Full Disclosure mailing list archives
Re: Antivirus/Trojan/Spyware scanners DoS!
From: npguy <npguy () websurfer com np>
Date: Mon, 14 Jun 2004 09:15:26 +0545
This comes when extracting module doesn't verify the intgerity of headers. The similar types of breaches were found in WinRAR. The quick approach to resolve is to verify the actual physical size of the compressed file against the headers info. WinRAR now takes similar approach. Not only the AntiVirus any applicaiton that does use the Zip API faces similar problem since the library that comes along with the extractiong function has same design error. npguy On Sunday 13 June 2004 10:35 pm, Ahmed Motaz wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 bipin gautam wrote: | I wounder how many Antivirus/Trojan/Spyware scanners will choak to | death while having a manual scan of the file I have tried it with Norton AntiVirus 2003 on a PIII 550/256 MB RAM machine. It took it 8 minutes to scan 42 files before I aborted it. I was curious how you crafted such a ZIP file. It extracts to 125KB and then extracts to more than 500 MB. | I was woundering, what would be the results if such file gets | stucked in an "AV gateway" (O; If there was no timeout, then it definitely can crash lots of these. I, however, like to add that this is not a problem with the AV software; I tried extracting it manually using WinRAR and WinZIP, but it took forever, especially the file ~.rar, which is 6 MB before extraction. I have tried it with online scanner, Kaspersky (http://www.kaspersky.com/scanforvirus), but the scan did not take more than 1 minute and detected 15 virus bodies out of 692 scanned files. I'd like to hear more about it soon. Regards, Ahmed Motaz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFAzIXCxSm8vaS5lh8RAruBAJ9Giaap/vtDwxOmh4MDzYMs/A3hUQCeJuqX DLJ+H/hHhIYMPiFWDqxw3O8= =HVzd -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: spamming trojan?, (continued)
- Re: spamming trojan? Michael Gargiullo (Jun 16)
- Message not available
- Message not available
- Re: spamming trojan? joe smith (Jun 16)
- Re: spamming trojan? Michael Gargiullo (Jun 16)
- Re: spamming trojan? joe smith (Jun 16)
- Re: spamming trojan? Aditya, ALD [ Aditya Lalit Deshmukh ] (Jun 16)
- Re: spamming trojan? Aditya, ALD [ Aditya Lalit Deshmukh ] (Jun 17)
- Re: spamming trojan? Paul Schmehl (Jun 16)
- RE: Antivirus/Trojan/Spyware scanners DoS! Geo. (Jun 16)
- Re: Antivirus/Trojan/Spyware scanners DoS! npguy (Jun 13)
- Re: Antivirus/Trojan/Spyware scanners DoS! bipin gautam (Jun 14)
- Re: Antivirus/Trojan/Spyware scanners DoS! BigBrother-{BigB3} (Jun 14)
- Re: Antivirus/Trojan/Spyware scanners DoS! bipin gautam (Jun 14)
- Re: Antivirus/Trojan/Spyware scanners DoS! bipin gautam (Jun 15)