1/4
Popping shells from #antivirus via SMTP proved extraordinarily tedious in 1997-1999. I put eyeballs on Eric Issacson's "D86" debugger to determine how many NOPs to pad -- often different values because AV firms secretly slipped software patches inside "signature updates"

2/4
Then, of course, you've got to build an "unanticipated attachment" so the #antivirus will puke when it scans email

Things like a ZIP file w/ zero files in it ... or a file larger than their own hard limit (while hoping it didn't exceed the disk drive's limit) ... and so on

3/4
And people would ask "why did some #antivirus have hard limits on file size?"

Well, at least one AV product needed hard limits so they didn't CRIPPLE mail delivery.

A hard-coded limit meant you'd get *past* it to the mail server that used a different vendor's product...

4/4
Oh! And MTAs enforced a 10MB attachment limit back then so everybody used ZIPs to get around it. #Antivirus knew this and scanned recursive ZIPs.

You could recurse 9GB of .exe files into a 9.1MB attachment -- useful if you just wanted the AV to crash WinNT on a 9GB SCSI 👹

5/4
I recalled this from 23yr-old memories so the technical details might be a bit off but I know you'll get the gist of it

FYI, #antivirus technology was primitive back then; I learned there was an unwritten law that forbid hackers to exploit AV products even as a PoC