This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

CLSID vulerability in virus protection

I was running tests on the virus protection from the site www.testvirus.org and test number 25 was allowed through. Here is the context of the email I recived.

Test #25 (non-virus): Attachment with a CLSID extension which may hide the real file extension. This does not include the Eicar virus, however your mail server should still block this since the CLSID technique can be used to hide the true extension of a malicious file. (attachment can be opened by any Windows computer)

Any thoughts on this?

This thread was automatically locked due to age.

Parents

0 cyclops over 21 years ago

please send it with a virus included and return to us with the result. Afaik Astaro scans all attachements independent from extensions.

Greetings
cyclops
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 cyclops over 21 years ago

please send it with a virus included and return to us with the result. Afaik Astaro scans all attachements independent from extensions.

Greetings
cyclops
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 chadlee over 21 years ago in reply to cyclops

Anything that actually contains the sample virus DOES get blocked. The reason that this should get blocked is the CLSID technique can be used to hide the true extension of a malicious file. (attachment can be opened by any Windows computer)
Cancel
Vote Up 0 Vote Down

Cancel
0 cyclops over 21 years ago in reply to chadlee

no problem for Astaro as far as it is detectable as attachement since the scanner matches against patterns not extensions [;)]

Greetings
cyclops
Cancel
Vote Up 0 Vote Down

Cancel