iplosion security

In addition to virus scanners at the employee’s desktop machine companies are nowadays deploying AV products at their perimeter. These scanners are installed in mail gateways and web proxies to prevent malware reaching the desktop. One big question is how good are they at detection when malware is placed into archives or are embedded into other file formats, like alternative Word document formats?

The desktop, since it has all client applications installed, is the ultimate decoder for all kinds of file formats and virus scanners can detect malware right before their execution. Compared to the desktop the gateway has to rely completely on its own decoding functionality. This paper demonstrates the decoding capabilities of AV products in case of alternative file formats when used in a gateway scenario. In addition the paper clarifies on issues which were criticized in earlier versions of this paper. For details see report.

This entry was posted on Wednesday, September 6th, 2006 at 21:29 and is filed under Reports, Malware, XML. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.