Bugtraq mailing list archives
Re: Multiple Vendor Anti-Virus Software Detection Evasion Vulnerability through
From: Dave English <dave.english () thus net>
Date: Thu, 27 Oct 2005 07:21:46 +0100
In message <019d01c5d96c$87e6ea80$0501a8c0@home>, Andrey Bayora <andrey () securityelf org> writes
Multiple Vendor Anti-Virus Software Detection Evasion Vulnerability through forged magic byte.
InterestingHave you considered the possibility that some vendors at least may include with each virus signature a set of file formats for which the signature is valid, or just a flag to signify "all formats"?
If so, then the vendors will consider themselves not vulnerable, they can simply update their virus definitions when and if variants with different headers appear.
Even with 1:1 file format signatures, a vendor could presumable include multiple virus definitions for one virus, one per file format, as required
...
For more details, screenshots and examples please read my article "The Magic of magic byte" at www.securityelf.org
... -- Dave English Senior Software & Systems Engineer Internet Platform Development, Thus plc
Current thread:
- Multiple Vendor Anti-Virus Software Detection Evasion Vulnerability through Andrey Bayora (Oct 25)
- Re: Multiple Vendor Anti-Virus Software Detection Evasion Vulnerability through Dave English (Oct 29)
- <Possible follow-ups>
- Re: Multiple Vendor Anti-Virus Software Detection Evasion Vulnerability through Andreas Marx (Oct 26)
- Re: Multiple Vendor Anti-Virus Software Detection Evasion Vulnerability through Andrey Bayora (Oct 26)
- Re: Multiple Vendor Anti-Virus Software Detection Evasion Vulnerability through mgotts (Oct 29)
- Re: Multiple Vendor Anti-Virus Software Detection Evasion Vulnerability through Andrey Bayora (Oct 29)