Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Long path exploit on NTFS

From: David Korn <dkorn () pixelpower com>
Date: Thu, 7 Feb 2002 11:25:48 -0000 
-----Original Message-----
From: David Sexton [mailto:dave.sexton () sapphire net]
Sent: 05 February 2002 09:14
To: 'fh () rcs urz tu-dresden de'; bugtraq () securityfocus com;
hans.somers () hccnet nl
Subject: RE: Long path exploit on NTFS


Err.. I beg to differ:

SWEEP virus detection utility
Version 3.54, Monday, February 04, 2002


<delurk>

  I notice you're using 3.54 rather than 3.53, so I've confirmed the same
result for 3.53 (Release data 7 Jan 02, engine v2.7), using the batch file
posted here earlier (although I changed the subst drive letter from Q to Z
because I already had a Q drive).  It would be interesting if Frank could
describe the methodology he used, as the phrase "According to my own tests"
suggests he was not using the same script.

  The machine in question has NT4 SP6, in case anyone was wondering whether
that was what caused the difference between David's results and Frank's.

SWEEP virus detection utility
Version 3.53, 07 January 2002
Includes detection for 71212 viruses, trojans and worms
Copyright © 1989, 2001, Sophos Plc, www.sophos.com

Info:   Immediate job started by [REDACTED] at 11:14 on 07 February 2002

Items to be swept:
        "All Master Boot Sectors"
        Drive C: Sector 0
        C:\temp\*.* and all subfolders

Scanning options:
        Full mode,
        including archive files,
        excluding off-line files

Sweeping:
        Disk 80 Cylinder 0 Head 0 Sector 1
        Drive C: Sector 0
        
C:\TEMP\1234567890\1234567890\1234567890\1234567890\1234567890\1234567890\12
34567890\1234567890\1234567890\1234567890\1234567890\1234567890\1234567890\1
234567890\1234567890\1234567890\1234567890\1234567890\1234567890\123456789\1
234567890...\EICAR.TXT
Virus:  'EICAR-AV-Test' detected in
C:\TEMP\123456~1\123456~1\123456~1\123456~1\123456~1\123456~1\123456~1\12345
6~1\123456~1\123456~1\123456~1\123456~1\123456~1\123456~1\123456~1\123456~1\
123456~1\123456~1\123456~1\123456~1\123456~1\123456~1\123456~1\EICAR.TXT
        No action taken 

        
C:\TEMP\1234567890\1234567890\1234567890\1234567890\1234567890\1234567890\12
34567890\1234567890\1234567890\1234567890\1234567890\1234567890\1234567890\1
234567890\1234567890\1234567890\1234567890\1234567890\1234567890\123456789\1
234567890...\EICAR2.COM
Virus:  'EICAR-AV-Test' detected in
C:\TEMP\123456~1\123456~1\123456~1\123456~1\123456~1\123456~1\123456~1\12345
6~1\123456~1\123456~1\123456~1\123456~1\123456~1\123456~1\123456~1\123456~1\
123456~1\123456~1\123456~1\123456~1\123456~1\123456~1\123456~1\EICAR2.COM
        No action taken 

        C:\TEMP\trb95.tmp
        C:\TEMP\cw50temp.000
        C:\TEMP\~DFC3C0.tmp
        C:\TEMP\trb53E.tmp
        C:\TEMP\trb540.tmp
        C:\TEMP\trb542.tmp
        C:\TEMP\trb821.tmp
        C:\TEMP\~DFC3C1.tmp
Info:   Immediate job completed at 11:14 on 07 February 2002
        12 items swept, 2 viruses detected, 0 errors


         DaveK
-- 
Burn your ID card!  http://www.optional-identity.org.uk/
Help support the campaign, copy this into your .sig!


**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote also confirms that this email message has been swept by
MIMEsweeper for the presence of computer viruses.

www.mimesweeper.com
**********************************************************************
Previous By Date Next
Previous By Thread Next

Current thread: