ietf-asrg
[Top] [All Lists]

Re: [Asrg] DCC and IP checksums

2003-03-14 07:54:50
On Friday, Mar 14, 2003, at 13:56 Europe/London, Valdis(_dot_)Kletnieks(_at_)vt(_dot_)edu wrote:

1) As written, it doesn't contain any verification that a *current* template of signatures was used - I've actually gotten mail that was stamped "this mail certified virus-free by LlamaWare 1.2" and contained a virus anyhow,
because it's signature database was *literally* 2.5 years out of date.

2) Either the sending system has a virus, or it doesn't. If it doesn't, it doesn't matter if it got scanned. If it does, I have no guarantee that
said scanner hasn't been fooled by a rootkit.

3) Now imagine a virus that injects itself and then forges a "virus free" signature for itself (remember - if the virus scanner has enough info to generate a cert, any malware that gets loose on that machine has enough info
to forge the same cert).

4) there's a window of opportunity between the virus coming out and the signature being created.

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg



<Prev in Thread] Current Thread [Next in Thread>