Bugtraq mailing list archives
Re: [Full-disclosure] Unfiltered escape sequences in filenames contained in ZIP archives wouldn't be escaped on displaying or logging, and can also lead to bypass AV scanning
From: Rodrigo Barbosa <rodrigob () suespammers org>
Date: Tue, 15 Mar 2005 22:07:06 -0300
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, Mar 15, 2005 at 09:06:05PM +0000, Nigel Horne wrote:
# unzip -l mixed-eicar.zip Archive: mixed-eicar.zip Length Date Time Name -------- ---- ---- ---- 308 03-10-05 12:00 Test^G^[[2J^[[2;5m^[[1;31mHACKER ATTACK^[[2;25m^[[22;30m^[[3q.txt 308 03-10-05 12:00 eicarcom2.zip -------- ------- 616 2 filesF-Prot seems to detect it correctly:As does clamAV: [njh@njh tmp]$ clamscan mixed-eicar.zip mixed-eicar.zip: Eicar-Test-Signature FOUND Scanned files: 1 Infected files: 1
Actually, no. There were 2 infected files in there. ClamAV only found 1. []s - -- Rodrigo Barbosa <rodrigob () suespammers org> "Quid quid Latine dictum sit, altum viditur" "Be excellent to each other ..." - Bill & Ted (Wyld Stallyns) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) iD8DBQFCN4a6pdyWzQ5b5ckRAj+3AJ9fucP7IbUuizPfy16+CRJvHYqLqwCcDwGV xV1vW8Fgb4dqLSqODra4W78= =DTMF -----END PGP SIGNATURE-----
Current thread:
- Re: [Full-disclosure] Unfiltered escape sequences in filenames contained in ZIP archives wouldn't be escaped on displaying or logging, and can also lead to bypass AV scanning Dr. Peter Bieringer (Mar 15)
- Re: [Full-disclosure] Unfiltered escape sequences in filenames contained in ZIP archives wouldn't be escaped on displaying or logging, and can also lead to bypass AV scanning Rodrigo Barbosa (Mar 15)
- Message not available
- Re: [Full-disclosure] Unfiltered escape sequences in filenames contained in ZIP archives wouldn't be escaped on displaying or logging, and can also lead to bypass AV scanning Rodrigo Barbosa (Mar 16)
- Re: [Full-disclosure] Unfiltered escape sequences in filenames contained in ZIP archives wouldn't be escaped on displaying or logging, and can also lead to bypass AV scanning Tomasz Papszun (Mar 17)
- Message not available
- Re: [Full-disclosure] Unfiltered escape sequences in filenames contained in ZIP archives wouldn't be escaped on displaying or logging, and can also lead to bypass AV scanning Rodrigo Barbosa (Mar 15)
- <Possible follow-ups>
- Re: [Full-disclosure] Unfiltered escape sequences in filenames contained in ZIP archives wouldn't be escaped on displaying or logging, and can also lead to bypass AV scanning bipin gautam (Mar 15)