Full Disclosure mailing list archives
Re: Backdoor not recognized by Kaspersky
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Thu, 04 Mar 2004 14:20:05 +1300
Stef <stefmit () comcast net> wrote:
Someone on the ntbugtrack list mentioned earlier another possible solution for A/V gateways: checking for the extension of known-to-be-infected files, and appending the "+" sign at the end (e.g. .exe+). I have tried this on my first layer Norton Gateway, as well as my second tier email A/V - the TrendMicro one (and variations of such - e.g. *.exe+, *.exe*, *exe+, etc.), and have not been successful ... anybody else having attempted something similar (the reason for the "+" is the obvious extension name change inside the ZIP, if there is a password protected file) ?
That "+" business (sorry, URL may wrap): http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0403&L=ntbugtraq &F=P&S=&P=70 is some weird artefact of that poster's system or their use of (a specific version of) NAV. It does _NOT_ generalize. -- Nick FitzGerald Computer Virus Consulting Ltd. Ph/FAX: +64 3 3529854 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: Backdoor not recognized by Kaspersky, (continued)
- RE: Backdoor not recognized by Kaspersky Nick FitzGerald (Mar 03)
- Re: Backdoor not recognized by Kaspersky Alexander MacLennan (Mar 03)
- RE: Backdoor not recognized by Kaspersky Nick FitzGerald (Mar 03)
- SMTP rejecting wrong HELO/EHLO domains will save the world (was: Backdoor in passworded ZIP not recognized by Kaspersky) Martin Mačok (Mar 03)
- Re: Backdoor not recognized by Kaspersky Valdis . Kletnieks (Mar 04)
- Re: Backdoor not recognized by Kaspersky Nick FitzGerald (Mar 03)
- RE: Backdoor not recognized by Kaspersky Jos Osborne (Mar 03)
- RE: Backdoor not recognized by Kaspersky Schmehl, Paul L (Mar 03)
- Re: Backdoor not recognized by Kaspersky Cael Abal (Mar 03)
- Re: Backdoor not recognized by Kaspersky Stef (Mar 03)
- Re: Backdoor not recognized by Kaspersky Nick FitzGerald (Mar 03)
- RE: Backdoor not recognized by Kaspersky Nick FitzGerald (Mar 03)
- RE: Backdoor not recognized by Kaspersky madsaxon (Mar 03)
- RE: Backdoor not recognized by Kaspersky Rob Rosenberger (Mar 03)
- RE: Backdoor not recognized by Kaspersky Nick FitzGerald (Mar 03)
- RE: Backdoor not recognized by Kaspersky Schmehl, Paul L (Mar 03)
- Re[2]: Backdoor not recognized by Kaspersky Simbabque (Mar 03)
- RE: Backdoor not recognized by Kaspersky Mike Barushok (Mar 03)
- RE: Backdoor not recognized by Kaspersky Larry Seltzer (Mar 03)
- SMTP "authentication" (was: RE: Backdoor not recognized by Kaspersky) Nick FitzGerald (Mar 03)
- SMTP authentication will save the world (was: EXE not recognized in passworded ZIP by Kaspersky) Martin Mačok (Mar 03)