| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <42096107.30657.104A5C37@localhost> From: nick at virus-l.demon.co.uk (Nick FitzGerald) Subject: Multiple AV Vendors ignoring tar.gz archives Barrie Dempster to me: > > Yes, but it has to be much more thoroughly implemented. > > Absolutely, There are a few minor implementations of this but it's > something that directory and management systems could incorporate. As > most OS's have an "executable permission", it would be an idea to have > software thats not in the white-list renderred incapable of having this > permission, combined with scan on execute to ensure that the any > software that previously has the permissions doesn't execute. It's a tad more complex than simply execute permissions though, hence my suggestion that it really needs to be done much as in contemporary on-access virus scanners. Think script code embedded in HTML inside all manner of pseudo-archive formats. Think macros inside OLE2 container files. Think NTFS AD streams. And consider that the bad guys will always find the stupid bugs (and often the arcane ones) so there will always be ways for "new stuff" to get where it shouldn't be, so default-deny, rather than default-allow (as known virus scanning provides) is the only sensible approach. -- Nick FitzGerald Computer Virus Consulting Ltd. Ph/FAX: +64 3 3267092
Powered by blists - more mailing lists