fRoGGz, SecuBox Labs: thanks for posting the advisory.
We are wrapping up our investigation and development of solutions
to address this issue. We will post an appropriate notification
when those solutions are available.
In the meantime, CA eAV users can protect themselves by enabling
Realtime Scanning at the desktop.
Regards,
kw
Ken Williams ; Dir. Vuln Research
Computer Associates ; 0xE2941985
> List: bugtraq
> Subject: Antivirus detection bypass by special crafted archive.
> From: unsecure () writeme ! com
> Date: 2005-10-07 21:11:29
> Message-ID: 20051007211129.12096.qmail () securityfocus ! com
> Release Date : 2005-10-05
> Tested on: Windows 2000 SP2 & SP4
> Tested with: Jotti Online Antivirus Scanner
> Tested with: VirusTotal Online Antivirus Scanner
> Tested with: Command line freeware UnRAR v3.50
> Tested with: PowerZip v7.06
> Discovered by: fRoGGz
> Credit to: SecuBox Labs
[...]
> For more information, visit:
> Ref: [ http://shadock.net/secubox/AVCraftedArchive.html ]
[...]
> [?] eTrust-Iris Found nothing
> [?] eTrust-Vet Found nothing
[...]
