[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] Multiple AV Vendors ignoring tar.gz archives
- To: Barrie Dempster <barrie@xxxxxxxxxxxxxxxx>
- Subject: Re: [Full-Disclosure] Multiple AV Vendors ignoring tar.gz archives
- From: Paul Laudanski <zx@xxxxxxxxxxxxxx>
- Date: Sat, 5 Feb 2005 14:22:58 -0500 (EST)
Thanks for replying back so quickly with further details. I tested a
standard .tar.bz2 file and found that nod32lms didn't report on diving
into it. I'll try to make time later to test it with a .tar.bz2 file
which contains Eicar. However, I've also included NOD32 support in this
reply.
But this is just one company, you do have a point.
On Sat, 5 Feb 2005, Barrie Dempster wrote:
> I didn't configure the AV's I didn't fancy installing all of them and
> thought virus total would give a good indication. It appears from the
> virustotal results and from http://www.nod32.com/products/nt.htm that
> nod32 will scan and detect tar.gz's but not bz2's. This is the most
> common result and could be argued to be valid by the vendors.
>
> However you can open tar.bz2's on windows so it's still a valid
> infection vector, although probably not all that useful for viruses. I
> don't believe many users will go googling for the tools needed.
> Nonetheless at least a few of the vendors think it's necessary to go
> beyond the common zip and rar.
--
Regards,
Paul Laudanski - Computer Cops, LLC.
CastleCops(SM) - http://castlecops.com
http://cuddlesnkisses.com | http://justalittlepoke.com | http://zhen-xjell.com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html