The author of the article: root (webmaster_at_xfocus.org)
Category: design error
Threat level: medium
BUGTRAQ ID: 1 5 4 2 3
Affected by the anti-virus engine:
Kaspersky Antivirus Symantec AntiVirus F-Prot Antivirus ClamWin Antivirus Avast Antivirus RAV AntiVirus Microsoft AntiSpyware
Tested version: Symantec AntiVirus Corporate 8.0 Kaspersky Antivirus Personal Pro 126.96.36.199 Kaspersky Antivirus For MS NTServer 188.8.131.52 F-Prot Antivirus 3.16 c ClamWin Antivirus 0.87 Avast. Professional. Edition. v4. 6. 6 0 3 RAV. AntiVirus. Desktop. v8. 6 Microsoft AntiSpyware beta1
Windows system may use a variety of special symbols as the file name, some anti-virus engine is unable to properly parse specially constructed file name, so the file operation failed.
Choice A can be detected file, 比如nc.exe,the file is renamed as: nc??.exe the. (?? =hex C0 D7 BA DC)
Then use anti-virus software for scanning.
Because these special names are unable directly to input, so if you want to use the modified file(nc??.exe), you can use the following method:
1998-01-03 1 4:3 7 59,392 NC294E~1.EXE nc??.exe
[ROOT@D:\Vul\bugtrap]#NC294E~1.EXE -help [v1. 1 0 NT] connect to somewhere: nc [-options] hostname port[s] [ports] ... listen for inbound: nc-l-p port [options] [hostname] [port] options:
Use the MS-DOS file name, the File Open, read, write, and copy operations.
In fact the majority of manufacturers in to this problem to deal with on the are some problems: such as Kaspersky in the right-click such a file when the pop-up menu without scanning option Symantec AntiVirus Corporate V10. 0. 1. 1 0 0 0 can be detected but cannot be cleared. AVG Anti-Virus the normal path of the scanning may be by, but click on the scan option, but cannot read files.