Re: VPC

["Eduardo Tongson" <propolice () gmail com>]

Hi Thierry,

If I understand correctly, aps-AV runs the AV inside a sandbox. Is
this correct ? What sandbox are you using ?
...
In this process aps-AV will neither examine the data for known virus
signatures nor submit it to any parsing operations. Only after the
data has entered the execution environment, which next to running on a
high security operating system does not provide any network
interfaces, the AV-engines start their work and check the e-mail
attachments for malicious code. If any abnormality is detected, the
whole environment will be completely deleted, including the operating
system, and the incident will be marked as an attack on the respective
AV-product.
...

  Ed

On Fri, Feb 22, 2008 at 10:34 PM, Thierry Zoller <Thierry () zoller lu> wrote:
> Dear All,
>  TZ> Hint : There are better ones than CWsandbox,
>  Since the CWSandbox author is on this list, I wanted to clarify that I
>  have  no  intention  on  making  CWsandbox  look  less  performant, my
>  impression is from several tests I made myself and based on the fact
>  that  it  can  be  esaily  detected.  However  I am not sure about the
>  internal  improvements,  maybe  the  sandbox  is  better now. Again no
>  intention to harm here.
>
>
>
>
>
>
>
>  --
>  http://secdev.zoller.lu
>  Thierry Zoller
>
>  _______________________________________________
>  Dailydave mailing list
>  Dailydave () lists immunitysec com
>  http://lists.immunitysec.com/mailman/listinfo/dailydave
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave