Penetration Testing mailing list archives

Re: PenTesting Email AntiVirus

From: "Rainer Duffner" <rainer () ultra-secure de>
Date: Fri, 17 May 2002 08:52:00 +0000

Ilici Ramirez writes:

Hello,

What ways do you know to pen-test email antivirus

software?


I'd try to pack various combinations of different file-formats into
each other (OLE-container).
E.g., if they have disabled .exe to enter or leave the LAN, try sticking
it into an Excel or PPT-file.
It should not work, but that's what you're supposed to find out.
;-)

Of course, with webmail-over-https this is 80% pointless nowadays...

A cool one that has been published before is to zip a
very large file that contains the same character. The
result, a very small file attached to an email could
deplete resources on the antivirus server. Do you know
any AV exploitable with this?

It's called 42.zip and there has been a discussion about this once in awhile. Search the archives.


cheers,
Rainer
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Rainer Duffner                   Munich
rainer () ultra-secure de          Germany
http://www.i-duffner.de        Freising
========================================
   When shall we three meet again
 In thunder, lightning, or in rain?

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Current thread:

PenTesting Email AntiVirus Ilici Ramirez (May 16)
- Re: PenTesting Email AntiVirus Rainer Duffner (May 17)
- Re: PenTesting Email AntiVirus William D. Colburn (aka Schlake) (May 17)
- Re: PenTesting Email AntiVirus Volker Tanger (May 17)
- <Possible follow-ups>
- Re: PenTesting Email AntiVirus Muhammad Faisal Rauf Danka (May 17)