Full Disclosure mailing list archives
Re: Multiple Antivirus Scanners DoS attack. [summery]
From: npguy <npguy () websurfer com np>
Date: Mon, 14 Jun 2004 15:36:09 +0545
well The advisory makes no details and seems to be very naive touch. On Monday 14 June 2004 02:13 pm, bipin gautam wrote:
Multiple Antivirus Scanners DoS attack.
* F-Prot 4.4.2 for Linux
linux F-Prot work perfectly well. Test before you make claims.
* Rav Antivirus online Scanner [Couldn't complete the scan...] * Windows Xp default ZIP manager [report's wrong size of compress ZIP files.]
if you mess with headers any compression API tells you the same wrong size. Check zlib, infoZip, rar, arj. There is no way to get detect these changes. Checking each file integrity against the header info will take significiant anount of time. Anyway like WinZIP the extraction routine seek file content until the the next header stats. So that the altered file size will not able to fool the routine i.e Design Error. I believe the this is also related with the same problem of WinRAR and it is also the same design error i believe. It trust the header info and start extracting the files.
--- [Details] --- While having a manual scan of compressed files; several Antivirus, Trojan, Spy ware scanners suffer a DoS attack if the software tries to completely extract the archive and scan its content for a hostile file.
Those using infoZip and zlib library or even WinZIP as external extractor, won't suffer from this problem. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Multiple Antivirus Scanners DoS attack. [summery] bipin gautam (Jun 14)
- Re: Multiple Antivirus Scanners DoS attack. [summery] npguy (Jun 14)
- Re: Multiple Antivirus Scanners DoS attack. [summery] bipin gautam (Jun 14)
- Re: Multiple Antivirus Scanners DoS attack. [summery] Jan Muenther (Jun 14)
- Re: Multiple Antivirus Scanners DoS attack. [summery] bipin gautam (Jun 14)
- Re: Multiple Antivirus Scanners DoS attack bipin gautam (Jun 14)
- linux kernel local crash seen on slashdot Skip Duckwall (Jun 14)
- Re: linux kernel local crash seen on slashdot Lorenzo Hernandez Garcia-Hierro (Jun 14)
- Re: linux kernel local crash seen on slashdot npguy (Jun 14)
- Re: linux kernel local crash seen on slashdot Stefan SF (Jun 15)
- Re: linux kernel local crash seen on slashdot Dave Monnier, IT Security Office, Indiana University (Jun 15)
- Re: Multiple Antivirus Scanners DoS attack. [summery] bipin gautam (Jun 14)
- Re: Multiple Antivirus Scanners DoS attack. [summery] npguy (Jun 14)
- Re: Multiple Antivirus Scanners DoS attack. [summery] Jim Krok (Jun 14)