[24813] in bugtraq
One more way to bypass NAV
daemon@ATHENA.MIT.EDU (3APA3A)
Fri Mar 22 21:37:21 2002
Date: Fri, 22 Mar 2002 13:24:42 +0300
From: 3APA3A <3APA3A@SECURITY.NNOV.RU>
Reply-To: 3APA3A <3APA3A@SECURITY.NNOV.RU>
Message-ID: <5087600242.20020322132442@SECURITY.NNOV.RU>
To: BUGTRAQ@securityfocus.com
Cc: vuln-dev@securityfocus.com
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Dear BUGTRAQ@SECURITYFOCUS.COM,
I've updated "Bypassing content filtering software" whitepaper
http://www.security.nnov.ru/advisories/content.asp to include new way to
bypass content filtering software. It confirmed to work with NAV and not
to work with McAffee and KAV (AVP).
Symantec was contected via support@symantec.com and
symsecurity@symantec.com and didn't reply.
13.Case sensitivity of Content-Type and Content-Disposition
Most MUAs ignore case of Content-Type and Content-Disposition headres
while content filtering software may behave in different way. It makes
it possible to bypass content-filtering software by using header like
CONTENT-type: text/plain;
NAme=\"eicar.com\"
P.S. thanks to everyone on vuln-dev who participated in testing.
--
http://www.security.nnov.ru
/\_/\
{ , . } |\
+--oQQo->{ ^ }<-----+ \
| ZARAZA U 3APA3A }
+-------------o66o--+ /
|/
You know my name - look up my number (The Beatles)
