Re: Multiple AV Vendors ignoring tar.gz archives

[Paul Laudanski <zx () castlecops com>]

Thanks for replying back so quickly with further details.  I tested a 
standard .tar.bz2 file and found that nod32lms didn't report on diving 
into it.  I'll try to make time later to test it with a .tar.bz2 file 
which contains Eicar.  However, I've also included NOD32 support in this 
reply.

But this is just one company, you do have a point.

On Sat, 5 Feb 2005, Barrie Dempster wrote:

> I didn't configure the AV's I didn't fancy installing all of them and
> thought virus total would give a good indication. It appears from the
> virustotal results and from http://www.nod32.com/products/nt.htm that
> nod32 will scan and detect tar.gz's but not bz2's. This is the most
> common result and could be argued to be valid by the vendors. 
>
> However you can open tar.bz2's on windows so it's still a valid
> infection vector, although probably not all that useful for viruses. I
> don't believe many users will go googling for the tools needed.
> Nonetheless at least a few of the vendors think it's necessary to go
> beyond the common zip and rar.

-- 
Regards,

Paul Laudanski - Computer Cops, LLC.
CastleCops(SM) - http://castlecops.com
http://cuddlesnkisses.com | http://justalittlepoke.com | http://zhen-xjell.com


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html