing "NULL.con" folder??? :)

bg> anyways... let me know HOW? when you figure out to how
bg> to delete "NULL.con" directory.

bg>  You  can  add Kaspersky 4.5x to the list of products
>> you can bypass this
>> way.  Previous  KAV  4.0  versions  (and  3.x 
>> version,  actually it was
>> F-Secure  engine)  had kernel driver and it was used
>> during manual scan,
>> probably  these version are not vulnerable. I didn't
>> saw 5.x yet, but it
>> is expected to be vulnerable too.
>> F-Secure  (at  least  older  versions)  should  not
>> be vulnerable, but I
>> didn't tested.

bg> __________________________________
bg> Do you Yahoo!?
bg> Yahoo! Mail - 50x more storage than other providers!

bg> _______________________________________________
bg> Full-Disclosure - We believe in it.
bg> Charter:

? ???????? ???? ??????.  (???)

Powered by blists - more mailing lists