Information Security News mailing list archives
Re: .zip files putting the zap on antivirus products
From: InfoSec News <isn () c4i org>
Date: Fri, 13 Feb 2004 08:19:26 -0600 (CST)
Forwarded from: Russell Coker <russell () coker com au> On Thu, 12 Feb 2004 23:44, InfoSec News <isn () c4i org> wrote:
Forwarded from: Cuadros Alvaro <acuadros () bancomercantil com bo> I woudn't consider that as a serious problem, Zipping ( Commpressing ) a file has its limits you can not compress beyond what the compression algorithms allow you to. Just try to zip or rar a file 20 times , the result is going to be the same at the end than the one you had in the third round.
It is a serious problem. Files comprised of only zeros compress really well. The compression ratio is determined by the block size for run length compression and the size of the encoded blocks. A quick test with gzip (which AFAIK implements similar algorithms to zip) compressed 100M of zeros to just under 100K (better than 1024:1 compression). For business email 5M-10M attachments are common, such attachments would permit 5G or 10G of compressed data. Many virus scanners don't have 10G of disk space free. Also most virus scanners are configured to scan messages in parallel, so if 50 messages with 10G of compressed data were sent through at the same time it will probably stop any anti-virus system. I also did a test of bzip2 compression, it compressed 100M of zeros to 120 bytes... -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page - ISN is currently hosted by Attrition.org To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY of the mail.
Current thread:
- .zip files putting the zap on antivirus products InfoSec News (Feb 06)
- <Possible follow-ups>
- Re: .zip files putting the zap on antivirus products InfoSec News (Feb 10)
- Re: .zip files putting the zap on antivirus products InfoSec News (Feb 11)
- Re: .zip files putting the zap on antivirus products InfoSec News (Feb 13)