Dailydave mailing list archives
Re: VPC
From: "Eduardo Tongson" <propolice () gmail com>
Date: Sat, 23 Feb 2008 08:17:30 +0800
Hi Thierry, If I understand correctly, aps-AV runs the AV inside a sandbox. Is this correct ? What sandbox are you using ? ... In this process aps-AV will neither examine the data for known virus signatures nor submit it to any parsing operations. Only after the data has entered the execution environment, which next to running on a high security operating system does not provide any network interfaces, the AV-engines start their work and check the e-mail attachments for malicious code. If any abnormality is detected, the whole environment will be completely deleted, including the operating system, and the incident will be marked as an attack on the respective AV-product. ... Ed On Fri, Feb 22, 2008 at 10:34 PM, Thierry Zoller <Thierry () zoller lu> wrote:
Dear All, TZ> Hint : There are better ones than CWsandbox, Since the CWSandbox author is on this list, I wanted to clarify that I have no intention on making CWsandbox look less performant, my impression is from several tests I made myself and based on the fact that it can be esaily detected. However I am not sure about the internal improvements, maybe the sandbox is better now. Again no intention to harm here. -- http://secdev.zoller.lu Thierry Zoller _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- VPC Dave Aitel (Feb 21)
- Re: VPC Kurt Baumgartner (Feb 22)
- Re: VPC John H. Sawyer (Feb 23)