| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 13 Jun 2004 07:44:46 -0700 (PDT) From: bipin gautam <visitbipin@...oo.com> To: full-disclosure@...ts.netsys.com Cc: bugtraq@...urityfocus.com, vun-dev@...urityfocus.com Subject: Antivirus/Trojan/Spyware scanners DoS! > Hello everybody, > > I wounder how many Antivirus/Trojan/Spyware scanners > will choak to death while having a manual scan of > the > file: > > http://www.geocities.com/visitbipin/SERVER_dwn.zip > > I was woundering, what would be the results if such > file gets stucked in an "AV gateway" (O; > > please, report your findings..... > > regards, > Bipin Gautam > > http://www.geocities.com/visitbipin/ These are the recent findings, Please participate in the discussion. * KAV successfully passes the test! [Confirmed] Well I find, both norton antivirus 2002 & norton 2003 first try to extract the zip file..... [note: each ~.* is a compressed 12 GB file] fo it will [.....you guessed it..... DoS] Norton Antivirustakes considerable amount of time to scan .cab files. I tried....... http://www.ravantivirus.com/scan/indexn.php It took for ever.... [I stopped or i might have crassed the server] I've tried to scan those .bz2 files with Mcafee, it does choak for a while but it went through. If you have Autometically 'quarentine/delete' option set for your AV scanner and it detects a virus "ercata test virus" inside the rar file. The AV will suffer a DoS while extracting the .rar files. -> Has any one tried it for trojan/spyware scanners that scan inside compressed files??? ----------------------------- * Winxp default zip manager just report the 12Gb zip file to be 121 Mb!??? * Winrar [3.20] can show the size of .bz2 files and winrar just report bipin.zip is 128 Mb but it start filling up the hdd. to 12 Gb if you try to extract the file. *If we try to extract the 12 Gb [Standalone] file in Fat32 tries to extract the 12 Gb file and terminate extraction after 4Gb [fat32 limit] I wounder, why in the 1'st place would Winrar allow to extract a 4+ Gb [single] file in Fat 32. ------------------------------ Regards, Bipin Gautam Ps: Please, reply with the version No. of the AV. scanner that you are using. If anyone of you have a test PC please test the file using the online virus scanners available at : http://virusall.com/downscan.html __________________________________ Do you Yahoo!? Friends. Fun. Try the all-new Yahoo! Messenger. http://messenger.yahoo.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists