funsec mailing list archives
Re: Do AV products detect PHP backdoors? Should they?
From: Jim Murray <jim () digitaldaemons co uk>
Date: Fri, 07 Nov 2008 21:49:25 +0000
Gadi Evron wrote:
I feel your pain, but I personally believe that the AV world: 1. Has no business doing web security. 2. Will.
I'd have to disagree with you on that one Gadi. Take for example the common practice of hosting multiple clients on a single server. It would be very useful for the hosting company to be able to automatically detect malicious files and remove them (ideally generating an administrative alert at the same time). Client FTP passwords do get compromised. Clients do use insecure versions of web applications. Clients frequently don't bother to update when bugfixes come out. All of those mean that client sites can and will get compromised regardless of how good the primary host's web security is. Anything which can automatically mitigate such problems can only be a good thing, surely. I don't see it as AV doing 'web security' as such. I see it as AV doing what AV is designed to do, detecting and removing malicious files. Dealing with how they got there is something which AV can't and shouldn't try to do - that's a job for the server's admin to do with thier big, heavy stick ;) Jim. -- DigitalDaemons IT Services. --------------------------------------- E-Mail : jim () digitaldaemons co uk PGP Key ID : 0xB7066495 _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Do AV products detect PHP backdoors? Should they? John LaCour (Nov 07)
- Re: Do AV products detect PHP backdoors? Should they? Gadi Evron (Nov 07)
- Re: Do AV products detect PHP backdoors? Should they? Jim Murray (Nov 07)
- Re: Do AV products detect PHP backdoors? Should they? Gadi Evron (Nov 07)
- Re: Do AV products detect PHP backdoors? Should they? Jim Murray (Nov 07)
- <Possible follow-ups>
- Re: Do AV products detect PHP backdoors? Should they? Juha-Matti Laurio (Nov 07)
- Re: Do AV products detect PHP backdoors? Should they? Gadi Evron (Nov 07)