Bugtraq mailing list archives
Re: Bypass Virus Checking
From: mb () SIME COM (Martin Bene)
Date: Wed, 2 Feb 2000 09:45:01 +0100
-----BEGIN PGP SIGNED MESSAGE----- At 18:09 31.01.00 -0800, Max Vision wrote:
ANOTHER BUG: Note that this exclude.dat was originally the default
shipped
with NAV 2000, and excludes potential trouble filenames such as
excel.exe,
winword.exe, and powerpnt.exe. That might not be the best idea, as
when I
rename BackOrifice2000 to any of those filenames, it is completely ignored. *sigh* (I just uploaded a version without those as well: http://maxvision.net/nav/better.dat)
Strange that Symantec managed to make their product so much worse during upgrades; I'm running Engine 5.00.01b, Viruse files 14.01.2000; results are significantly better: 1) There is no exclusion for \RECYCLED directory, neither hidden nor in the GUI. Exploit does not work, virus is detected. 2) The Excludes for EXCEL.EXE, WINWORD.EXE, POWERPNT.EXE and MSACCESS.EXE only turn off the check for writes to program files. Renaming the EICON.COM file from the exploit to excel.exe does not prevent NAV from finding it. 3) All Exclusions are visible using the GUI Interface. Martin Bene -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.0.2i iQCVAwUBOJfgfR+NBGYktXFhAQHBIAQAiUJ74XIgYpO+EpJbZwNV4EZsx4MZIMmi 2UMB9IIgp+nrkq1zzQUkCY6bs4LNRdb6Qz8/O4zb/ZJzdKsv1Uk53TG481xfTA0F Z9jc/kgBhNEa6iTFoGsh3nstYazHddAC/Abl3Ch0/b6J99wghBhOC5EkgkJ1/epU KWjHlHCDUUU= =nGN2 -----END PGP SIGNATURE----- "you have moved your mouse, please reboot to make this change take effect" -------------------------------------------------- Martin Bene vox: +43-316-813824 simon media fax: +43-316-813824-6 Andreas-Hofer-Platz 9 e-mail: mb () sime com 8010 Graz, Austria -------------------------------------------------- finger mb () mail sime com for PGP public key
Current thread:
- Re: Bypass Virus Checking Russ Johnson (Jan 31)
- <Possible follow-ups>
- Re: Bypass Virus Checking Max Vision (Jan 31)
- Re: Bypass Virus Checking Martin Bene (Feb 02)
- Re: Bypass Virus Checking Bacano (Feb 01)
- Re: Bypass Virus Checking Brad Griffin (Feb 01)
- Re: Bypass Virus Checking Vladimir Dubrovin (Feb 02)
- Re: Bypass Virus Checking Brock Sides (Feb 01)
- Re: Bypass Virus Checking salme () US IBM COM (Feb 01)
- Fwd: CERT Advisory CA-2000-02 Shockro () AOL COM (Feb 02)
- Re: Fwd: CERT Advisory CA-2000-02 fury (Feb 03)
- Re: Fwd: CERT Advisory CA-2000-02 Ari Gordon-Schlosberg (Feb 03)
- Re: Fwd: CERT Advisory CA-2000-02 Marc Slemko (Feb 03)
- Re: Fwd: CERT Advisory CA-2000-02 Henrik Nordstrom (Feb 05)
- Fwd: CERT Advisory CA-2000-02 Shockro () AOL COM (Feb 02)