(4) MODERATE: Multiple Anti-virus Vendor Detection Bypass
Affected: Multiple AV vendors including McAfee, Trend Micro, Kaspersky,
Sophos, CA, Panda.
Description: Multiple anti-virus engines reportedly contain a vulnerability
that can lead to bypassing detection of malware in ".bat", ".html" and
".eml" files. The problem occurs because the detection engines stop
processing these files if they are tagged with a fake executable file
header. Note that with the increase in client-side attacks, bypassing
malicious HTML detection may lead to spread of spyware and other malware on
desktop systems. Multiple proof of concept examples have been posted.
Darrell
------------------------------------------------------------------------
Check out http://www.invariantsystems.com for utilities for Declude And
Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG
Integration, and Log Parsers.
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus". The archives can be found
at http://www.mail-archive.com.
