| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Pine.LNX.4.44.0502051418350.19626-100000@bugsbunny.castlecops.com> From: zx at castlecops.com (Paul Laudanski) Subject: Multiple AV Vendors ignoring tar.gz archives Thanks for replying back so quickly with further details. I tested a standard .tar.bz2 file and found that nod32lms didn't report on diving into it. I'll try to make time later to test it with a .tar.bz2 file which contains Eicar. However, I've also included NOD32 support in this reply. But this is just one company, you do have a point. On Sat, 5 Feb 2005, Barrie Dempster wrote: > I didn't configure the AV's I didn't fancy installing all of them and > thought virus total would give a good indication. It appears from the > virustotal results and from http://www.nod32.com/products/nt.htm that > nod32 will scan and detect tar.gz's but not bz2's. This is the most > common result and could be argued to be valid by the vendors. > > However you can open tar.bz2's on windows so it's still a valid > infection vector, although probably not all that useful for viruses. I > don't believe many users will go googling for the tools needed. > Nonetheless at least a few of the vendors think it's necessary to go > beyond the common zip and rar. -- Regards, Paul Laudanski - Computer Cops, LLC. CastleCops(SM) - http://castlecops.com http://cuddlesnkisses.com | http://justalittlepoke.com | http://zhen-xjell.com
Powered by blists - more mailing lists