Re: Re: text

[Byron Copeland <nodialtone () comcast net>]

Yeah, I'd think that is pretty lame that a virus scanner would just
parse text in an email and declare the "sky is falling" and not actually
look for a documented signature.

-b

On Wed, 2004-03-24 at 20:59, Paul Schmehl wrote:
> --On Wednesday, March 24, 2004 4:06 PM -0500 Valdis.Kletnieks () vt edu wrote:
> > *yawn*  So some bozo who reads full-disclosure has a virus, and it scraped
> > the listname and Paul's name.  Death of Internet Predicted. Film at 11.
>
> False assumption.  No one on this list has to be infected for this list to 
> get a virus.  All it takes is someone who is infected and has the email 
> address of a list member on their hard drive - in an addressbook, in their 
> browser cache, in a text file they saved from a website, and the virus can 
> send email "from" them.  Then all that is left is to have the address of 
> the list as well, and the virus can send mail to the list.
>
> However, in this case, *I* sent the "virus".  I had the word "t e x t . p i 
> f" in the body of my message (without the spaces, of course), and the 
> poorly configured AV scanners "detected" a virus.
>
> If you give that some brief thought, it should appall you that people 
> actually *paid* for that software when grep could do the same thing.
>
> Paul Schmehl (pauls () utdallas edu)
> Adjunct Information Security Officer
> The University of Texas at Dallas
> AVIEN Founding Member
> http://www.utdallas.edu
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
-- 
"Save yourself from the 'Gates' of hell, use Linux." -- The_Kind @
LinuxNet

Attachment: signature.asc
Description: This is a digitally signed message part