Re: [Full-disclosure] Re: when will AV vendors fix this???

---

• From: "<...>" <massimo@xxxxxxxxxxxxx>
• Date: Mon, 7 Aug 2006 00:11:46 +0200

---

good idea indeed and, since ntfs drivers are available for linux for a long time now, someone really willing to fix the issue could start there...

----- Original Message ----- From: "Denis Jedig" <seclists@xxxxxxxxxxxx>
To: <full-disclosure@xxxxxxxxxxxxxxxxx>
Cc: <bugtraq@xxxxxxxxxxxxxxxxx>
Sent: Saturday, August 05, 2006 10:35 AM
Subject: [Full-disclosure] Re: when will AV vendors fix this???

On Sat, 5 Aug 2006 13:05:56 +0545 Bipin Gautam wrote:

--- cut ---

And one more thing, if during AV scan if a file can't be opened due to
some processes LOCKING the file.... Instead of going through the
regular file open process AV should instead directly read the SECTORS
of the hdd

This might seem to be a bright idea at first, however, there are problems
with this approach. For one, the AV system would have to interpret the
filesystem on its own. Since NTFS is not documented and pretty complicated,
this is an error-prone task and I have no confidence AV vendors might be
able to master it correctly. Then, even if you are able to read sectors (a
non-trivial task under Windows as well), a file is usually not locked
without reason - it will likely undergo some changes even *during the scan*
so the results will be mostly useless. What you'd use instead is the Volume
Shadow Copy (aka Snapshot) feature as done with various backup
applications.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

---

• References:
  • [Full-disclosure] when will AV vendors fix this???
    • From: Bipin Gautam
  • [Full-disclosure] Re: when will AV vendors fix this???
    • From: Denis Jedig

• Prev by Date: [Full-disclosure] [ GLSA 200608-11 ] Webmin, Usermin: File Disclosure
• Next by Date: Re: [Full-disclosure] Re: when will AV vendors fix this???
• Previous by thread: [Full-disclosure] Re: when will AV vendors fix this???
• Next by thread: [Full-disclosure] Re: when will AV vendors fix this???
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Is Fixing a broken Hard Drive possible? ... while the Win 9x family would tolerate errors, ... > that it could erase bad sectors. ... > again with 90 gig of space free. ... >> You can't fix a hardware type problem with software. ... (microsoft.public.windowsxp.hardware) BAD SECTORS ERROR ... It says it has 8 bad sectors on it. ... 22368404 KB available on disk. ... try to fix the problem that way. ... I removed the Hardrive from the 1st server and placed it ... (microsoft.public.win2000.general) Re: UNMOUNTABLE_BOOT_VOLUME ... /R The R tries to fix the bad sectors.If bad sectors are still ... I'd also been cleaning out the registry with Registry tune up and ... >> Registry fix. ... Regards ... (microsoft.public.windowsxp.help_and_support) Re: System Freezes During Hard Drive Error Checking ... I'm running it with automatically fix errors turned on. ... I fully expect chkdsk to identify bad sectors and mark them as unusable, ... least the File System thinks they are," how would I fix that? ... (microsoft.public.windows.vista.general) Re: Bad sectors in hard drive ... You can't fix bad sectors. ... Associate Expert - WindowsXP Expert Zone ... > .someone told me i have bad sectors and i should boot off second hard ... (microsoft.public.windowsxp.help_and_support)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > Full-Disclosure  > 2006-08