I think no matter what you do, you can never stay abreast of new viruses keep popping every now and then, even if you have a virus scanning email server, It's more likely that a new virus will pass through beause it's very new or maybe your virus signature file is not updated. I think one should only expect *many* virus emails to be scanned and rejected or whatever via email server, but STILL take great care *as usual to not to recieve and run an .exe/.com/.bat/.vbs etc. files* recieved via email. -back to the pen-testing point, well yeah sending viruses as .ppt and as excel files is another way, but you can also try sending it in .tgz / .tar / .cpio / .uu (uuencoded) / .avi / .mpg formats. This will check that whether the antivirus scans only .exe files for known virus signatures or does it check every attachment? anyways , Goodluck! Regards, --------- Muhammad Faisal Rauf Danka Chief Technology Officer Gem Internet Services (Pvt) Ltd. web: www.gem.net.pk voice: 92-021-111-GEMNET Vice President Pakistan Computer Emergency Responce Team (PakCERT) web: www.pakcert.org Chief Security Analyst Applied Technology Research Center (ATRC) web: www.atrc.net.pk voice: 92-21-4980523 92-21-4974781 "Great is the Art of beginning, but Greater is the Art of ending. " ------BEGIN GEEK CODE BLOCK---- Version: 3.1 GCS/CM/P/TW d- s: !a C++ B@ L$ S$ U+++ P+ L+++ E--- W+ N+ o+ K- w-- O- PS PE- Y- PGP+ t+ X R tv+ b++ DI+ D G e++ h! r+ y+ ------END GEEK CODE BLOCK------ --- "Rainer Duffner" <rainer@ultra-secure.de> wrote: >Ilici Ramirez writes: > >> Hello, >> >> What ways do you know to pen-test email antivirus >> software? > >I'd try to pack various combinations of different file-formats into >each other (OLE-container). >E.g., if they have disabled .exe to enter or leave the LAN, try sticking >it into an Excel or PPT-file. >It should not work, but that's what you're supposed to find out. >;-) >Of course, with webmail-over-https this is 80% pointless nowadays... > > >> A cool one that has been published before is to zip a >> very large file that contains the same character. The >> result, a very small file attached to an email could >> deplete resources on the antivirus server. Do you know >> any AV exploitable with this? > >It's called 42.zip and there has been a discussion about this once in a >while. Search the archives. > > >cheers, >Rainer >-- >~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ >Rainer Duffner Munich >rainer@ultra-secure.de Germany >http://www.i-duffner.de Freising >======================================== > When shall we three meet again > In thunder, lightning, or in rain? >~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > >---------------------------------------------------------------------------- >This list is provided by the SecurityFocus Security Intelligence Alert (SIA) >Service. For more information on SecurityFocus' SIA service which >automatically alerts you to the latest security vulnerabilities please see: >https://alerts.securityfocus.com/ _____________________________________________________________ --------------------------- [ATTITUDEX.COM] http://www.attitudex.com/ --------------------------- _____________________________________________________________ Promote your group and strengthen ties to your members with emailat_private by Everyone.net http://www.everyone.net/?btn=tag ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Fri May 17 2002 - 15:17:14 PDT