--On Dienstag, 15. M�rz 2005 13:51 -0600 "Michael J. Pomraning" <[EMAIL PROTECTED]> wrote:
$ /usr/local/bin/sweep -ss -archive -all unfiltered-escape-sequences-in-filename-eicar.zip >>> Virus 'EICAR-AV-Test' found in file unfiltered-escape-sequences-in-filename-eicar.zip/Test_[2J_[2;5m_[1;31mHA CKER ATTACK_[2;25m_[22;30m_[3q.txt/eicar_com.zip/eicar.com $ md5sum unfiltered-escape-sequences-in-filename-eicar.zip 38363004047dc11b206305bd3660d68f unfiltered-escape-sequences-in-filename-eicar.zip
This is using engine 2.28.4, as in your tests. The consituent filenames are escaped before being displayed, too (sadly excepting ASCII BEL).
Also not ASCII BS, we've created an additional ZIP file for testing:
Available here: <ftp://ftp.aerasec.de/pub/advisories/unfiltered-escape-sequences/mixed2-eicar.zip>
$ unzip -l mixed2-eicar.zip
Archive: mixed2-eicar.zip
Length Date Time Name
-------- ---- ---- ----
308 03-10-05 12:00 eicarcom2.zip^H^H^Htxt
308 03-10-05 12:00 eicarcom2.zip
-------- -------
616$ /usr/local/bin/sweep -sc -nc -ss -archive -all mixed2-eicar.zip
Virus 'EICAR-AV-Test' found in file mixed2-eicar.zip/eicarcom2.txt/eicar_com.zip/eicar.com Virus 'EICAR-AV-Test' found in file mixed2-eicar.zip/eicarcom2.zip/eicar_com.zip/eicar.com
Note the difference: eicarcom2.txt <-> eicarcom2.zip
Regards,
Peter
--
Dr. Peter Bieringer Phone: +49-8102-895190
AERAsec Network Services and Security GmbH Fax: +49-8102-895199
Wagenberger Strasse 1 Mobile: +49-174-9015046
D-85662 Hohenbrunn E-Mail: [EMAIL PROTECTED]
Germany Internet: http://www.aerasec.de_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://www.secunia.com/
