Full Disclosure mailing list archives
RE: Exploiting Multiple Flaws in Symantec Antivirus 2004 for Windows Mobile
From: "Bojan Zdrnja" <Bojan.Zdrnja () LSS hr>
Date: Wed, 17 Sep 2003 13:39:53 +1200
-----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] On Behalf Of auto9115 () hushmail com Sent: Wednesday, 17 September 2003 7:59 a.m. To: full-disclosure () lists netsys com Subject: [Full-disclosure] Exploiting Multiple Flaws in Symantec Antivirus 2004 for Windows Mobile or eicar.txt). At least, at first glance it appears to detect it. However, you can easily defeat this by adding a few bytes of random text before or after the Eicar string. For example, if you use a hex/text editor to add a few random bytes of text before and after the string, then
Symantec
won't detect it! However, other AVs easily detect it, as they should. An AV scanner should be able to detect a byte stream anywhere in the file, but Symantec is easily bypassed with this rudimentary trick.
Sigh, this was discussed before, search Bugtraq archives. If you add a few random bytes of text before or after the string, IT'S NOT EICAR anymore. Not discussing about other things, Symantec's behaviour is correct here, and other AV programs are wrong (if they detect EICAR after you change those bytes). Regards, Bojan Zdrnja _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Exploiting Multiple Flaws in Symantec Antivirus 2004 for Windows Mobile auto9115 (Sep 16)
- RE: Exploiting Multiple Flaws in Symantec Antivirus 2004 for Windows Mobile Bojan Zdrnja (Sep 16)
- Re: Exploiting Multiple Flaws in Symantec Antivirus 2004 for Windows Mobile 3APA3A (Sep 17)
- Re: Exploiting Multiple Flaws in Symantec Antivirus 2004 for Windows Mobile Sym Security (Sep 17)
- <Possible follow-ups>
- RE: Exploiting Multiple Flaws in Symantec Antivirus 2004 for Windows Mobile Matthew J. Brown (Sep 16)
- RE: Exploiting Multiple Flaws in Symantec Antivirus 2004 for Windows Mobile Jason Sloderbeck (Sep 17)