Security Incidents mailing list archives
Re: Possible Mail server compromise ?
From: "Eduardo Tongson" <propolice () gmail com>
Date: Thu, 21 Feb 2008 10:38:04 +0800
Huh? Read what you link to. ... In this process aps-AV will neither examine the data for known virus signatures nor submit it to any parsing operations. Only after the data has entered the execution environment, which next to running on a high security operating system does not provide any network interfaces, the AV-engines start their work and check the e-mail attachments for malicious code. If any abnormality is detected, the whole environment will be completely deleted, including the operating system, and the incident will be marked as an attack on the respective AV-product. ... Ed <http://blog.eonsec.com> On Thu, Feb 21, 2008 at 3:33 AM, Faas M. Mathiasen <faas.m.mathiasen () googlemail com> wrote:
Dear Eduardo, > This no-parsing/ParsingSafe technology is actually Sandboxing [1]. How do you know ? Reads not really like it, Is there anybody from nruns that is reading this list ? Maybe they can comment on their own solution ?? > BTW they keep repeating this: > ... > In order to protect the aps-AV itself from attacks, it has been > completely written in highly secure managed code ( C#) , thereby > reducing its attack surface to an absolute minimum. > ... > > [1] <http://en.wikipedia.org/wiki/Sandbox_(computer_security)> > > Ed <http://blog.eonsec.com> > > On Feb 19, 2008 3:19 AM, Faas M. Mathiasen > <faas.m.mathiasen () googlemail com> wrote: > > ... > > Apparently they happen, as the guys from n.runs seem to have invented > > some sort of solution for this problem, rendering attacks on AV > > impossible (??) they call it aps-AV : > > "Protects your company from malware threats (Worms, Virus, Trojans..), > > aps-AV reuses your existing Anti-Virus software and supports multiple > > Anti-Virus engines. aps-AV increases the malware detection rate > > through the diversity and heuristics of these multiple engines. > > However unlike the competition, aps-AV does not increase the remotely > > exploitable attack surface." > > > > http://www.nruns.com/_en/aps/ > > http://www.nruns.com/_downloads/aps-AV-Solution-Paper-EN.pdf > > > > ... >
Current thread:
- Re: Possible Mail server compromise ?, (continued)
- Re: Possible Mail server compromise ? Paul Schmehl (Feb 21)
- Re: Possible Mail server compromise ? Jon Oberheide (Feb 20)
- Re: Possible Mail server compromise ? Valdis . Kletnieks (Feb 20)
- Re: Possible Mail server compromise ? Faas M. Mathiasen (Feb 20)
- Re: Possible Mail server compromise ? Peter Kosinar (Feb 20)
- Re: Possible Mail server compromise ? Faas M. Mathiasen (Feb 21)
- RE: Possible Mail server compromise ? Richard C Lewis (Feb 22)
- Re: Possible Mail server compromise ? Faas M. Mathiasen (Feb 26)
- Re: Possible Mail server compromise ? Eduardo Tongson (Feb 20)
- Re: Possible Mail server compromise ? Faas M. Mathiasen (Feb 20)
- Re: Possible Mail server compromise ? Eduardo Tongson (Feb 21)