Vulnerability Development mailing list archives
Re: Antivirus scanner DoS with zip archives
From: Robert Davidson Security <security () virtual ebbs com au>
Date: Thu, 21 Jun 2001 09:31:27 +1000
On Tue, Jun 19, 2001 at 08:53:54PM +0200, Michel Arboi wrote:
--- Markus 'FvD' Weber <fvd () ira uka de> a écrit :There is 42.zip out there, 42K total size, which consists of nested zip's and at the end a 4GB file (IIRC 6 levels deep, each level 17 'wide') ... kills most email virus checker.I did not know it existed. Altavista found this on http://www.hanau.net/fgk/downloads/42.zip Why is this kind of attack not more common? I suspect that most filters are vulnerable and yet, they are not listed as such (e.g. on securityfocus). And companies continue to use them.
This used to be really common with BBS's back in their day. The idea back then was to get a 1Gb file full of null charactors, compress it and upload it to the BBS, that way when the BBS's virus scanner (which also uncompressed the file) attempted to check the archive for viruses, it would either 1) consume all disk space, 2) keep the system busy for ages (some people ran 386's and 486's back then). The normal thing a user would do is upload the file and then hang up, which also leaves that dial-up line off-line while the virus scanner is checking the contents of the archive. -- Regards, Robert Davidson.
Current thread:
- Antivirus scanner DoS with zip archives Michel Arboi (Jun 18)
- RE: Antivirus scanner DoS with zip archives Damage (Jun 18)
- RE: Antivirus scanner DoS with zip archives Michel Arboi (Jun 19)
- Re: Antivirus scanner DoS with zip archives Ron DuFresne (Jun 18)
- Re: Antivirus scanner DoS with zip archives Markus 'FvD' Weber (Jun 19)
- Re: Antivirus scanner DoS with zip archives Michel Arboi (Jun 20)
- Re: Antivirus scanner DoS with zip archives Robert Davidson Security (Jun 21)
- Re: Antivirus scanner DoS with zip archives Aycan Irican (Jun 23)
- Re: Antivirus scanner DoS with zip archives bill_weiss (Jun 24)
- Re: Antivirus scanner DoS with zip archives Aycan Irican (Jun 24)
- Re: Antivirus scanner DoS with zip archives Markus 'FvD' Weber (Jun 19)
- RE: Antivirus scanner DoS with zip archives Damage (Jun 18)
- Re: Bugs in Mac Afee AV? [Re: Antivirus scanner DoS with zip archives] Nicolas Gregoire (Jun 21)
- Re: Bugs in Mac Afee AV? [Re: Antivirus scanner DoS with zip archives] Michel Arboi (Jun 21)