Vulnerability Development mailing list archives
RE: Antivirus scanner DoS with zip archives
From: "Damage" <dam.age () ntlworld com>
Date: Mon, 18 Jun 2001 18:53:35 +0100
Sophos eats CPU with large compressed files when intercheck examines a file (the file emvt30 from Microsoft's d/l killed my 800 athlon on a 4 disk IDE s/w stripe (NT4)and 384Meg for 10's of minutes - I gave up and killed it eventually, but that was hard going too!) John Haines -----Original Message----- From: Michel Arboi [mailto:arboi () yahoo com] Sent: 17 June 2001 23:11 To: VULN-DEV () SECURITYFOCUS COM Subject: Antivirus scanner DoS with zip archives Some time ago, MimeSweeper could be killed in a rather simple way: Compress with zip a 1 GB file filled with zeros, and attach the 1MB (*) result to an e-mail. MimeSweeper tried to allocate 1 GB of memory and died. (*) The maximum compressing ratio with the Zip algorithm is ~ 1:1000 This bug is supposed to be fixed in the last versions (I did not check). ******** Instead of trying to eat all the memory, we could try to eat the CPU like this: <stuff deleted>
Current thread:
- Antivirus scanner DoS with zip archives Michel Arboi (Jun 18)
- RE: Antivirus scanner DoS with zip archives Damage (Jun 18)
- RE: Antivirus scanner DoS with zip archives Michel Arboi (Jun 19)
- Re: Antivirus scanner DoS with zip archives Ron DuFresne (Jun 18)
- Re: Antivirus scanner DoS with zip archives Markus 'FvD' Weber (Jun 19)
- Re: Antivirus scanner DoS with zip archives Michel Arboi (Jun 20)
- Re: Antivirus scanner DoS with zip archives Robert Davidson Security (Jun 21)
- Re: Antivirus scanner DoS with zip archives Aycan Irican (Jun 23)
- Re: Antivirus scanner DoS with zip archives bill_weiss (Jun 24)
- Re: Antivirus scanner DoS with zip archives Aycan Irican (Jun 24)
- Re: Antivirus scanner DoS with zip archives Markus 'FvD' Weber (Jun 19)
- RE: Antivirus scanner DoS with zip archives Damage (Jun 18)