Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Security Incidents mailing list archives

Re: wmon16.exe
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Tue, 11 May 2004 12:20:20 +1200
"Willem Tahon" <tahon () un org> wrote:


Also keep in mind that some of the AV developers require specific handling
of viruses (e.g. password-protected zipping) before sending them.


Indeed, which is why the McAfee entry appears as follows:


   Network Associates (McAfee)     <virus_research () nai com>
     (use a ZIP file with the password 'infected' without the quotes)


Some of the others may _prefer_ you to do similar or recommend you to 
do so to prevent the attachment being stripped by virus-scanning 
gateways between the sender and recipient (though these days, zealous 
content-filtering gateways will consider passworded ZIPs suitably 
dubious to be stripped anyway), but AFAIK only McAfee "requires" this 
(and even then they will accept non-ZIP'ed samples but weird things can 
happen due to stuffed-up internal message routing resulting in them 
sending you back a malicious file along with a message suggesting there 
is nothing wrong with it).


Regards,

Nick FitzGerald


---------------------------------------------------------------------------
----------------------------------------------------------------------------

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]