Hello Simon, On Sunday, October 27, 2002 at 7:54:51 PM you [S] wrote (at least in part):
[AVG plugin test] S> These are rest of the test files from gfi.com that ended up in my mailbox. S> * Object Codebase vulnerability test S> * MIME header vulnerability test S> * Iframe remote vulnerability test S> * ActiveX vulnerability test S> * eicar.com [1/5] S> * VBS attachment vulnerability test S> * CLSID extension vulnerability test S> * Malformed file extension vulnerability test (for Outlook 2002 - XP) S> * GFI's Access exploit vulnerability test S> * CLSID extension vulnerability test (for Outlook 2002 - XP) [...] S> In any event, with *only* the AVG plugin installed nothing but the S> eircar.com attachment is detected and quarantined. None of them is a virus. Excluding the 'eicar.com [1/5]' which can't be detected, all of the rest are 'exploits', no viruses. The reason why Kaspersky detects some of them is that they seem to not only concentrate on virus detection, but 'detection of possible malicious code' as well. Something I don't expect as being the core competence of an AntiVirus engine. I for myself don't want to blame any AV software for not playing 'sandbox' for potentially aggressive code like .VBS scripts or CLSID-hacks (exploits). It's the application that should not execute anything within it's context (like Outlook [Express] does with ActiveX-objects and CLSID-based embedded objects) and the interpreter engine that should provide a sandbox (like I'd like to see one for .VBS scripts). -- Regards Peter Palmreuther (The Bat! v1.62/Beta7 on Windows 2000 5.0 Build 2195 Service Pack 1) Music is my life, but what is life? ________________________________________________ Current version is 1.61 | "Using TBUDL" information: http://www.silverstones.com/thebat/TBUDLInfo.html
