Penetration Testing mailing list archives
Re: PenTesting Email AntiVirus
From: "William D. Colburn (aka Schlake)" <wcolburn () nmt edu>
Date: Thu, 16 May 2002 13:56:33 -0600
I think any AV software that is configured to unpack zip files is vulnerable. I think all vendors have this off by default, but some people seem to think they want to do this and turn it in. My antivirus milter was recently defeated by a MIME pack that had two files attached with the same name, one a virus, the other innocuous. The innocuous file overwrote the virus before the scanner hit it. I fixed my milter not to let that happen. There seem to be lots of ways to form an incorrect MIME pack that the RFC compliant antivirus software disregards but the cursed MS software manages to unpack anyway. On Wed, May 15, 2002 at 06:31:39AM -0700, Ilici Ramirez wrote:
What ways do you know to pen-test email antivirus software? A cool one that has been published before is to zip a very large file that contains the same character. The result, a very small file attached to an email could deplete resources on the antivirus server. Do you know any AV exploitable with this?
-- William Colburn, "Sysprog" <wcolburn () nmt edu> Computer Center, New Mexico Institute of Mining and Technology http://www.nmt.edu/tcc/ http://www.nmt.edu/~wcolburn ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- PenTesting Email AntiVirus Ilici Ramirez (May 16)
- Re: PenTesting Email AntiVirus Rainer Duffner (May 17)
- Re: PenTesting Email AntiVirus William D. Colburn (aka Schlake) (May 17)
- Re: PenTesting Email AntiVirus Volker Tanger (May 17)
- <Possible follow-ups>
- Re: PenTesting Email AntiVirus Muhammad Faisal Rauf Danka (May 17)