Penetration Testing mailing list archives
Re: PenTesting Email AntiVirus
From: Muhammad Faisal Rauf Danka <mfrd () attitudex com>
Date: Fri, 17 May 2002 14:24:31 -0700 (PDT)
I think no matter what you do, you can never stay abreast of new viruses keep popping every now and then, even if you have a virus scanning email server, It's more likely that a new virus will pass through beause it's very new or maybe your virus signature file is not updated. I think one should only expect *many* virus emails to be scanned and rejected or whatever via email server, but STILL take great care *as usual to not to recieve and run an .exe/.com/.bat/.vbs etc. files* recieved via email. -back to the pen-testing point, well yeah sending viruses as .ppt and as excel files is another way, but you can also try sending it in .tgz / .tar / .cpio / .uu (uuencoded) / .avi / .mpg formats. This will check that whether the antivirus scans only .exe files for known virus signatures or does it check every attachment? anyways , Goodluck! Regards, --------- Muhammad Faisal Rauf Danka Chief Technology Officer Gem Internet Services (Pvt) Ltd. web: www.gem.net.pk voice: 92-021-111-GEMNET Vice President Pakistan Computer Emergency Responce Team (PakCERT) web: www.pakcert.org Chief Security Analyst Applied Technology Research Center (ATRC) web: www.atrc.net.pk voice: 92-21-4980523 92-21-4974781 "Great is the Art of beginning, but Greater is the Art of ending. " ------BEGIN GEEK CODE BLOCK---- Version: 3.1 GCS/CM/P/TW d- s: !a C++ B@ L$ S$ U+++ P+ L+++ E--- W+ N+ o+ K- w-- O- PS PE- Y- PGP+ t+ X R tv+ b++ DI+ D G e++ h! r+ y+ ------END GEEK CODE BLOCK------ --- "Rainer Duffner" <rainer () ultra-secure de> wrote:
Ilici Ramirez writes:Hello, What ways do you know to pen-test email antivirus software?I'd try to pack various combinations of different file-formats into each other (OLE-container). E.g., if they have disabled .exe to enter or leave the LAN, try sticking it into an Excel or PPT-file. It should not work, but that's what you're supposed to find out. ;-) Of course, with webmail-over-https this is 80% pointless nowadays...A cool one that has been published before is to zip a very large file that contains the same character. The result, a very small file attached to an email could deplete resources on the antivirus server. Do you know any AV exploitable with this?It's called 42.zip and there has been a discussion about this once in a while. Search the archives. cheers, Rainer -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Rainer Duffner Munich rainer () ultra-secure de Germany http://www.i-duffner.de Freising ======================================== When shall we three meet again In thunder, lightning, or in rain? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
_____________________________________________________________ --------------------------- [ATTITUDEX.COM] http://www.attitudex.com/ --------------------------- _____________________________________________________________ Promote your group and strengthen ties to your members with email () yourgroup org by Everyone.net http://www.everyone.net/?btn=tag ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- PenTesting Email AntiVirus Ilici Ramirez (May 16)
- Re: PenTesting Email AntiVirus Rainer Duffner (May 17)
- Re: PenTesting Email AntiVirus William D. Colburn (aka Schlake) (May 17)
- Re: PenTesting Email AntiVirus Volker Tanger (May 17)
- <Possible follow-ups>
- Re: PenTesting Email AntiVirus Muhammad Faisal Rauf Danka (May 17)