[prev in list] [next in list] [prev in thread] [next in thread] 

List:       full-disclosure
Subject:    Re: [Full-disclosure] Fwd: Report to Recipient(s)
From:       Dude VanWinkle <dudevanwinkle () gmail ! com>
Date:       2005-11-30 21:27:16
Message-ID: e024ccca0511301327j43b9067av982a6ce955f44391 () mail ! gmail ! com
[Download RAW message or body]

On 11/30/05, Michael Holstein <michael.holstein@csuohio.edu> wrote:
> > Only those with broken AV software, since that line is not the EICAR test
> > string, according to the definition of the EICAR test string.
>
> As many have pointed out, I realize it's supposed to be an attachment :
>
> http://www.eicar.org/anti_virus_test_file.htm
>
> but I've encountered plenty of broken A/V implementations that didn't
> care *where* in the message it was.

Please correct me if I am wrong:

>From what little I know, AV companies do not have 5 engines for
detection, they have 1. Symantecs AV for SMTP, SAV, etc all use the
same detection engine. They just have different ways of parsing the
data (among other features). With the advent of HTML emails, most av
engines will check the body of your emails.

Even if some engines miss it, thats still a _really_ good idea,

thanks for sharing =P

-JP
"X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*"
-Michael Holstein
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[prev in list] [next in list] [prev in thread] [next in thread]