| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1107628805.24788.11.camel@localhost.localdomain> From: barrie at reboot-robot.net (Barrie Dempster) Subject: Multiple AV Vendors ignoring tar.gz archives On Sat, 2005-02-05 at 13:20 -0500, Paul Laudanski wrote: > Are you finding that certain AVs are not actually checking the contents of > the tarballs? I find in using nod32lms it does deep dive and checks each > file. Please note that one must configure the nod32.cfg file to permit > opening tarballs and other archives for inspection. I didn't configure the AV's I didn't fancy installing all of them and thought virus total would give a good indication. It appears from the virustotal results and from http://www.nod32.com/products/nt.htm that nod32 will scan and detect tar.gz's but not bz2's. This is the most common result and could be argued to be valid by the vendors. However you can open tar.bz2's on windows so it's still a valid infection vector, although probably not all that useful for viruses. I don't believe many users will go googling for the tools needed. Nonetheless at least a few of the vendors think it's necessary to go beyond the common zip and rar. -- With Regards.. Barrie Dempster (zeedo) - Fortiter et Strenue blog: http://zeedo.blogspot.com site: http://www.bsrf.org.uk [ gpg --recv-keys --keyserver www.keyserver.net 0x96025FD0 ] -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050205/e1459aaa/attachment.bin
Powered by blists - more mailing lists