lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <016201c6b9a5$4f85f7c0$e8f9a501@pitgroup.local>
Date: Mon, 7 Aug 2006 00:11:46 +0200
From: "<...>" <massimo@...ndmedia.si>
To: <full-disclosure@...ts.grok.org.uk>, "Denis Jedig" <seclists@...eticon.de>
Cc: bugtraq@...urityfocus.com
Subject: Re: Re: when will AV vendors fix this???

good idea indeed and, since ntfs drivers are available for linux for a long 
time now, someone really willing to fix the issue could start there...

----- Original Message ----- 
From: "Denis Jedig" <seclists@...eticon.de>
To: <full-disclosure@...ts.grok.org.uk>
Cc: <bugtraq@...urityfocus.com>
Sent: Saturday, August 05, 2006 10:35 AM
Subject: [Full-disclosure] Re: when will AV vendors fix this???


> On Sat, 5 Aug 2006 13:05:56 +0545 Bipin Gautam wrote:
>

--- cut ---

>> And one more thing, if during AV scan if a file can't be opened due to
>> some processes LOCKING the file.... Instead of going through the
>> regular file open  process AV should instead directly read the SECTORS
>> of the hdd
>
> This might seem to be a bright idea at first, however, there are problems
> with this approach. For one, the AV system would have to interpret the
> filesystem on its own. Since NTFS is not documented and pretty 
> complicated,
> this is an error-prone task and I have no confidence AV vendors might be
> able to master it correctly. Then, even if you are able to read sectors (a
> non-trivial task under Windows as well), a file is usually not locked
> without reason - it will likely undergo some changes even *during the 
> scan*
> so the results will be mostly useless. What you'd use instead is the 
> Volume
> Shadow Copy (aka Snapshot) feature as done with various backup
> applications.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ