mailing list archives
Re: Norton AntiVirus Scanner Remote DoS [temp. FIX!] [Part: !!!]
From: bipin gautam <visitbipin () yahoo com>
Date: Fri, 9 Jul 2004 05:03:47 -0700 (PDT)
--- Stuart Moore <smoore () securityglobal net> wrote:
Hi. When I download
and then extract
it to REVANGE_tmm.tar.bz2 and then run NAV on the
bz2 file, Norton scans very quickly and
does not find any viruses.
Am I doing something wrong? Is there really an
EICAR string in REVANGE_tmm.tar.bz2?
EXTRACTit1st.zip wasn't ment for Notron
There is an option to allow users to abort the scan.
Is it set ?
I don't think NAV engineers are still able to spot the
Lets HELP THEM OUT!
The problem doesn't lie within the NAV virus scan
engine; instead the
problem lies within NAV file repair engine!
Well, within few seconds... after the AV scan have
quickly scan's the infected file and smartly* skips
the empty folder
within the zip archive!
But after norton detects virus in the archive it tries
to delete the
virus within the archive, and re-create the
The problem triggers when NAV tries to re-create the
folders and construct the archive.
*ANY* av scanners that autometically tries to delete
the infected file
and re-create the archive should be vulnerable to this
Note: mark the fact... in the "AutoProtect Menu" of
the option tab in
Norton AV the option........
*autometically repair the infected file <--- is set by
you could temporarily be immune by this bug by setting
*deny access to the infected file.
Did i just saved your MAIL SERVER??? (O;
The compressed archive mustn't necessarily be a zip
archive to trigger
this attack. You could experiment this with other
HAS ANYONE TRIED THE EXPLOIT ON SOME OTHER AV
These are time's when you want to download some other
AV scanners for a 30 days evaulation... There is a
high chance you may never switch back again!
Do you Yahoo!?
Yahoo! Mail - 50x more storage than other providers!
Full-Disclosure - We believe in it.
- Re: Norton AntiVirus Scanner Remote DoS [temp. FIX!] [Part: !!!] bipin gautam (Jul 09)