RE: Just when you thought Macafee stuff was safe!

["Tim Saunders" <Tim.Saunders () aquilauk co uk>]

It's the on-access scanner that has the problem when you try to do
anything with the downloaded file. Even if you are only copying it to
another PC.

I would accept it cannot scan the contents of such a large compressed
file if it didn't crash and leave the on-access scanner disabled.

Tim

> -----Original Message-----
> From: gregh [mailto:chows () ozemail com au] 
> Sent: 23 September 2003 22:52
> To: Tim Saunders; full-disclosure () lists netsys com
> Subject: Re: [Full-disclosure] Just when you thought Macafee 
> stuff was safe!
>
>
>
> > ----- Original Message -----
> > From: "Tim Saunders" <Tim.Saunders () aquilauk co uk>
> > To: "gregh" <chows () ozemail com au>; 
> <full-disclosure () lists netsys com>
> > Sent: Wednesday, September 24, 2003 1:14 AM
> > Subject: RE: [Full-disclosure] Just when you thought 
> Macafee stuff was
> safe!
>
>
> > Or if your users have McAfee Virus scan wait for them to download a
> > large compressed file, I find zips of oracle CDs from 
> partner.oracle.com
> > do nicely. Now watch McAfee crash as it tries to scan the 
> contents of
> > the zip and times out (I believe) thus leaving the machine nice and
> > vulnerable since it doesn't auto restart. Any 300MB+ Zip, .tar.gz,
> > .cpio.gz etc seems to work. Smaller files may also work depending on
> > your machine.
>
> Tim,
>
> Gotta say I don't have that problem with Macafee stuff. I 
> have 98 and XP
> machines that have anywhere from 500meg files to, in 2 cases, 2gig
> compressed files sitting on them and what you say has never 
> happened even
> once in a scheduled scan. I never allow any virus scanner to 
> scan incoming
> compressed files. I only allow them to scan when I save to disk from
> attachment and that hasn't ever been a problem, either.
>
> Greg.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html