[Avcheck] a way to circumvent checks by AVP
Juri Haberland
haberland@altus.de
Thu, 25 Jul 2002 13:34:23 +0200
Hi guys,
I just found a way to not only circumvent Postfix' body-checks to reject
executables but also to prevent AVP to recognize a virus!
And of course Outlook is involved :(
If you tell Outlook to send emails RTF-formatted it will put the RTF
stuff into an attachement called winmail.dat. So far so good.
If you attach a file to this mail, it will be embeded in this
RTF-document, therefor hidden in the winmail.dat. You see, no
attachement with a .exe at the end, so no chance to catch it via
Postfix' body-checks.
But what's even worse: AVP doesn't recognize this either. I could
successfully send the eicar.com-test-virus this way...
Maybe someone can check this with other AV-scanners like Dr.Web or Sophos.
Cheers,
Juri
--
If each of us have one object, and we exchange them,
then each of us still has one object.
If each of us have one idea, and we exchange them,
then each of us now has two ideas.