RE: Long path exploit on NTFS

[Leif Sawyer <lsawyer () gci com>]

hans.somers wrote:
> I have tested this on the following platforms:
> Windows NT 4.0 SP4
> Windows NT 4.0 SP6a
> Windows 2000 Professional SP2
> Windows XP Pro
> I have determined that the following versions of Norton 
> AntiVirus will not follow the deep path during a complete scan:
>   Norton AntiVirus 5.0
>   Norton AntiVirus 7.5.1
>   Norton Antivirus 8.00.58

I Changed your script to make it a bit easier to see which path was
triggering
the EICAR alert, i.e.:
        md Q:\abcdefghij\abcdefghij\abcdefghij
        cd Q:\abcdefghij\abcdefghij\abcdefghij

Start test-script NTFS-limit
Create a filepath to the limit of NTFS
Create the Eicar test-string for PoC. 
This should be detected normally if you have an active virusscanner.
Activate the Eicar test-string
Create a subst-drive Q: for this path
Create an even deeper filepath (thus exceeding the limit of NTFS's explorer)
Change current folder into "the deep"
The system cannot find the path specified.
Create the Eicar test-string
Activate the Eicar test-string
EICAR-STANDARD-ANTIVIRUS-TEST-FILE!.
End of test-script
Q:\ABCDEF~1\ABCDEF~1\ABCDEF~1>

Since i don't see any letters in the file/location info below, it seems that
we can
Chalk up Norton Antivirus Corporate 7.60.926  as being unable to follow the
long path.

Scan type:  Realtime Protection Scan
Event:  Virus Found!
Virus name: EICAR Test String.70
File:
C:\TEMP\1234567890\1234567890\1234567890\1234567890\1234567890\1234567890\12
34567890\1234567890\1234567890\1234567890\1234567890\1234567890\1234567890\1
234567890\1234567890\1234567890\1234567890\1234567890\1234567890\123456789\E
ICAR.TXT
Location:
C:\TEMP\1234567890\1234567890\1234567890\1234567890\1234567890\1234567890\12
34567890\1234567890\1234567890\1234567890\1234567890\1234567890\1234567890\1
234567890\1234567890\1234567890\1234567890\1234567890\1234567890\123456789
Computer:  MY_PUTER
User:  Employee
Action taken:  Clean succeeded : Access allowed
Date found: Wed Jan 30 08:30:54 2002