Vulnerability Development mailing list archives
Re: Antivirus/Trojan/Spyware scanners DoS [summary]
From: npguy <npguy () websurfer com np>
Date: Wed, 16 Jun 2004 09:25:56 +0545
I believe further research should be don't to confirm, *ClamAV version 0.07, 0.72 *eTrust InoculateIT version 6.0
you donot have complete picture and you incomplete research is just making everyone confused. i better like to take reference from the old advisory that gives atleast clear background http://www.rapid7.com/advisories/R7-0004/index.html about calm check "manager.c" of clam 0.15 242 if(strbcasestr(filename, ".zip")) { 243 char *args[] = { "unzip", "-P", "clam", "-o", (char *) filename, NULL }; 244 if((userprg = getargl(opt, "unzip"))) 245 ret = clamav_unpack(userprg, args, tmpdir, user, opt); 246 else 247 ret = clamav_unpack("unzip", args, tmpdir, user, opt); clam use unzip utility outside its process space. if unzip itself is vulnerable (not in case of linux) then clam may face similar problem Fprot is perfect! On Tuesday 15 June 2004 08:43 pm, Bipin Gautam wrote:
In-Reply-To: <20040614003349.4049.qmail () www securityfocus com> *F-Prot 4.4.2 for Linux did took considerable amount of time [avg: 90 seconds] while scanning the file, there have been conflicting report... whether or not, F-Prot is vulnerable. But, a compressed archive can be crafted in a way so that F-Prot will take about an hour to scan.... Are vulnerable. Please Note: This is just a simple proof of concept, smaller acrhives > 10kb can be created that contain a terabyte of data...
Current thread:
- Antivirus/Trojan/Spyware scanners DoS [summary] Bipin Gautam (Jun 14)
- <Possible follow-ups>
- Re: Antivirus/Trojan/Spyware scanners DoS [summary] Bipin Gautam (Jun 15)
- Re: Antivirus/Trojan/Spyware scanners DoS [summary] npguy (Jun 18)