Re: Bypassing quarantine with ADS formatted filenames
From: antir0gue (antir0gue_at_yahoo.com)
Date: 06/07/04
- Previous message: bnottle_at_telus.net: "Re: OT: LInksys router BEFSR41 dead... anything i can do?"
- In reply to: Jack Cullen: "Bypassing quarantine with ADS formatted filenames"
- Next in thread: Naren: "Re: Bypassing quarantine with ADS formatted filenames"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 7 Jun 2004 05:53:05 -0700 (PDT) To: Jack Cullen <jack_cullen@hotmail.com>, security-basics@securityfocus.com
Doesn't all file stream information get stripped when
it leaves a file system that supports it. i.e. NTFS -
yes, FAT - No. Even if the files were streamed it
seems you would lose this information/file through an
email anyway.
----------------
Jack Cullen <jack_cullen@hotmail.com> wrote: Is it
possible to get file attachments past AV software by
using alternate
data stream type filenames?
We have set McAfee GroupShield to quarantine all .zip
files yet several
people have received messages with .zip attachments
that came in the
following formats:
The attachment 'Informations.zip:Informations.txt'
-or-
The attachment 'sample01.zip:data.rtf
.scr'
_________________________________________________________________
Get fast, reliable Internet access with MSN 9 Dial-up
– now 3 months FREE!
http://join.msn.click-url.com/go/onm00200361ave/direct/01/
---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this
ad and get $545 off
any course! All of our class sizes are guaranteed to
be 10 students or less
to facilitate one-on-one interaction with one of our
expert instructors.
Attend a course taught by an expert instructor with
years of in-the-field
pen testing experience in our state of the art hacking
lab. Master the skills
of an Ethical Hacker to better assess the security of
your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------
- Previous message: bnottle_at_telus.net: "Re: OT: LInksys router BEFSR41 dead... anything i can do?"
- In reply to: Jack Cullen: "Bypassing quarantine with ADS formatted filenames"
- Next in thread: Naren: "Re: Bypassing quarantine with ADS formatted filenames"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
