[24154] in bugtraq
Re: Long path exploit on NTFS
daemon@ATHENA.MIT.EDU (Christophe Bousquet)
Wed Feb 6 20:08:25 2002
Message-ID: <001001c1aeda$e5dc7b20$9e0106c0@clavecin2>
Reply-To: "Christophe Bousquet" <c.bousquet@adilinstruments.com>
From: "Christophe Bousquet" <c.bousquet@adilinstruments.com>
To: <bugtraq@securityfocus.com>
Date: Wed, 6 Feb 2002 07:52:47 +0100
MIME-Version: 1.0
Content-Type: text/plain;
charset="Windows-1252"
Content-Transfer-Encoding: 7bit
Actually, you don't have to deal with long path name.
Here's a little experiment I've just done :
- a file with something that triggers my MacAfee VirusScan NT, put it in
folder "Hello". Start scan : no problem, VirusScan warns me about
the dangerous thing.
- same file, in folder called "nihongo", but labeled using japanese
characters i.e. a folder with a unicode name. Start scan : nothing!
No warning, because (i guess) no scan at all.
As Mr LeBlanc said, the problem here is those so-called NT version that
don't know what NT is.
Experiment done with VirusScan Engine 4.1.60, datfile 4.0.4183 on my
english NT 4.0 SP6+SRP+.. The bait I use is cdc's back orifice in a zip.
And for the little history, I don't blame MacAfee more than almost any
other app. I really hate it when xxxAmp can't play my jpop mp3, when
xxxCDCreator can't backup my folders on CD-R, etc...
Best regards
Christophe
** speaking for myself and *not* for my employer. **
