Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Re: text
From: Byron Copeland <nodialtone () comcast net>
Date: 25 Mar 2004 00:43:08 -0500

On Thu, 2004-03-25 at 00:19, Bennett Todd wrote:
If you want to really enjoy the pleasure of idiot false-positives
from weak virus-scanners, just use this as your .sig, or better yet
bodge it into a header:

      X5O!P% () AP[4\\PZX54(P^)7CC)7}\$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!\$H+H*

I did that for a good while, turned up no false positives from folks
whose software was clueful, and I have to say surprisingly few in
any case. False-positiving on sig-matches in normal text bodies is
just plain rare. He says. Now I'll probably be mowed down for this
post:-).


Yeah, been there done that.  Let's not get into the political
battlefield of who should be on who's side of which vendor is better
that the other.  It's not our fault that there is so much fog on the
battle field that they can't manage to see their through it.

-b

Attachment: signature.asc
Description: This is a digitally signed message part


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault