Full Disclosure mailing list archives
Antivirus/Trojan/Spyware scanners DoS!
From: bipin gautam <visitbipin () yahoo com>
Date: Sun, 13 Jun 2004 07:44:46 -0700 (PDT)
Hello everybody, I wounder how many Antivirus/Trojan/Spyware scanners will choak to death while having a manual scan of the file: http://www.geocities.com/visitbipin/SERVER_dwn.zip I was woundering, what would be the results if such file gets stucked in an "AV gateway" (O; please, report your findings..... regards, Bipin Gautam http://www.geocities.com/visitbipin/
These are the recent findings, Please participate in the discussion. * KAV successfully passes the test! [Confirmed] Well I find, both norton antivirus 2002 & norton 2003 first try to extract the zip file..... [note: each ~.* is a compressed 12 GB file] fo it will [.....you guessed it..... DoS] Norton Antivirustakes considerable amount of time to scan .cab files. I tried....... http://www.ravantivirus.com/scan/indexn.php It took for ever.... [I stopped or i might have crassed the server] I've tried to scan those .bz2 files with Mcafee, it does choak for a while but it went through. If you have Autometically 'quarentine/delete' option set for your AV scanner and it detects a virus "ercata test virus" inside the rar file. The AV will suffer a DoS while extracting the .rar files. -> Has any one tried it for trojan/spyware scanners that scan inside compressed files??? ----------------------------- * Winxp default zip manager just report the 12Gb zip file to be 121 Mb!??? * Winrar [3.20] can show the size of .bz2 files and winrar just report bipin.zip is 128 Mb but it start filling up the hdd. to 12 Gb if you try to extract the file. *If we try to extract the 12 Gb [Standalone] file in Fat32 tries to extract the 12 Gb file and terminate extraction after 4Gb [fat32 limit] I wounder, why in the 1'st place would Winrar allow to extract a 4+ Gb [single] file in Fat 32. ------------------------------ Regards, Bipin Gautam Ps: Please, reply with the version No. of the AV. scanner that you are using. If anyone of you have a test PC please test the file using the online virus scanners available at : http://virusall.com/downscan.html __________________________________ Do you Yahoo!? Friends. Fun. Try the all-new Yahoo! Messenger. http://messenger.yahoo.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Antivirus/Trojan/Spyware scanners DoS! bipin gautam (Jun 13)
- Re: Antivirus/Trojan/Spyware scanners DoS! Marcin Owsiany (Jun 13)
- Antivirus/Trojan/Spyware scanners DoS! bipin gautam (Jun 13)
- Re: Antivirus/Trojan/Spyware scanners DoS! Benjamin (Jun 13)
- Re: Antivirus/Trojan/Spyware scanners DoS! Syke (Jun 13)
- Re: Antivirus/Trojan/Spyware scanners DoS! npguy (Jun 13)
- Re: Antivirus/Trojan/Spyware scanners DoS! Benjamin (Jun 13)
- Re: Antivirus/Trojan/Spyware scanners DoS! evilninja (Jun 13)
- RE: Antivirus/Trojan/Spyware scanners DoS! Sean Crawford (Jun 13)
- RE: Antivirus/Trojan/Spyware scanners DoS! Aditya, ALD [Aditya Lalit Deshmukh] (Jun 13)
- Re: Antivirus/Trojan/Spyware scanners DoS! Cory Donnelly (Jun 15)
- spamming trojan? Geo. (Jun 16)
- Re: spamming trojan? Michael Gargiullo (Jun 16)
- Message not available
- Message not available
- Re: spamming trojan? joe smith (Jun 16)