Full Disclosure mailing list archives
Re: All Antivirus, Trojan, Spy ware scanner, Nested file manual scan bypass bugs. [Part IV]
From: bipin gautam <visitbipin () yahoo com>
Date: Sat, 2 Oct 2004 10:57:52 -0700 (PDT)
OK. I just wrote new super antivirus. It's databases currently consist from only eicar.com signature (I'm very new in this business) but it 100% detects EICAR in the file with removed permissions :) http://www.security.nnov.ru/files/antieicar.zip
Now, there is at least one antivirus to break your statement :)
good example 3APA3A to teach those software companies howto, anyways... here is a archive, http://www.geocities.com/visitbipin/antiPOC.zip Extract the archive by using "DEFAULT ZIP MANAGER" of windows xp. It will create a file "NULL.con" (O; within which there is a "eicar test string file". I don't think your super AV will detect the "eicar test string file" withing "NULL.con" folder??? :) anyways... let me know HOW? when you figure out to how to delete "NULL.con" directory. You can add Kaspersky 4.5x to the list of products
you can bypass this way. Previous KAV 4.0 versions (and 3.x version, actually it was F-Secure engine) had kernel driver and it was used during manual scan, probably these version are not vulnerable. I didn't saw 5.x yet, but it is expected to be vulnerable too. F-Secure (at least older versions) should not be vulnerable, but I didn't tested.
__________________________________ Do you Yahoo!? Yahoo! Mail - 50x more storage than other providers! http://promotions.yahoo.com/new_mail _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: All Antivirus, Trojan, Spy ware scanner, Nested file manual scan bypass bugs. [Part IV], (continued)
- Re: All Antivirus, Trojan, Spy ware scanner, Nested file manual scan bypass bugs. [Part IV] GuidoZ (Oct 01)
- Re: All Antivirus, Trojan, Spy ware scanner, Nested file manual scan bypass bugs. [Part IV] bipin gautam (Oct 01)
- Re: All Antivirus, Trojan, Spy ware scanner, Nested file manual scan bypass bugs. [Part IV] bipin gautam (Oct 01)
- All Antivirus, Trojan, Spy ware scanner, Nested file manual scan bypass bugs. [Part IV] bipin gautam (Oct 01)
- Re: All Antivirus, Trojan, Spy ware scanner, Nested file manual scan bypass bugs. [Part IV] 3APA3A (Oct 02)
- Re: All Antivirus, Trojan, Spy ware scanner, Nested file manual scan bypass bugs. [Part IV] bipin gautam (Oct 02)
- Re: All Antivirus, Trojan, Spy ware scanner, Nested file manual scan bypass bugs. [Part IV] bipin gautam (Oct 02)
- Re: (confirm) Antivirus, Trojan, Spy ware scanner, Nested file manual scan bypass bugs. [Part IV] bipin gautam (Oct 02)
- Re: (confirm) Antivirus, Trojan, Spy ware scanner, Nested file manual scan bypass bugs. [Part IV] bipin gautam (Oct 02)
- Re[2]: All Antivirus, Trojan, Spy ware scanner, Nested file manual scan bypass bugs. [Part IV] 3APA3A (Oct 02)
- Re: All Antivirus, Trojan, Spy ware scanner, Nested file manual scan bypass bugs. [Part IV] bipin gautam (Oct 02)
- Re[2]: All Antivirus, Trojan, Spy ware scanner, Nested file manual scan bypass bugs. [Part IV] 3APA3A (Oct 03)
- Re[2]: All Antivirus, Trojan, Spy ware scanner, Nested file manual scan bypass bugs. [Part IV] Kolja Powischer (Oct 04)
- Re: All Antivirus, Trojan, Spy ware scanner, Nested file manual scan bypass bugs. [Part IV] 3APA3A (Oct 02)