Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Re: text
From: Byron Copeland <nodialtone () comcast net>
Date: 24 Mar 2004 22:16:01 -0500

Yeah, I'd think that is pretty lame that a virus scanner would just
parse text in an email and declare the "sky is falling" and not actually
look for a documented signature.

-b

On Wed, 2004-03-24 at 20:59, Paul Schmehl wrote:
--On Wednesday, March 24, 2004 4:06 PM -0500 Valdis.Kletnieks () vt edu wrote:

*yawn*  So some bozo who reads full-disclosure has a virus, and it scraped
the listname and Paul's name.  Death of Internet Predicted. Film at 11.

False assumption.  No one on this list has to be infected for this list to 
get a virus.  All it takes is someone who is infected and has the email 
address of a list member on their hard drive - in an addressbook, in their 
browser cache, in a text file they saved from a website, and the virus can 
send email "from" them.  Then all that is left is to have the address of 
the list as well, and the virus can send mail to the list.

However, in this case, *I* sent the "virus".  I had the word "t e x t . p i 
f" in the body of my message (without the spaces, of course), and the 
poorly configured AV scanners "detected" a virus.

If you give that some brief thought, it should appall you that people 
actually *paid* for that software when grep could do the same thing.

Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
-- 
"Save yourself from the 'Gates' of hell, use Linux." -- The_Kind @
LinuxNet

Attachment: signature.asc
Description: This is a digitally signed message part


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault