Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Re: text
From: Bennett Todd <bet () rahul net>
Date: Thu, 25 Mar 2004 05:19:35 +0000

If you want to really enjoy the pleasure of idiot false-positives
from weak virus-scanners, just use this as your .sig, or better yet
bodge it into a header:

        X5O!P% () AP[4\\PZX54(P^)7CC)7}\$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!\$H+H*

I did that for a good while, turned up no false positives from folks
whose software was clueful, and I have to say surprisingly few in
any case. False-positiving on sig-matches in normal text bodies is
just plain rare. He says. Now I'll probably be mowed down for this
post:-).

-Bennett

P.S. In case anybody cares, the above cryptic voodoo is the EICAR
test pattern, presented as a distinct file it comes up positive in
all virus scanners.

Attachment: _bin
Description:


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault