| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: visitbipin at yahoo.com (bipin gautam) Subject: Antivirus/Trojan/Spyware scanners DoS! --- Chad_Loder@...id7.com wrote: > There is a history of years and years of antivirus > products > choking on funky compressed files. > > We had reports of quite a few AV products crapping > out on > the invalid zip files included with our zip advisory > from 2002: > > > http://www.rapid7.com/advisories/R7-0004/R7-0004.tgz > > > http://www.rapid7.com/advisories/R7-0004/index.html > > I doubt they've all been fixed. Feel free to try > out your favorite > product on those files (there is a valid gzipped > tarball with > semivalid zip files containing the antivirus test file). it's like an issue....... "NO two sql injection's are same, even for a same product" OK, so the issue has been on the wild for several years! Well, the file SERVER _dwn.zip will effectively put the test to most antivirus scanners that scan inside .zip,.rar,.cab,.bz2,.tz files. Well, i find kaspersky antivirus only handles the file a good way, no timeouts... no compressed file size restriction etc..... this issue has been (re-)heated so i hope this time, AV companies will take it seriously. well, as a good old m$ saying [escuse]..... most software companies didn't took security that seriously back around 1998! HAS ANYONE TRIED IT WITH any trojan/spyware scanners?????? regards, bipin __________________________________ Do you Yahoo!? Friends. Fun. Try the all-new Yahoo! Messenger. http://messenger.yahoo.com/
Powered by blists - more mailing lists