Full Disclosure mailing list archives
Re: Multiple Antivirus Scanners DoS attack.
From: Shashank Rai <shash () etisalat-nis ae>
Date: Tue, 15 Jun 2004 08:00:10 +0400
On Mon, 2004-06-14 at 18:38, bipin gautam wrote:
Multiple Antivirus Scanners DoS attack. --- [Vulnerable Products] --- Only tested on... * Norton Antivirus 2002 * Norton Antivirus 2003 * Mcafee VirusScan 6 * Network Associates (McAfee) VirusScan Enterprise 7.1 * Windows Xp default ZIP manager [report's wrong size of compress ZIP files.] There has been multiple reports [Unconfirmed] *F-Prot 4.4.2 for Linux *Panda Antivirus Are vulnerable.
On a Fedora Core-2 box..... Virus scanning report - 15 June 2004 @ 7:50 F-PROT ANTIVIRUS Program version: 4.4.2 Engine version: 3.14.11 VIRUS SIGNATURE FILES SIGN.DEF created 12 June 2004 SIGN2.DEF created 12 June 2004 MACRO.DEF created 7 June 2004 Search: /home/shash/tmp/SERVER_dwn.zip Action: Report only Files: "Dumb" scan of all files Switches: -ARCHIVE -PACKED -SERVER /home/shash/tmp/SERVER_dwn.zip->BlackHole.zip->1/~.cab->0.cab->cab.com Infection: EICAR_Test_File /home/shash/tmp/SERVER_dwn.zip->BlackHole.zip->1/~.zip->bipin.zip Infection: EICAR_Test_File /home/shash/tmp/SERVER_dwn.zip->BlackHole.zip->2/~.cab->0.cab->cab.com Infection: EICAR_Test_File /home/shash/tmp/SERVER_dwn.zip->BlackHole.zip->2/~.zip->bipin.zip Infection: EICAR_Test_File /home/shash/tmp/SERVER_dwn.zip->BlackHole.zip->3/~.cab->0.cab->cab.com Infection: EICAR_Test_File /home/shash/tmp/SERVER_dwn.zip->BlackHole.zip->3/~.zip->bipin.zip Infection: EICAR_Test_File /home/shash/tmp/SERVER_dwn.zip->BlackHole.zip->4/~.cab->0.cab->cab.com Infection: EICAR_Test_File /home/shash/tmp/SERVER_dwn.zip->BlackHole.zip->4/~.zip->bipin.zip Infection: EICAR_Test_File /home/shash/tmp/SERVER_dwn.zip->BlackHole.zip->5/~.cab->0.cab->cab.com Infection: EICAR_Test_File /home/shash/tmp/SERVER_dwn.zip->BlackHole.zip->5/~.zip->bipin.zip Infection: EICAR_Test_File Results of virus scanning: Files: 1 MBRs: 0 Boot sectors: 0 Objects scanned: 657 Infected: 10 Suspicious: 0 Disinfected: 0 Deleted: 0 Renamed: 0 Time: 1:13 f-prot vulnerable????? -- shashank <-- Here is the Packet that was fragmented and has been assembled again. (with apologies to JRR Tolkien :) --> _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Multiple Antivirus Scanners DoS attack. Shashank Rai (Jun 14)
- Re: Re: Multiple Antivirus Scanners DoS attack. bipin gautam (Jun 15)
- <Possible follow-ups>
- Re: Multiple Antivirus Scanners DoS attack. Luca Gibelli (Jun 16)