> OK. I just wrote new super antivirus. It's > databases currently consist > from only eicar.com signature (I'm very new in > this business) but it > 100% detects EICAR in the file with removed > permissions :) > > http://www.security.nnov.ru/files/antieicar.zip
> Now, there is at least one antivirus to break your > statement :) > good example 3APA3A to teach those software companies howto, anyways... here is a archive, http://www.geocities.com/visitbipin/antiPOC.zip Extract the archive by using "DEFAULT ZIP MANAGER" of windows xp. It will create a file "NULL.con" (O; within which there is a "eicar test string file". I don't think your super AV will detect the "eicar test string file" withing "NULL.con" folder??? :) anyways... let me know HOW? when you figure out to how to delete "NULL.con" directory. You can add Kaspersky 4.5x to the list of products > you can bypass this > way. Previous KAV 4.0 versions (and 3.x > version, actually it was > F-Secure engine) had kernel driver and it was used > during manual scan, > probably these version are not vulnerable. I didn't > saw 5.x yet, but it > is expected to be vulnerable too. > > F-Secure (at least older versions) should not > be vulnerable, but I > didn't tested. __________________________________ Do you Yahoo!? Yahoo! Mail - 50x more storage than other providers! http://promotions.yahoo.com/new_mail _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
