One more way to bypass NAV

2002-03-25T00:00:00
ID SECURITYVULNS:DOC:2666
Type securityvulns
Reporter Securityvulns
Modified 2002-03-25T00:00:00

Description

Dear BUGTRAQ@SECURITYFOCUS.COM,

I've updated "Bypassing content filtering software" whitepaper http://www.security.nnov.ru/advisories/content.asp to include new way to bypass content filtering software. It confirmed to work with NAV and not to work with McAffee and KAV (AVP).

Symantec was contected via support@symantec.com and symsecurity@symantec.com and didn't reply.

13.Case sensitivity of Content-Type and Content-Disposition

Most MUAs ignore case of Content-Type and Content-Disposition headres while content filtering software may behave in different way. It makes it possible to bypass content-filtering software by using header like

      CONTENT-type: text/plain;
            NAme=\"eicar.com\"

P.S. thanks to everyone on vuln-dev who participated in testing.

-- http://www.security.nnov.ru /\_/\ { , . } |\ +--oQQo->{ ^ }<-----+ \ | ZARAZA U 3APA3A } +-------------o66o--+ / |/ You know my name - look up my number (The Beatles)