|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Antivirus/Trojan/Spyware scanners DoS [summary]
From: Bipin Gautam (visitbipin
hotmail.com)
Date: Tue Jun 15 2004 - 09:58:02 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
In-Reply-To: <20040614003349.4049.qmailwww.securityfocus.com>
>> http://www.geocities.com/visitbipin/SERVER_dwn.zip
Note: If you download such archives from an
internet loaction, or 'copy/paste' such files from a
distination. Those Vulnerable "Antivirus Softwares"
with their auto-protect engines active, may also
trigger a DoS.
There have been reports,
Panda Antivirus
*Norton AV Corporate Ed. (version 7.60.926)
*MacAfee uvscan scan for Linux (4.3.20)
*DrWeb (http://www.drweb.ru/)
*AVG v7.0.251
Are vulnerable.
*F-Prot 4.4.2 for Linux did took considerable amount of time [avg: 90 seconds] while scanning the file, there have been conflicting report... whether or not, F-Prot is vulnerable. But, a compressed archive can be crafted in a way so that F-Prot will take about an hour to scan....
I believe further research should be don't to confirm,
*ClamAV version 0.07, 0.72
*eTrust InoculateIT version 6.0
Are vulnerable.
Please Note: This is just a simple proof of concept, smaller acrhives > 10kb can be created that contain a terabyte of data...
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]