Full Disclosure mailing list archives
RE: Multiple AV Vendors ignoring tar.gz archives
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Wed, 09 Feb 2005 01:01:59 +1300
Barrie Dempster to me:
Yes, but it has to be much more thoroughly implemented.Absolutely, There are a few minor implementations of this but it's something that directory and management systems could incorporate. As most OS's have an "executable permission", it would be an idea to have software thats not in the white-list renderred incapable of having this permission, combined with scan on execute to ensure that the any software that previously has the permissions doesn't execute.
It's a tad more complex than simply execute permissions though, hence my suggestion that it really needs to be done much as in contemporary on-access virus scanners. Think script code embedded in HTML inside all manner of pseudo-archive formats. Think macros inside OLE2 container files. Think NTFS AD streams. And consider that the bad guys will always find the stupid bugs (and often the arcane ones) so there will always be ways for "new stuff" to get where it shouldn't be, so default-deny, rather than default-allow (as known virus scanning provides) is the only sensible approach. -- Nick FitzGerald Computer Virus Consulting Ltd. Ph/FAX: +64 3 3267092 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Software Licenses and compression (was: Multiple AV Vendors ignoring tar.gz archives), (continued)
- Re: Software Licenses and compression (was: Multiple AV Vendors ignoring tar.gz archives) James Eaton-Lee (Feb 07)
- Re: Multiple AV Vendors ignoring tar.gz archives Rodrigo Barbosa (Feb 10)
- Re: Multiple AV Vendors ignoring tar.gz archives Jorrit Kronjee (Feb 10)
- Re: Multiple AV Vendors ignoring tar.gz archives James Eaton-Lee (Feb 11)
- Re: Multiple AV Vendors ignoring tar.gz archives Barrie Dempster (Feb 06)
- Re: Multiple AV Vendors ignoring tar.gz archives Shoshannah Forbes (Feb 07)
- Re: Multiple AV Vendors ignoring tar.gz archives Nick FitzGerald (Feb 07)
- RE: Multiple AV Vendors ignoring tar.gz archives Stuart Fox (DSL AK) (Feb 07)
- RE: Multiple AV Vendors ignoring tar.gz archives Nick FitzGerald (Feb 07)
- RE: Multiple AV Vendors ignoring tar.gz archives Barrie Dempster (Feb 08)
- RE: Multiple AV Vendors ignoring tar.gz archives Nick FitzGerald (Feb 08)
- RE: Multiple AV Vendors ignoring tar.gz archives Nick FitzGerald (Feb 07)