Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Bugs in Mac Afee AV? [Re: Antivirus scanner DoS with zip archives]

From: "Jason R. Seats" <Jason.Seats () TechGuardSecurity com>
Date: Wed, 20 Jun 2001 13:31:14 -0500
Michel Arboi wrote:


Still playing with those crazy Zip archives, I tried to DoS "NetShield"
on out NT file server.
It failed! NetShield does not "recurse" into Zip archives, it only
looks at the first level.
This means that it is immune to this stupid DoS attack, but malicious
code may be burried under two levels of archiving.
I am not sure this should be called a "bug", as this tool only protects
(?) file transfers from/to a server. The workstation should run another
software protection.



It seems to me, IMHO, that this is more along the way that AV scanning
should work in regards to archived files.

1. files are scanned on download, etc., but only one-level deep.
2. AV's have archive and zip utility hooks in them that allow the AV
scanner to be notified when files are "unzipped".

Then the idea is that you only check files when they become usable
(uncompressed).

Seats.

-- 
Jason Seats
Information Security Software Engineer
TechGuard Security
jason.seats () techguardsecurity com
www.techguardsecurity.com
636-519-4848
Previous By Date Next
Previous By Thread Next

Current thread: