Home page logo
/

bugtraq logo Bugtraq mailing list archives

WG: Bypass Virus Checking - NAI
From: P.Hinsberger () GLOBUS NET (Patrick Hinsberger)
Date: Wed, 2 Feb 2000 09:29:31 +0100


I tried the same with NAI (4.025 Engine AND DAT 4061) – and it seems that
the exploit works ;-()
But I was in hurry – I will test it again…

Hinse

-----Ursprüngliche Nachricht-----
Von: Bugtraq List [mailto:BUGTRAQ () SECURITYFOCUS COM]Im Auftrag von Russ
Johnson
Gesendet: Dienstag, 1. Februar 2000 01:25
An: BUGTRAQ () SECURITYFOCUS COM
Betreff: Re: Bypass Virus Checking

I'm using NAV 5.02.00 with all updates and the latest definitions. I have
NOT modified the preferences except to turn off the weekly scan of all
files. (Such a scan is redundant to scanning files as they are executed.
This is the "Auto-Protect" feature of NAV.)
Running the executable "virusexploit0100.exe" caused NAV to alert. It saw
the virus signature and denied access to the file. It did this from memory,
not from a directory. If normal scanning (Auto-Protect) is turned on (as it
is by default) then this exploit should not work in any version of NAV that
I'm familiar with, versions 3.0 for Windows 95 and up.
Russ


  By Date           By Thread  

Current thread:
  • WG: Bypass Virus Checking - NAI Patrick Hinsberger (Feb 02)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]