Full Disclosure mailing list archives
Re: Fwd: Report to Recipient(s)
From: Dude VanWinkle <dudevanwinkle () gmail com>
Date: Wed, 30 Nov 2005 14:27:16 -0700
On 11/30/05, Michael Holstein <michael.holstein () csuohio edu> wrote:
Only those with broken AV software, since that line is not the EICAR test string, according to the definition of the EICAR test string.As many have pointed out, I realize it's supposed to be an attachment : http://www.eicar.org/anti_virus_test_file.htm but I've encountered plenty of broken A/V implementations that didn't care *where* in the message it was.
Please correct me if I am wrong:
From what little I know, AV companies do not have 5 engines for
detection, they have 1. Symantecs AV for SMTP, SAV, etc all use the same detection engine. They just have different ways of parsing the data (among other features). With the advent of HTML emails, most av engines will check the body of your emails. Even if some engines miss it, thats still a _really_ good idea, thanks for sharing =P -JP "X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*" -Michael Holstein _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Fwd: Report to Recipient(s) Dude VanWinkle (Nov 30)
- Re: Fwd: Report to Recipient(s) Michael Holstein (Nov 30)
- <Possible follow-ups>
- Re: Fwd: Report to Recipient(s) Peter Ferrie (Nov 30)
- Re: Fwd: Report to Recipient(s) Michael Holstein (Nov 30)
- Re: Fwd: Report to Recipient(s) Dude VanWinkle (Nov 30)
- Re: Fwd: Report to Recipient(s) Morning Wood (Nov 30)
- Re: Fwd: Report to Recipient(s) Michael Holstein (Nov 30)