LART’s Blog

magoo sent me a im this morning pointing to his newest post on his blog “Gmail AntiVirus = Sophos”. He asked me if I could conferm this so at first I used the files that I have from my nepenthes honeypot. That didn’t work so well after about 19 files I only ruled out 9 of 20 ish venders. So then I rembered that I had a vmware image with a lot of spyware and trojens on it from a backdoor I installed on it. I found a number of files that should not be on a default install of win 2k so I tested thoes files. the resaults from all of this makes it look like out of the 20 venders that I tested Sophos was the only one that had consistent resaults with what I was getting from VirusTotal. magoo posted my resaults at thebillygoatcurse.com/gmailresults2.html

After doing this 2 questions have come to mind. The frist one being what’s stoping google from telling the world about who they use for gmail? I don’t get why Sophos would have them keep quiet about this as it would be great advertiseing. the second thing is does antivirus give users a false sence of security? a number of the files that I tested later on were not deteded by quite a number of venders. It seems to me that noobs think that if their antivirus is up to date and says it’s working just fine that they are invincible, but this is never the case. As long as we rely on virus definations we are allways vulnerable.

update: I put some closer to raw resaults at gmail.xls and for the open office users out there gmail.ods