Multiple Vendor Anti-Virus Software Detection Evasion Vulnerability through forged magic byte.
InterestingHave you considered the possibility that some vendors at least may include with each virus signature a set of file formats for which the signature is valid, or just a flag to signify "all formats"?
If so, then the vendors will consider themselves not vulnerable, they can simply update their virus definitions when and if variants with different headers appear.
Even with 1:1 file format signatures, a vendor could presumable include multiple virus definitions for one virus, one per file format, as required
...
For more details, screenshots and examples please read my article "The Magic of magic byte" at www.securityelf.org
...
--
Dave English Senior Software & Systems Engineer
Internet Platform Development, Thus plc