Security Incidents mailing list archives
Re: Possible Mail server compromise ?
From: "Faas M. Mathiasen" <faas.m.mathiasen () googlemail com>
Date: Wed, 20 Feb 2008 20:25:21 +0100
On Feb 20, 2008 6:11 PM, <Valdis.Kletnieks () vt edu> wrote:
On Tue, 19 Feb 2008 21:14:46 EST, Jon Oberheide said:I'm not sure how n.runs implements their system, but our system uses Xen VMs for the detection engines. When it is determined that a piece of malware has exploited the AV software (through non-whitelisted process spawning, any network activity, or other unexpected system behavior),
That is, of course, assuming you don't get blue-pilled before you realize that it's been exploited. Running in a VM helps a *lot*, but it does *not* guarantee that nothing will get loose (and notice that a clever malware can simply redpill detect that it's running in a VM, and do nothing malicious until it detects that it's on a real machine - malware has a *long* tradition of detecting and evading if it's running under a debugger...
Nope, you have to distinguish between a sandbox (code is run) to an AV scanner scanning code in a VM, when the av scanner scans the code, the code is not executed and cannot decide whether it is inside a VM =)
Current thread:
- Re: Possible Mail server compromise ?, (continued)
- Re: Possible Mail server compromise ? Valdis . Kletnieks (Feb 20)
- Re: Possible Mail server compromise ? Bob Toxen (Feb 20)
- Re: Possible Mail server compromise ? Faas M. Mathiasen (Feb 20)
- Re: Possible Mail server compromise ? Eygene Ryabinkin (Feb 20)
- Re: Possible Mail server compromise ? Faas M. Mathiasen (Feb 20)
- Re: Possible Mail server compromise ? Valdis . Kletnieks (Feb 20)
- Re: Possible Mail server compromise ? Faas M. Mathiasen (Feb 21)
- Re: Possible Mail server compromise ? Paul Schmehl (Feb 21)
- Re: Possible Mail server compromise ? Jon Oberheide (Feb 20)
- Re: Possible Mail server compromise ? Valdis . Kletnieks (Feb 20)
- Re: Possible Mail server compromise ? Faas M. Mathiasen (Feb 20)
- Re: Possible Mail server compromise ? Peter Kosinar (Feb 20)
- Re: Possible Mail server compromise ? Faas M. Mathiasen (Feb 21)
- RE: Possible Mail server compromise ? Richard C Lewis (Feb 22)
- Re: Possible Mail server compromise ? Faas M. Mathiasen (Feb 26)
- Re: Possible Mail server compromise ? Eduardo Tongson (Feb 20)
- Re: Possible Mail server compromise ? Faas M. Mathiasen (Feb 20)
- Re: Possible Mail server compromise ? Eduardo Tongson (Feb 21)