[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] All Antivirus, Trojan, Spy ware scanner, Nested file manual scan bypass bugs. [Part IV]
- To: full-disclosure@xxxxxxxxxxxxxxxx
- Subject: Re: [Full-Disclosure] All Antivirus, Trojan, Spy ware scanner, Nested file manual scan bypass bugs. [Part IV]
- From: bipin gautam <visitbipin@xxxxxxxxx>
- Date: Sat, 2 Oct 2004 10:57:52 -0700 (PDT)
> OK. I just wrote new super antivirus. It's
> databases currently consist
> from only eicar.com signature (I'm very new in
> this business) but it
> 100% detects EICAR in the file with removed
> permissions :)
>
> http://www.security.nnov.ru/files/antieicar.zip
> Now, there is at least one antivirus to break your
> statement :)
>
good example 3APA3A to teach those software companies
howto,
anyways... here is a archive,
http://www.geocities.com/visitbipin/antiPOC.zip
Extract the archive by using "DEFAULT ZIP MANAGER" of
windows xp. It will create a file "NULL.con" (O;
within which there is a "eicar test string file".
I don't think your super AV will detect the "eicar
test string file" withing "NULL.con" folder??? :)
anyways... let me know HOW? when you figure out to how
to delete "NULL.con" directory.
You can add Kaspersky 4.5x to the list of products
> you can bypass this
> way. Previous KAV 4.0 versions (and 3.x
> version, actually it was
> F-Secure engine) had kernel driver and it was used
> during manual scan,
> probably these version are not vulnerable. I didn't
> saw 5.x yet, but it
> is expected to be vulnerable too.
>
> F-Secure (at least older versions) should not
> be vulnerable, but I
> didn't tested.
__________________________________
Do you Yahoo!?
Yahoo! Mail - 50x more storage than other providers!
http://promotions.yahoo.com/new_mail
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html