Full Disclosure mailing list archives
Re: Multiple AV Vendors ignoring tar.gz archives
From: Paul Laudanski <zx () castlecops com>
Date: Sat, 5 Feb 2005 14:22:58 -0500 (EST)
Thanks for replying back so quickly with further details. I tested a standard .tar.bz2 file and found that nod32lms didn't report on diving into it. I'll try to make time later to test it with a .tar.bz2 file which contains Eicar. However, I've also included NOD32 support in this reply. But this is just one company, you do have a point. On Sat, 5 Feb 2005, Barrie Dempster wrote:
I didn't configure the AV's I didn't fancy installing all of them and thought virus total would give a good indication. It appears from the virustotal results and from http://www.nod32.com/products/nt.htm that nod32 will scan and detect tar.gz's but not bz2's. This is the most common result and could be argued to be valid by the vendors. However you can open tar.bz2's on windows so it's still a valid infection vector, although probably not all that useful for viruses. I don't believe many users will go googling for the tools needed. Nonetheless at least a few of the vendors think it's necessary to go beyond the common zip and rar.
-- Regards, Paul Laudanski - Computer Cops, LLC. CastleCops(SM) - http://castlecops.com http://cuddlesnkisses.com | http://justalittlepoke.com | http://zhen-xjell.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Multiple AV Vendors ignoring tar.gz archives Barrie Dempster (Feb 05)
- Re: Multiple AV Vendors ignoring tar.gz archives Paul Laudanski (Feb 05)
- Re: Multiple AV Vendors ignoring tar.gz archives Barrie Dempster (Feb 05)
- Re: Multiple AV Vendors ignoring tar.gz archives Paul Laudanski (Feb 05)
- Re: Multiple AV Vendors ignoring tar.gz archives Barrie Dempster (Feb 05)
- Re: Multiple AV Vendors ignoring tar.gz archives Nick FitzGerald (Feb 05)
- Re: Multiple AV Vendors ignoring tar.gz archives James Eaton-Lee (Feb 05)
- Re: Multiple AV Vendors ignoring tar.gz archives Nick FitzGerald (Feb 05)
- Re: Multiple AV Vendors ignoring tar.gz archives James Eaton-Lee (Feb 06)
- Re: Multiple AV Vendors ignoring tar.gz archives bkfsec (Feb 07)
- Re: Multiple AV Vendors ignoring tar.gz archives James Eaton-Lee (Feb 07)
- Re: Multiple AV Vendors ignoring tar.gz archives bkfsec (Feb 08)
- Re: Multiple AV Vendors ignoring tar.gz archives James Eaton-Lee (Feb 05)
- Re: Multiple AV Vendors ignoring tar.gz archives Paul Laudanski (Feb 05)
- Software Licenses and compression (was: Multiple AV Vendors ignoring tar.gz archives) bkfsec (Feb 07)
- Re: Software Licenses and compression (was: Multiple AV Vendors ignoring tar.gz archives) James Eaton-Lee (Feb 07)
- Re: Multiple AV Vendors ignoring tar.gz archives Rodrigo Barbosa (Feb 10)