mailing list archives
RE: Multiple AV Vendors ignoring tar.gz archives
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Wed, 09 Feb 2005 01:01:59 +1300
Barrie Dempster to me:
Yes, but it has to be much more thoroughly implemented.
Absolutely, There are a few minor implementations of this but it's
something that directory and management systems could incorporate. As
most OS's have an "executable permission", it would be an idea to have
software thats not in the white-list renderred incapable of having this
permission, combined with scan on execute to ensure that the any
software that previously has the permissions doesn't execute.
It's a tad more complex than simply execute permissions though, hence
my suggestion that it really needs to be done much as in contemporary
on-access virus scanners.
Think script code embedded in HTML inside all manner of pseudo-archive
formats. Think macros inside OLE2 container files. Think NTFS AD
And consider that the bad guys will always find the stupid bugs (and
often the arcane ones) so there will always be ways for "new stuff" to
get where it shouldn't be, so default-deny, rather than default-allow
(as known virus scanning provides) is the only sensible approach.
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3267092
Full-Disclosure - We believe in it.
Re: Multiple AV Vendors ignoring tar.gz archives Barrie Dempster (Feb 06)
Re: Multiple AV Vendors ignoring tar.gz archives Shoshannah Forbes (Feb 07)
RE: Multiple AV Vendors ignoring tar.gz archives Stuart Fox \(DSL AK\) (Feb 07)
- Re: Software Licenses and compression (was: Multiple AV Vendors ignoring tar.gz archives), (continued)