Re: [Full-Disclosure] Multiple AV Vendors ignoringtar.gz archives (fwd)
From: Paul Laudanski (zx_at_castlecops.com)
Date: 02/08/05
- Previous message: Dave Korn: "[Full-Disclosure] Re: mailman email harvester"
- Next in thread: Barrie Dempster: "Re: [Full-Disclosure] Multiple AV Vendors ignoringtar.gz archives (fwd)"
- Reply: Barrie Dempster: "Re: [Full-Disclosure] Multiple AV Vendors ignoringtar.gz archives (fwd)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 8 Feb 2005 10:16:28 -0500 (EST) To: full-disclosure@lists.netsys.com
Folks, here is a summary of a discussion with Mark at Eset for NOD32 about
.tar.bz2. So what do you folks think, how many people would like to see
this capability?
-- Regards, Paul Laudanski - Computer Cops, LLC. CastleCops(SM) - http://castlecops.com http://cuddlesnkisses.com | http://justalittlepoke.com | http://zhen-xjell.com ---------- Forwarded message ---------- Date: Tue, 8 Feb 2005 09:30:17 +0100 From: "NOD32 Technical Support (Mark)" <EMAIL REMOVED> To: 'Paul Laudanski' <zx@castlecops.com> Subject: RE: [support] Re: [Full-Disclosure] Multiple AV Vendors ignoringtar.gz archives Hi Paul, certainly, this won't be our priority any time soon. Our programmers are now being fully engaged with preparing version 2.13.0 and then they'll probably start working on NOD32 3.0. Can you estimate how many people you know of would be interested in having tar.bz2 archives scanned? Best regards, Mark Eset Technical Support Slovakia -----Original Message----- From: Paul Laudanski [mailto:zx@castlecops.com] Sent: Monday, February 07, 2005 7:31 PM To: NOD32 Technical Support (Mark) Subject: RE: [support] Re: [Full-Disclosure] Multiple AV Vendors ignoringtar.gz archives Hi Mark, may I forward your reply to me below to the full disclosure list? I'd like to request that this archive be included. On Mon, 7 Feb 2005, NOD32 Technical Support (Mark) wrote: > Hi Paul, > > the tar.bz2 archives are not supported now at all, but could be in the > future if more customers request to support them. > > > Best regards, > > Mark > > > Eset > Technical Support > Slovakia > > Web: www.eset.com > > -----Original Message----- > Sent: Saturday, February 05, 2005 8:23 PM > To: Barrie Dempster > Cc: Full-disclosure; support@nod32.com > Subject: [support] Re: [Full-Disclosure] Multiple AV Vendors ignoring > tar.gz archives > > Thanks for replying back so quickly with further details. I tested a > standard .tar.bz2 file and found that nod32lms didn't report on diving > into it. I'll try to make time later to test it with a .tar.bz2 file > which contains Eicar. However, I've also included NOD32 support in this reply. > > But this is just one company, you do have a point. > > On Sat, 5 Feb 2005, Barrie Dempster wrote: > > > I didn't configure the AV's I didn't fancy installing all of them > > and thought virus total would give a good indication. It appears > > from the virustotal results and from > > http://www.nod32.com/products/nt.htm that > > nod32 will scan and detect tar.gz's but not bz2's. This is the most > > common result and could be argued to be valid by the vendors. > > > > However you can open tar.bz2's on windows so it's still a valid > > infection vector, although probably not all that useful for viruses. > > I don't believe many users will go googling for the tools needed. > > Nonetheless at least a few of the vendors think it's necessary to go > > beyond the common zip and rar. > > > ________ Information from Computer Cops, L.L.C. ________ This message > was checked by NOD32 Antivirus System for Linux Mail Server. > > part000.txt - is OK > http://castlecops.com > -- Regards, Paul Laudanski - Computer Cops, LLC. CastleCops(SM) - http://castlecops.com http://cuddlesnkisses.com | http://justalittlepoke.com | http://zhen-xjell.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
- Previous message: Dave Korn: "[Full-Disclosure] Re: mailman email harvester"
- Next in thread: Barrie Dempster: "Re: [Full-Disclosure] Multiple AV Vendors ignoringtar.gz archives (fwd)"
- Reply: Barrie Dempster: "Re: [Full-Disclosure] Multiple AV Vendors ignoringtar.gz archives (fwd)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
