[40747] in bugtraq
Re: Antivirus detection bypass by special crafted archive.
daemon@ATHENA.MIT.EDU (Williams, James K)
Fri Oct 14 14:34:45 2005
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
charset="us-ascii"
Date: Fri, 14 Oct 2005 11:26:40 -0400
Message-ID: <D7DDF83751235046BFAC82E1244EB4C808D67751@usilms23.ca.com>
From: "Williams, James K" <James.Williams@ca.com>
To: <bugtraq@securityfocus.com>
Content-Transfer-Encoding: 8bit
fRoGGz, SecuBox Labs: thanks for posting the advisory.
We are wrapping up our investigation and development of solutions
to address this issue. We will post an appropriate notification
when those solutions are available.
In the meantime, CA eAV users can protect themselves by enabling
Realtime Scanning at the desktop.
Regards,
kw
Ken Williams ; Dir. Vuln Research
Computer Associates ; 0xE2941985
> List: bugtraq
> Subject: Antivirus detection bypass by special crafted archive.
> From: unsecure () writeme ! com
> Date: 2005-10-07 21:11:29
> Message-ID: 20051007211129.12096.qmail () securityfocus ! com
> Release Date : 2005-10-05
> Tested on: Windows 2000 SP2 & SP4
> Tested with: Jotti Online Antivirus Scanner
> Tested with: VirusTotal Online Antivirus Scanner
> Tested with: Command line freeware UnRAR v3.50
> Tested with: PowerZip v7.06
> Discovered by: fRoGGz
> Credit to: SecuBox Labs
[...]
> For more information, visit:
> Ref: [ http://shadock.net/secubox/AVCraftedArchive.html ]
[...]
> [?] eTrust-Iris Found nothing
> [?] eTrust-Vet Found nothing
[...]
