HTTP: Multiple Vendor Anti-Virus Magic Byte Detection Evasion
This signature detects attempts to exploit a known vulnerability against Multiple Anti-Virus products. Attackers can bypass the security restrictions of a system allowing the attacker to carry on future attacks on the victim's computer.
Extended Description
Multiple vendor anti-virus software is prone to a detection evasion vulnerability. The problem presents itself in the way various anti-virus software determines the type of file it is scanning. An attacker can exploit this vulnerability to pass malicious files passed the anti-virus software. This results in a false sense of security, and ultimately could lead to the execution of arbitrary code on the victim user's machine.
Affected Products
Ikarus ikarus
References
BugTraq: 15189
Short Name
HTTP:STC:AV-MAGIC-EVADE
Severity
Minor
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Anti-Virus Byte Detection Evasion Magic Multiple Vendor bid:15189
Release Date
09/15/2010
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3718
False Positive
Unknown
Vendors
Ukrainian_antiviral_center
Norman
Etrust
Dr.web
Sophos
Trend_micro
Kaspersky
Panda
Mcafee
Ikarus
Frisk_software
Fortinet
Thehacker
Avg
Arcabit
Cat_computer_services