| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: npguy at websurfer.com.np (npguy) Subject: Antivirus/Trojan/Spyware scanners DoS! This comes when extracting module doesn't verify the intgerity of headers. The similar types of breaches were found in WinRAR. The quick approach to resolve is to verify the actual physical size of the compressed file against the headers info. WinRAR now takes similar approach. Not only the AntiVirus any applicaiton that does use the Zip API faces similar problem since the library that comes along with the extractiong function has same design error. npguy On Sunday 13 June 2004 10:35 pm, Ahmed Motaz wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > bipin gautam wrote: > | I wounder how many Antivirus/Trojan/Spyware scanners will choak to > | death while having a manual scan of the file > > I have tried it with Norton AntiVirus 2003 on a PIII 550/256 MB RAM > machine. It > took it 8 minutes to scan 42 files before I aborted it. > > I was curious how you crafted such a ZIP file. It extracts to 125KB > and then extracts to more than 500 MB. > > | I was woundering, what would be the results if such file gets > | stucked in an "AV gateway" (O; > > If there was no timeout, then it definitely can crash lots of these. > > I, however, like to add that this is not a problem with the AV > software; I tried extracting it manually using WinRAR and WinZIP, but > it took forever, especially the file ~.rar, which is 6 MB before > extraction. > > I have tried it with online scanner, Kaspersky > (http://www.kaspersky.com/scanforvirus), but the scan did not take > more than 1 minute and detected 15 virus bodies out of 692 scanned files. > > I'd like to hear more about it soon. > > Regards, > Ahmed Motaz > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.4 (MingW32) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQFAzIXCxSm8vaS5lh8RAruBAJ9Giaap/vtDwxOmh4MDzYMs/A3hUQCeJuqX > DLJ+H/hHhIYMPiFWDqxw3O8= > =HVzd > -----END PGP SIGNATURE----- > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists