>-----Original Message----- >From: David Sexton [mailto:dave.sexton@sapphire.net] >Sent: 05 February 2002 09:14 >To: 'fh@rcs.urz.tu-dresden.de'; bugtraq@securityfocus.com; >hans.somers@hccnet.nl >Subject: RE: Long path exploit on NTFS > > >Err.. I beg to differ: > >SWEEP virus detection utility >Version 3.54, Monday, February 04, 2002 <delurk> I notice you're using 3.54 rather than 3.53, so I've confirmed the same result for 3.53 (Release data 7 Jan 02, engine v2.7), using the batch file posted here earlier (although I changed the subst drive letter from Q to Z because I already had a Q drive). It would be interesting if Frank could describe the methodology he used, as the phrase "According to my own tests" suggests he was not using the same script. The machine in question has NT4 SP6, in case anyone was wondering whether that was what caused the difference between David's results and Frank's. SWEEP virus detection utility Version 3.53, 07 January 2002 Includes detection for 71212 viruses, trojans and worms Copyright © 1989, 2001, Sophos Plc, www.sophos.com Info: Immediate job started by [REDACTED] at 11:14 on 07 February 2002 Items to be swept: "All Master Boot Sectors" Drive C: Sector 0 C:\temp\*.* and all subfolders Scanning options: Full mode, including archive files, excluding off-line files Sweeping: Disk 80 Cylinder 0 Head 0 Sector 1 Drive C: Sector 0 C:\TEMP\1234567890\1234567890\1234567890\1234567890\1234567890\1234567890\12 34567890\1234567890\1234567890\1234567890\1234567890\1234567890\1234567890\1 234567890\1234567890\1234567890\1234567890\1234567890\1234567890\123456789\1 234567890...\EICAR.TXT Virus: 'EICAR-AV-Test' detected in C:\TEMP\123456~1\123456~1\123456~1\123456~1\123456~1\123456~1\123456~1\12345 6~1\123456~1\123456~1\123456~1\123456~1\123456~1\123456~1\123456~1\123456~1\ 123456~1\123456~1\123456~1\123456~1\123456~1\123456~1\123456~1\EICAR.TXT No action taken C:\TEMP\1234567890\1234567890\1234567890\1234567890\1234567890\1234567890\12 34567890\1234567890\1234567890\1234567890\1234567890\1234567890\1234567890\1 234567890\1234567890\1234567890\1234567890\1234567890\1234567890\123456789\1 234567890...\EICAR2.COM Virus: 'EICAR-AV-Test' detected in C:\TEMP\123456~1\123456~1\123456~1\123456~1\123456~1\123456~1\123456~1\12345 6~1\123456~1\123456~1\123456~1\123456~1\123456~1\123456~1\123456~1\123456~1\ 123456~1\123456~1\123456~1\123456~1\123456~1\123456~1\123456~1\EICAR2.COM No action taken C:\TEMP\trb95.tmp C:\TEMP\cw50temp.000 C:\TEMP\~DFC3C0.tmp C:\TEMP\trb53E.tmp C:\TEMP\trb540.tmp C:\TEMP\trb542.tmp C:\TEMP\trb821.tmp C:\TEMP\~DFC3C1.tmp Info: Immediate job completed at 11:14 on 07 February 2002 12 items swept, 2 viruses detected, 0 errors DaveK -- Burn your ID card! http://www.optional-identity.org.uk/ Help support the campaign, copy this into your .sig! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses. www.mimesweeper.com **********************************************************************
