Bugtraq mailing list archives
Re: Multiple Antivirus Scanners DoS attack.
From: Yosif Sleman <sleman () compranet gob mx>
Date: Tue, 15 Jun 2004 12:48:07 -0500
Solaris 8 box with Virus Scan for Solaris 4.32.0, engine 4.3.20 and data file 4366 takes a lot of CPU and time to process the file, but the process never crashed neither hanged, the CPU was around 96% of usage, and the memory kept between 26 and 33MB (i have two webservers an a database running on the test box and none was affected even with the uvscan taking all the CPU).
At first, the scan stalled at the same point than Linux but after 3 mins the scan continued without problems, i had to stop the scan 48 mins later only with a 50% of the backdoor file processed because it was taking so long to finish. (the cab files are the slowest to parse).
Regards, Sleman At 02:48 PM 14/06/2004 -0300, "Ethy H. Brito" <ethy () inexo com br> wrote:
On Mon, 14 Jun 2004 14:38:50 +0000 "bipin gautam" <visitbipin () hotmail com> wrote: > Multiple Antivirus Scanners DoS attack. > > --- [Vulnerable Products] --- > Only tested on... > > * Norton Antivirus 2002 > * Norton Antivirus 2003 > * Mcafee VirusScan 6 > * Network Associates (McAfee) VirusScan Enterprise 7.1 > * Windows Xp default ZIP manager [report's wrong size of compress ZIP > files.] Linux uvscan scan engine 4.3.20 (MacAfee) is also vulnerable.uvscan takes all CPU and lots of memory been only killed with signal 9 from another terminal.from 'top': PID USER PRI NI SIZE RSS SHARE STAT %CPU %MEM TIME CPU COMMAND 1306 nobody 15 0 22744 21M 1648 R 97.4 35.6 0:44 0 uvscannobody@babalu:/usr/local/uvscan# ./uvscan -v -r --analyze --unzip BlackHole.zipScanning BlackHole.zip Scanning file BlackHole.zip Scanning file BlackHole.zip/~.BZ2 ..... stalls here ..... -- Ethy H. Brito /"\ InterNexo Ltda. \ / CAMPANHA DA FITA ASCII - CONTRA MAIL HTML +55 (12) 3941-6860 X ASCII RIBBON CAMPAIGN - AGAINST HTML MAIL S.J.Campos - Brasil / \
Current thread:
- Multiple Antivirus Scanners DoS attack. bipin gautam (Jun 14)
- Re: Multiple Antivirus Scanners DoS attack. Ethy H. Brito (Jun 14)
- Re: Multiple Antivirus Scanners DoS attack. Yosif Sleman (Jun 21)
- Re: Multiple Antivirus Scanners DoS attack. Tucker (Jun 16)
- Re: Multiple Antivirus Scanners DoS attack. Jacek Osiecki (Jun 18)
- Re: Multiple Antivirus Scanners DoS attack. Jason Haar (Jun 21)
- Re: Multiple Antivirus Scanners DoS attack. Jacek Osiecki (Jun 18)
- <Possible follow-ups>
- RE: Multiple Antivirus Scanners DoS attack. Messer, Jon (Jun 15)
- RE: Multiple Antivirus Scanners DoS attack. Bo Rasmussen (Jun 15)
- RE: Multiple Antivirus Scanners DoS attack. Brian Christmas (Jun 16)
- Re: Multiple Antivirus Scanners DoS attack. jspanitz (Jun 16)
- Re: Multiple Antivirus Scanners DoS attack. Ethy H. Brito (Jun 14)