hans.somers wrote: > I have tested this on the following platforms: > Windows NT 4.0 SP4 > Windows NT 4.0 SP6a > Windows 2000 Professional SP2 > Windows XP Pro > I have determined that the following versions of Norton > AntiVirus will not follow the deep path during a complete scan: > Norton AntiVirus 5.0 > Norton AntiVirus 7.5.1 > Norton Antivirus 8.00.58 > I Changed your script to make it a bit easier to see which path was triggering the EICAR alert, i.e.: md Q:\abcdefghij\abcdefghij\abcdefghij cd Q:\abcdefghij\abcdefghij\abcdefghij Start test-script NTFS-limit Create a filepath to the limit of NTFS Create the Eicar test-string for PoC. This should be detected normally if you have an active virusscanner. Activate the Eicar test-string Create a subst-drive Q: for this path Create an even deeper filepath (thus exceeding the limit of NTFS's explorer) Change current folder into "the deep" The system cannot find the path specified. Create the Eicar test-string Activate the Eicar test-string EICAR-STANDARD-ANTIVIRUS-TEST-FILE!. End of test-script Q:\ABCDEF~1\ABCDEF~1\ABCDEF~1> Since i don't see any letters in the file/location info below, it seems that we can Chalk up Norton Antivirus Corporate 7.60.926 as being unable to follow the long path. Scan type: Realtime Protection Scan Event: Virus Found! Virus name: EICAR Test String.70 File: C:\TEMP\1234567890\1234567890\1234567890\1234567890\1234567890\1234567890\12 34567890\1234567890\1234567890\1234567890\1234567890\1234567890\1234567890\1 234567890\1234567890\1234567890\1234567890\1234567890\1234567890\123456789\E ICAR.TXT Location: C:\TEMP\1234567890\1234567890\1234567890\1234567890\1234567890\1234567890\12 34567890\1234567890\1234567890\1234567890\1234567890\1234567890\1234567890\1 234567890\1234567890\1234567890\1234567890\1234567890\1234567890\123456789 Computer: MY_PUTER User: Employee Action taken: Clean succeeded : Access allowed Date found: Wed Jan 30 08:30:54 2002
This archive was generated by hypermail 2b30 : Wed Jan 30 2002 - 11:46:15 PST