Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: FW: Antivirus scanner DoS with zip archives

From: Daniel Schrader <danx1000 () yahoo com>
Date: Wed, 20 Jun 2001 11:47:21 -0700 (PDT)
Trend products have an option to select how many levels of nesting they will
unzip.  If I recall, the default is 15.  Zip files with more then that are to
be treated as a virus.

Computer Associates InocuLAN IT products also have a limit as to how deep they
will go (or at least they used to).  The default was 4 if I recall.  I don't
believe that it is user configurable (though I may be wrong - it has been 4
years since I used them).

Dan Schrader
former Chief Security Officer at Trend Micro
former Product Line Manager, Anti-Virus products, Computer Associates
VP of Product Management, Gilian Technologies.


ps CA actually had a user hit by this type of attack - which prompted CA and
Trend to change their products.



__________________________________________________
Do You Yahoo!?
Get personalized email addresses from Yahoo! Mail
http://personal.mail.yahoo.com/
Previous By Date Next
Previous By Thread Next

Current thread: