Bugtraq mailing list archives
WG: Bypass Virus Checking - NAI
From: P.Hinsberger () GLOBUS NET (Patrick Hinsberger)
Date: Wed, 2 Feb 2000 09:29:31 +0100
I tried the same with NAI (4.025 Engine AND DAT 4061) and it seems that the exploit works ;-() But I was in hurry I will test it again Hinse -----Ursprüngliche Nachricht----- Von: Bugtraq List [mailto:BUGTRAQ () SECURITYFOCUS COM]Im Auftrag von Russ Johnson Gesendet: Dienstag, 1. Februar 2000 01:25 An: BUGTRAQ () SECURITYFOCUS COM Betreff: Re: Bypass Virus Checking I'm using NAV 5.02.00 with all updates and the latest definitions. I have NOT modified the preferences except to turn off the weekly scan of all files. (Such a scan is redundant to scanning files as they are executed. This is the "Auto-Protect" feature of NAV.) Running the executable "virusexploit0100.exe" caused NAV to alert. It saw the virus signature and denied access to the file. It did this from memory, not from a directory. If normal scanning (Auto-Protect) is turned on (as it is by default) then this exploit should not work in any version of NAV that I'm familiar with, versions 3.0 for Windows 95 and up. Russ
Current thread:
- WG: Bypass Virus Checking - NAI Patrick Hinsberger (Feb 02)