|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: David Korn (dkorn
pixelpower.com)Date: Thu Feb 07 2002 - 05:25:48 CST
>-----Original Message-----
>From: David Sexton [mailto:dave.sextonsapphire.net]
>Sent: 05 February 2002 09:14
>To: 'fhrcs.urz.tu-dresden.de'; bugtraqsecurityfocus.com;
>hans.somershccnet.nl
>Subject: RE: Long path exploit on NTFS
>
>
>Err.. I beg to differ:
>
>SWEEP virus detection utility
>Version 3.54, Monday, February 04, 2002
<delurk>
I notice you're using 3.54 rather than 3.53, so I've confirmed the same
result for 3.53 (Release data 7 Jan 02, engine v2.7), using the batch file
posted here earlier (although I changed the subst drive letter from Q to Z
because I already had a Q drive). It would be interesting if Frank could
describe the methodology he used, as the phrase "According to my own tests"
suggests he was not using the same script.
The machine in question has NT4 SP6, in case anyone was wondering whether
that was what caused the difference between David's results and Frank's.
SWEEP virus detection utility
Version 3.53, 07 January 2002
Includes detection for 71212 viruses, trojans and worms
Copyright © 1989, 2001, Sophos Plc, www.sophos.com
Info: Immediate job started by [REDACTED] at 11:14 on 07 February 2002
Items to be swept:
"All Master Boot Sectors"
Drive C: Sector 0
C:\temp\*.* and all subfolders
Scanning options:
Full mode,
including archive files,
excluding off-line files
Sweeping:
Disk 80 Cylinder 0 Head 0 Sector 1
Drive C: Sector 0
C:\TEMP\1234567890\1234567890\1234567890\1234567890\1234567890\1234567890\12
34567890\1234567890\1234567890\1234567890\1234567890\1234567890\1234567890\1
234567890\1234567890\1234567890\1234567890\1234567890\1234567890\123456789\1
234567890...\EICAR.TXT
Virus: 'EICAR-AV-Test' detected in
C:\TEMP\123456~1\123456~1\123456~1\123456~1\123456~1\123456~1\123456~1\12345
6~1\123456~1\123456~1\123456~1\123456~1\123456~1\123456~1\123456~1\123456~1\
123456~1\123456~1\123456~1\123456~1\123456~1\123456~1\123456~1\EICAR.TXT
No action taken
C:\TEMP\1234567890\1234567890\1234567890\1234567890\1234567890\1234567890\12
34567890\1234567890\1234567890\1234567890\1234567890\1234567890\1234567890\1
234567890\1234567890\1234567890\1234567890\1234567890\1234567890\123456789\1
234567890...\EICAR2.COM
Virus: 'EICAR-AV-Test' detected in
C:\TEMP\123456~1\123456~1\123456~1\123456~1\123456~1\123456~1\123456~1\12345
6~1\123456~1\123456~1\123456~1\123456~1\123456~1\123456~1\123456~1\123456~1\
123456~1\123456~1\123456~1\123456~1\123456~1\123456~1\123456~1\EICAR2.COM
No action taken
C:\TEMP\trb95.tmp
C:\TEMP\cw50temp.000
C:\TEMP\~DFC3C0.tmp
C:\TEMP\trb53E.tmp
C:\TEMP\trb540.tmp
C:\TEMP\trb542.tmp
C:\TEMP\trb821.tmp
C:\TEMP\~DFC3C1.tmp
Info: Immediate job completed at 11:14 on 07 February 2002
12 items swept, 2 viruses detected, 0 errors
DaveK
-- Burn your ID card! http://www.optional-identity.org.uk/ Help support the campaign, copy this into your .sig!********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager.
This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses.
www.mimesweeper.com **********************************************************************
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]