Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

One more way to bypass NAV

From: 3APA3A <3APA3A () SECURITY NNOV RU>
Date: Fri, 22 Mar 2002 13:24:42 +0300
Dear BUGTRAQ () SECURITYFOCUS COM,

I've   updated   "Bypassing   content   filtering  software"  whitepaper
http://www.security.nnov.ru/advisories/content.asp to include new way to
bypass content filtering software. It confirmed to work with NAV and not
to work with McAffee and KAV (AVP).

Symantec      was     contected     via     support () symantec com     and
symsecurity () symantec com and didn't reply.

  13.Case sensitivity of Content-Type and Content-Disposition

  Most MUAs ignore case of Content-Type and Content-Disposition headres
  while content filtering software may behave in different way. It makes
  it possible to bypass content-filtering software by using header like

          CONTENT-type: text/plain;
                NAme=\"eicar.com\"

P.S. thanks to everyone on vuln-dev who participated in testing.

-- 
http://www.security.nnov.ru
         /\_/\
        { , . }     |\
+--oQQo->{ ^ }<-----+ \
|  ZARAZA  U  3APA3A   }
+-------------o66o--+ /
                    |/
You know my name - look up my number (The Beatles)
Previous By Date Next
Previous By Thread Next

Current thread: