funsec mailing list archives
Re: Security Vendor Bypasses Microsoft's Vista PatchGuard
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Thu, 26 Oct 2006 18:02:15 +1300
Dude VanWinkle to me:
They actually had two modes, one was compliant, the other was not (I forget the names). Non-compliant mode had its issues and was not always the best product for the heath of your exchange server, specifically for this reason.
<<snip>> I didn't say it was perfect, just "better" (for an undefined meaning of "better"...). It seems you obviously did not use it before MS (mostly) fixed its first and second runs at its quarter-arsed implementation of the official Exchange AV API. If you had been using Sybari back then on a server receiving more than a few message delivery or retrieve requests per minute, you would know that the "officially sanctioned" MS approach _could not by design and/or implementation_ intercept _ALL_ message delivery/retrieve events and thus "virus infected" messages could be delivered into the store from outside _and_ retrieved by a user without the scanner(s) you had hanging off the MS API ever getting a chance to see them. You'd also know that the MS implementation, _by design_ could not allow for scanning message _bodies_ which meant any scanning solution depending on the official method was blind to things like Bumblebee and Kak (the latter being quite probably the most widespread self-mailing virus ever, or at least until some of the massively fast self-mailing binary viruses several years later). Regards, Nick FitzGerald _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- RE: Security Vendor Bypasses Microsoft's Vista PatchGuard, (continued)
- RE: Security Vendor Bypasses Microsoft's Vista PatchGuard Larry Seltzer (Oct 25)
- Re: Security Vendor Bypasses Microsoft's Vista PatchGuard Blue Boar (Oct 25)
- Re: Security Vendor Bypasses Microsoft's Vista PatchGuard Drsolly (Oct 25)
- RE: Security Vendor Bypasses Microsoft's Vista PatchGuard Larry Seltzer (Oct 25)
- Re: Security Vendor Bypasses Microsoft's Vista PatchGuard Blue Boar (Oct 25)
- Re: Security Vendor Bypasses Microsoft's Vista PatchGuard Blue Boar (Oct 25)
- Re: Security Vendor Bypasses Microsoft's Vista PatchGuard Dude VanWinkle (Oct 25)
- Re: Security Vendor Bypasses Microsoft's Vista PatchGuard Blue Boar (Oct 25)
- Re: Security Vendor Bypasses Microsoft's Vista PatchGuard Nick FitzGerald (Oct 25)
- Re: Security Vendor Bypasses Microsoft's Vista PatchGuard Dude VanWinkle (Oct 25)
- Re: Security Vendor Bypasses Microsoft's Vista PatchGuard Nick FitzGerald (Oct 25)
- Re: Security Vendor Bypasses Microsoft's Vista PatchGuard Blue Boar (Oct 25)
- Re: Security Vendor Bypasses Microsoft's Vista PatchGuard Ron Bowes (Oct 25)