Full Disclosure mailing list archives
Re: [Private]Multiple AV Vendor IncorrectCRC32BypassVulnerability.
From: bipin gautam <visitbipin () yahoo com>
Date: Sat, 12 Mar 2005 10:03:11 -0800 (PST)
Steve, firstly... thankyou for all your coments.
The Antigen_s.zip does not contain a valid Eicar this info when repaired and opened is X5O!P%@AP[4\PZX We did catch it with a file filter. What was your intent with these files?
OOPS! again my fault!!! TRY: http://www.geocities.com/visitbipin/Antigen.zip my intension was to show, if the archive has compressed size and uncompressed size set to greater than the actual file size or less than the actual file size there are many AV that can't scan the file properly. send http://www.geocities.com/visitbipin/Antigen.zip to virustotal.com and see for yourself!!! Download Accelerator successfully repairs this archive with some garbage data \x00 at the end "255 bytes" Though, i was able to successfully execute eicar.com -bipin updates at: http://www.geocities.com/visitbipin/crc.html ___________________My report!_______________________ This is a report processed by VirusTotal on 03/12/2005 at 18:38:32 (CET) after scanning the file "Antigen.zip" file. Antivirus Version Update Result AntiVir 6.30.0.5 03.11.2005 Eicar-Test-Signature AVG 718 03.11.2005 EICAR_Test (+187) BitDefender 7.0 03.12.2005 no virus found ClamAV devel-20050307 03.10.2005 Eicar-Test-Signature DrWeb 4.32b 03.12.2005 no virus found eTrust-Iris 7.1.194.0 03.12.2005 no virus found eTrust-Vet 11.7.0.0 03.11.2005 no virus found Fortinet 2.51 03.11.2005 no virus found F-Prot 3.16a 03.11.2005 EICAR_Test_File Ikarus 2.32 03.11.2005 EICAR-ANTIVIRUS-TESTFILE Kaspersky 4.0.2.24 03.12.2005 EICAR-Test-File McAfee 4445 03.11.2005 no virus found NOD32v2 1.1024 03.11.2005 archive damaged Norman 5.70.10 03.10.2005 no virus found Panda 8.02.00 03.12.2005 Eicar.Mod Sybari 7.5.1314 03.12.2005 no virus found Symantec 8.0 03.11.2005 no virus found __________________________________ Do you Yahoo!? Yahoo! Small Business - Try our new resources site! http://smallbusiness.yahoo.com/resources/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://www.secunia.com/
Current thread:
- RE: Re: Multiple AV Vendor IncorrectCRC32BypassVulnerability. Steve Scholz (Mar 12)
- Re: [Private]Multiple AV Vendor IncorrectCRC32BypassVulnerability. bipin gautam (Mar 12)