Full Disclosure mailing list archives

Antivirus/Trojan/Spyware scanners DoS!

From: bipin gautam <visitbipin () yahoo com>
Date: Sun, 13 Jun 2004 07:44:46 -0700 (PDT)

Hello everybody,

I wounder how many Antivirus/Trojan/Spyware scanners
will choak to death while having a manual scan of
the
file:

http://www.geocities.com/visitbipin/SERVER_dwn.zip

I was woundering, what would be the results if such
file gets stucked in an "AV gateway" (O;

please, report your findings..... 

regards,
Bipin Gautam

http://www.geocities.com/visitbipin/



These are the recent findings, Please participate in
the discussion.

* KAV successfully passes the test! [Confirmed]

Well I find, both norton antivirus 2002 & norton  2003
first try to extract the zip file..... [note: each ~.*
is a compressed 12 GB file] fo it will [.....you
guessed it..... DoS] Norton Antivirustakes
considerable amount of time to scan .cab files.

I tried.......
http://www.ravantivirus.com/scan/indexn.php
It took for ever.... [I stopped or i might have
crassed the server]

I've tried to scan those .bz2 files with Mcafee, it
does choak for a while but it went through.

If you have Autometically 'quarentine/delete' option
set for your AV scanner and it detects a virus "ercata
test virus" inside the rar file. The AV will suffer a
DoS while extracting the .rar files.

-> Has any one tried it for trojan/spyware scanners
that scan inside compressed files???

 
-----------------------------
* Winxp default zip manager just report the 12Gb zip
file to be 121 Mb!???
* Winrar [3.20] can show the size of .bz2 files and
winrar just report bipin.zip is 128 Mb but it start
filling up the hdd. to 12 Gb if you try to extract the
file.
*If we try to extract the 12 Gb [Standalone] file in
Fat32 tries to extract the 12 Gb file and terminate
extraction after 4Gb [fat32 limit] I wounder, why in
the 1'st place would Winrar allow to extract a 4+ Gb
[single] file in Fat 32.
------------------------------

Regards,
Bipin Gautam



Ps: Please, reply with the version No. of the AV.
scanner that you are using. If anyone of you have a
test PC please test the file using the online virus
scanners available at : http://virusall.com/downscan.html


        
                
__________________________________
Do you Yahoo!?
Friends.  Fun.  Try the all-new Yahoo! Messenger.
http://messenger.yahoo.com/ 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Antivirus/Trojan/Spyware scanners DoS! bipin gautam (Jun 13)
- Re: Antivirus/Trojan/Spyware scanners DoS! Marcin Owsiany (Jun 13)
- Antivirus/Trojan/Spyware scanners DoS! bipin gautam (Jun 13)
  - Re: Antivirus/Trojan/Spyware scanners DoS! Benjamin (Jun 13)
    - Re: Antivirus/Trojan/Spyware scanners DoS! Syke (Jun 13)
    - Re: Antivirus/Trojan/Spyware scanners DoS! npguy (Jun 13)
  - Re: Antivirus/Trojan/Spyware scanners DoS! evilninja (Jun 13)
  - RE: Antivirus/Trojan/Spyware scanners DoS! Sean Crawford (Jun 13)
  - RE: Antivirus/Trojan/Spyware scanners DoS! Aditya, ALD [Aditya Lalit Deshmukh] (Jun 13)
    - Re: Antivirus/Trojan/Spyware scanners DoS! Cory Donnelly (Jun 15)
    - spamming trojan? Geo. (Jun 16)
    - Re: spamming trojan? Michael Gargiullo (Jun 16)
    - Message not available
    - Message not available
    - Re: spamming trojan? joe smith (Jun 16)

(Thread continues...)