[35885] in bugtraq
Re: eSafe: Could this be exploited?
daemon@ATHENA.MIT.EDU (Kev Ford)
Thu Jul 29 09:57:25 2004
Mime-Version: 1.0 (Apple Message framework v618)
In-Reply-To: <Pine.LNX.4.58.0407262219280.8540@gandalf.hugo.vanderkooij.org>
Content-Type: text/plain; charset=US-ASCII; format=flowed
Message-Id: <C7394BAB-E078-11D8-8CF1-000393D8C036@frod.co.uk>
Content-Transfer-Encoding: 7bit
From: Kev Ford <kev@frod.co.uk>
Date: Wed, 28 Jul 2004 10:30:35 +0100
To: bugtraq@securityfocus.com
On 26 Jul 2004, at 21:26, Hugo van der Kooij wrote:
>
> If someone is able to create a test executable based on the EICAR
> string
> the point might be proven. Unfortunatly I am not a programmer and lack
> window compiler tools all together. But if someone thinks (s)he can
> create
> a sample binary that may run when the last bit is shot to pieces and
> still
> contain a valid EICAR definition to show to the screen the issue might
> be
> proven.
>
Just an idle thought, but what about scripting? Would it be possible to
get some simple scripts through simply by making a large portion of the
end of the message useless comment fields? Maybe even a worm that
rewrites this 'noise' every time to make a moving target?
