Vulnerability Development mailing list archives
Re: Antivirus scanner DoS with zip archives
From: Ron DuFresne <dufresne () winternet com>
Date: Mon, 18 Jun 2001 12:59:37 -0500 (CDT)
On Mon, 18 Jun 2001, Michel Arboi wrote: [snip]
Countermeasures? I am not sure that those attacks work (I just tried on my personal AV at home). However, I'd suggest to forbid archives inside archives (or not more than 1 level?!), or limit the global number & size of the files inside. A simple way to reject such things could be to set a timeout on the scanning operation. If it takes too long, the file, attachment, web page, whatever, is just rejected. I'd appreciate comments on this weird idea...
How much ability to determine problems would be lost, if the scanner reads only chunks of the file at a time, perhaps a tad larger then sed's line at a time? Thanks, Ron DuFresne ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart ***testing, only testing, and damn good at it too!*** OK, so you're a Ph.D. Just don't touch anything.
Current thread:
- Antivirus scanner DoS with zip archives Michel Arboi (Jun 18)
- RE: Antivirus scanner DoS with zip archives Damage (Jun 18)
- RE: Antivirus scanner DoS with zip archives Michel Arboi (Jun 19)
- Re: Antivirus scanner DoS with zip archives Ron DuFresne (Jun 18)
- Re: Antivirus scanner DoS with zip archives Markus 'FvD' Weber (Jun 19)
- Re: Antivirus scanner DoS with zip archives Michel Arboi (Jun 20)
- Re: Antivirus scanner DoS with zip archives Robert Davidson Security (Jun 21)
- Re: Antivirus scanner DoS with zip archives Aycan Irican (Jun 23)
- Re: Antivirus scanner DoS with zip archives bill_weiss (Jun 24)
- Re: Antivirus scanner DoS with zip archives Aycan Irican (Jun 24)
- Re: Antivirus scanner DoS with zip archives Markus 'FvD' Weber (Jun 19)
- RE: Antivirus scanner DoS with zip archives Damage (Jun 18)