[Dailydave] VPC
Eduardo Tongson
propolice at gmail.com
Fri Feb 22 19:17:30 EST 2008
Hi Thierry,
If I understand correctly, aps-AV runs the AV inside a sandbox. Is
this correct ? What sandbox are you using ?
...
In this process aps-AV will neither examine the data for known virus
signatures nor submit it to any parsing operations. Only after the
data has entered the execution environment, which next to running on a
high security operating system does not provide any network
interfaces, the AV-engines start their work and check the e-mail
attachments for malicious code. If any abnormality is detected, the
whole environment will be completely deleted, including the operating
system, and the incident will be marked as an attack on the respective
AV-product.
...
Ed
On Fri, Feb 22, 2008 at 10:34 PM, Thierry Zoller <Thierry at zoller.lu> wrote:
> Dear All,
> TZ> Hint : There are better ones than CWsandbox,
> Since the CWSandbox author is on this list, I wanted to clarify that I
> have no intention on making CWsandbox look less performant, my
> impression is from several tests I made myself and based on the fact
> that it can be esaily detected. However I am not sure about the
> internal improvements, maybe the sandbox is better now. Again no
> intention to harm here.
>
>
>
>
>
>
>
> --
> http://secdev.zoller.lu
> Thierry Zoller
>
> _______________________________________________
> Dailydave mailing list
> Dailydave at lists.immunitysec.com
> http://lists.immunitysec.com/mailman/listinfo/dailydave
>
More information about the Dailydave
mailing list