On Fri, 7 Nov 2008, John LaCour wrote:
> After finding hundreds of phishing web sites compromised and PHP shells and
> other backdoors installed, I got to wondering why AV products weren't being
> used to detect these things. If I had a webhosting business, I'd certainly
> be looking to find unwanted files installed on servers. What do you use to
> do that? AV products.
>
>
>
> After collecting 99 samples of PHP shells and backdoors 'in the wild', I
> scanned them with 29 vendor's AV scanners to see if they were being
> detected. The results were a little bit disheartening, but I think it's
> something that can be addressed fairly easily.
>
I feel your pain, but I personally believe that the AV world:
1. Has no business doing web security.
2. Will.
Gadi.
>
>
> Top 5 vendors:
>
>
> Ikarus
>
>
> ClamAV
>
>
> F-Secure
>
>
> AntiVir
>
>
> Kaspersky
>
>
>
>
>
> More here on test methodology, results, and caveats:
>
>
>
> http://www.phishlabs.com/blog/archives/35
>
>
>
>
>
> -John, PhishLabs
>
>
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
