WG: Bypass Virus Checking - NAI

[P.Hinsberger () GLOBUS NET (Patrick Hinsberger)]

I tried the same with NAI (4.025 Engine AND DAT 4061) – and it seems that
the exploit works ;-()
But I was in hurry – I will test it again…

Hinse

-----Ursprüngliche Nachricht-----
Von: Bugtraq List [mailto:BUGTRAQ () SECURITYFOCUS COM]Im Auftrag von Russ
Johnson
Gesendet: Dienstag, 1. Februar 2000 01:25
An: BUGTRAQ () SECURITYFOCUS COM
Betreff: Re: Bypass Virus Checking

I'm using NAV 5.02.00 with all updates and the latest definitions. I have
NOT modified the preferences except to turn off the weekly scan of all
files. (Such a scan is redundant to scanning files as they are executed.
This is the "Auto-Protect" feature of NAV.)
Running the executable "virusexploit0100.exe" caused NAV to alert. It saw
the virus signature and denied access to the file. It did this from memory,
not from a directory. If normal scanning (Auto-Protect) is turned on (as it
is by default) then this exploit should not work in any version of NAV that
I'm familiar with, versions 3.0 for Windows 95 and up.
Russ