funsec mailing list archives
Re: Do AV products detect PHP backdoors? Should they?
From: Juha-Matti Laurio <juha-matti.laurio () netti fi>
Date: Fri, 7 Nov 2008 23:39:56 +0200 (EET)
Thanks for your work. On that list F-Secure and Kaspersky use the same scanning engine, i.e. the results are expected. Juha-Matti John LaCour [john () johnlacour com] kirjoitti:
After finding hundreds of phishing web sites compromised and PHP shells and other backdoors installed, I got to wondering why AV products weren't being used to detect these things. If I had a webhosting business, I'd certainly be looking to find unwanted files installed on servers. What do you use to do that? AV products. After collecting 99 samples of PHP shells and backdoors 'in the wild', I scanned them with 29 vendor's AV scanners to see if they were being detected. The results were a little bit disheartening, but I think it's something that can be addressed fairly easily. Top 5 vendors: Ikarus ClamAV F-Secure AntiVir Kaspersky More here on test methodology, results, and caveats: http://www.phishlabs.com/blog/archives/35 -John, PhishLabs
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Do AV products detect PHP backdoors? Should they? John LaCour (Nov 07)
- Re: Do AV products detect PHP backdoors? Should they? Gadi Evron (Nov 07)
- Re: Do AV products detect PHP backdoors? Should they? Jim Murray (Nov 07)
- Re: Do AV products detect PHP backdoors? Should they? Gadi Evron (Nov 07)
- Re: Do AV products detect PHP backdoors? Should they? Jim Murray (Nov 07)
- <Possible follow-ups>
- Re: Do AV products detect PHP backdoors? Should they? Juha-Matti Laurio (Nov 07)
- Re: Do AV products detect PHP backdoors? Should they? Gadi Evron (Nov 07)