LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 08-14-2001, 07:11 AM   #1
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,409
Blog Entries: 55

Rep: Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582
FYI: Antivirus scanner DoS with zip archives


Half June a thread ran in Secfocus' Vuln-dev mailinglist on dossing AV/Mail products.
The problem is how it handles multiple compressed & nested archives and how resource limiting on the OS (or not) affects performance. The file is http://www.hanau.net/fgk/downloads/42.zip, which is 42K, containing nested zip's and at the end a 4GB file (6 levels deep,each level 17 wide).

Testing it on W2K with AVP the box just wouldnt react no more to user input.
On Linux with Mcafee's Uvscan or RAV it goes to 100% CPU but churns out reporting as it goes along, handling sluggish, but progressing anyway.
(750-SMP-265RAM)

Now u say "how does this affect me?" Well, if ure serving mail for a windoze community, letting this tiny zip tru will have a great impact if they got personal AV coverage. Also it's not hard to come up with a zip hierarchy in which u just embed the signatures for, say the last 10 ITW viruses, so the reporting fills up the disks ...or compress a 1Gb file filled with zeroes and see the scanner hog memory like theres no tomorrow.

Reported b0rken are Sophos, MAIL/MIMESweeper, AVP, F-Secure and TrendMicro InterScan VirusWall.
*If anyone tests this file against their AV products & post some results, TIA.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Any Good Multiplatform Antivirus Scanner? gjsIV Linux - General 1 10-16-2005 09:29 AM
scsi scanner and zip not working jordanthompson Linux - General 12 12-01-2004 10:37 AM
Zip/Gzip "split" archives? Megamieuwsel Linux - General 2 01-10-2004 09:59 AM
Is there any free antivirus scanner for squid? cmisip Linux - Networking 3 12-14-2003 01:51 AM
Where I can download good antivirus scanner Egyptian_Isis Linux - Newbie 4 10-17-2003 11:30 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 07:47 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration