Bugtraq mailing list archives

Re: Anti Virus Mailscanners DOS

From: "David F. Skoll" <dfs () roaringpenguin com>
Date: Mon, 25 Feb 2002 18:52:51 -0500 (EST)

On Mon, 25 Feb 2002, Eduardo R. Maciel wrote:

An antivirus mailscanner should check the filesizes inside a
compressed file like .tar.gz, .zip, .bz2, etc, BEFORE open the file
for scanning.


MIMEDefang, in its normal configuration, does not look inside compressed
files or archives.

In general, I believe it is unwise for any virus scanner to look
inside compressed files or archives unless explicitly told to do so in
an interactive invocation.  The extra steps required to open such
files and extract and execute the viral payload make it highly
unlikely that viruses would propagate in this way.

Viruses rely heavily on social engineering for propagation.  Archives
and compression make such social engineering difficult.

--
David.

Current thread:

Re: Anti Virus Mailscanners DOS David F. Skoll (Feb 28)
- <Possible follow-ups>
- Re: Anti Virus Mailscanners DOS Lars Hecking (Feb 28)
- Re: Anti Virus Mailscanners DOS Eduardo R. Maciel (Feb 28)
- Re: Anti Virus Mailscanners DOS Kragen Sitaker (Mar 01)
- Re: Anti Virus Mailscanners DOS Paul L Daniels (Mar 01)
- Re: Anti Virus Mailscanners DOS arivanov (Mar 01)