Vulnerability Development mailing list archives
Re: Antivirus/Trojan/Spyware scanners DoS [summary]
From: Bipin Gautam <visitbipin () hotmail com>
Date: 15 Jun 2004 14:58:02 -0000
In-Reply-To: <20040614003349.4049.qmail () www securityfocus com>
http://www.geocities.com/visitbipin/SERVER_dwn.zip
Note: If you download such archives from an internet loaction, or 'copy/paste' such files from a distination. Those Vulnerable "Antivirus Softwares" with their auto-protect engines active, may also trigger a DoS. There have been reports, Panda Antivirus *Norton AV Corporate Ed. (version 7.60.926) *MacAfee uvscan scan for Linux (4.3.20) *DrWeb (http://www.drweb.ru/) *AVG v7.0.251 Are vulnerable. *F-Prot 4.4.2 for Linux did took considerable amount of time [avg: 90 seconds] while scanning the file, there have been conflicting report... whether or not, F-Prot is vulnerable. But, a compressed archive can be crafted in a way so that F-Prot will take about an hour to scan.... I believe further research should be don't to confirm, *ClamAV version 0.07, 0.72 *eTrust InoculateIT version 6.0 Are vulnerable. Please Note: This is just a simple proof of concept, smaller acrhives > 10kb can be created that contain a terabyte of data...
Current thread:
- Antivirus/Trojan/Spyware scanners DoS [summary] Bipin Gautam (Jun 14)
- <Possible follow-ups>
- Re: Antivirus/Trojan/Spyware scanners DoS [summary] Bipin Gautam (Jun 15)
- Re: Antivirus/Trojan/Spyware scanners DoS [summary] npguy (Jun 18)