Bugtraq mailing list archives
Re: SECURITY.NNOV: special devices access in multiple archivers
From: "Juergen P. Meier" <bugtraq () jors net>
Date: Sat, 4 Aug 2001 19:32:11 +0200
On Fri, Aug 03, 2001 at 01:43:06PM +0200, Andreas Marx wrote:
First we've created normal archives using a standard archivers (and normal file names like "xul.exe"), but after the archive was created, we have edited the files internally using a hex editor (change "x" to "n" - but be careful, in ZIP files the fine name is included twice). You cannot add names like "nul.exe" to an archive, of course, but you can change the name
Thats not entirely true, you can easily add such files using other Operating systems, that do not suffer from defective or braindead filename conventions. Zip archiving tools are available for a wide variety of unix systems, which allow creation and adding of files like NUL.EXE flawlessly ;) This also allows for archive formats that eigther do not store the filename in uncompressed plain areas or have checksums protect the integrity of the archive file. (tar+gzip for example) On Unix one can also cause the archiving tools to store relative Pathnames, without need to use hex editors.
inside of the archives easily, if the length of the name will still be the same. You can do this for both "nul.exe" or for additional "../"'s for paths like "../../test.exe". (Btw, we have used the Volkow Commander (DOS), not a "real" hex editor. :) )
[testing] The testing of Windows based Antivirus products has to be done within windows. Although i would run them inside vmware or similar virtual boxen. Did you also test Unix based virus scanners? there are quite a few AV Products that have scanners running on Unix.
I hope, this helps to understand the test procedures better.
Yes, thank you ;)
cheers, Andreas Marx
-- Juergen P. Meier
Current thread:
- Re: SECURITY.NNOV: special devices access in multiple archivers Andreas Marx (Aug 02)
- Message not available
- Re: SECURITY.NNOV: special devices access in multiple archivers Andreas Marx (Aug 03)
- Re: SECURITY.NNOV: special devices access in multiple archivers Juergen P. Meier (Aug 05)
- Re: SECURITY.NNOV: special devices access in multiple archivers Andreas Marx (Aug 10)
- Re: SECURITY.NNOV: special devices access in multiple archivers Andreas Marx (Aug 03)
- Message not available