Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: FW: Antivirus scanner DoS with zip archives

From: Dale Martin <dalemartin () start com au>
Date: Wed, 20 Jun 2001 7:44:38 +0930
From: Markus 'FvD' Weber [mailto:fvd () ira uka de]
Sent: Tuesday, 19 June 2001 8:17 PM
To: VULN-DEV () securityfocus com
Cc: Markus 'FvD' Weber
Subject: Re: Antivirus scanner DoS with zip archives


There is 42.zip out there, 42K total size, which consists of
nested zip's and at the end a 4GB file (IIRC 6 levels deep,
each level 17 'wide') ... kills most email virus checker.

To protect your self from you email virus gateway crashing,
try to ensure that each single thread which checks an email
has only limited resources. Under Unix ulimit/limit is your
best friend ... (for process and file size). 

Markus



Tested 42.zip with Trend Micro Viruswall on a poor old Pentium 100
with 400Meg drive and 130Meg free and worked just fine - no crash -
must admit it took about 30 minutes to process it though.  (VET from
CA v10.2.5 didnt like it all)

Dale


__________________________________________________________________
Get your free Australian email account at http://www.start.com.au
Previous By Date Next
Previous By Thread Next

Current thread: