RE: [Full-Disclosure] Just when you thought Macafee stuff was safe!

From: Tim Saunders (Tim.Saunders_at_aquilauk.co.uk)
Date: 09/24/03

Next message: security_at_sco.com: "[Full-Disclosure] OpenServer 5.0.7 OpenServer 5.0.6 OpenServer 5.0.5 : wu-ftpd fb_realpath() off-by-one bug"

Previous message: Peter Busser: "Re: [Full-Disclosure] Swen Really Sucks"
Maybe in reply to: gregh: "[Full-Disclosure] Just when you thought Macafee stuff was safe!"
Next in thread: Jeremiah Cornelius: "[Full-Disclosure] **NEW** OpenSSH Vuln Today"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "gregh" <chows@ozemail.com.au>, <full-disclosure@lists.netsys.com>
Date: Wed, 24 Sep 2003 09:39:11 +0100

It's the on-access scanner that has the problem when you try to do
anything with the downloaded file. Even if you are only copying it to
another PC.

I would accept it cannot scan the contents of such a large compressed
file if it didn't crash and leave the on-access scanner disabled.

Tim

> -----Original Message-----
> From: gregh [mailto:chows@ozemail.com.au]
> Sent: 23 September 2003 22:52
> To: Tim Saunders; full-disclosure@lists.netsys.com
> Subject: Re: [Full-Disclosure] Just when you thought Macafee
> stuff was safe!
>
>
>
> > ----- Original Message -----
> > From: "Tim Saunders" <Tim.Saunders@aquilauk.co.uk>
> > To: "gregh" <chows@ozemail.com.au>;
> <full-disclosure@lists.netsys.com>
> > Sent: Wednesday, September 24, 2003 1:14 AM
> > Subject: RE: [Full-Disclosure] Just when you thought
> Macafee stuff was
> safe!
>
>
> > Or if your users have McAfee Virus scan wait for them to download a
> > large compressed file, I find zips of oracle CDs from
> partner.oracle.com
> > do nicely. Now watch McAfee crash as it tries to scan the
> contents of
> > the zip and times out (I believe) thus leaving the machine nice and
> > vulnerable since it doesn't auto restart. Any 300MB+ Zip, .tar.gz,
> > .cpio.gz etc seems to work. Smaller files may also work depending on
> > your machine.
>
> Tim,
>
> Gotta say I don't have that problem with Macafee stuff. I
> have 98 and XP
> machines that have anywhere from 500meg files to, in 2 cases, 2gig
> compressed files sitting on them and what you say has never
> happened even
> once in a scheduled scan. I never allow any virus scanner to
> scan incoming
> compressed files. I only allow them to scan when I save to disk from
> attachment and that hasn't ever been a problem, either.
>
> Greg.
>
>
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Next message: security_at_sco.com: "[Full-Disclosure] OpenServer 5.0.7 OpenServer 5.0.6 OpenServer 5.0.5 : wu-ftpd fb_realpath() off-by-one bug"

Previous message: Peter Busser: "Re: [Full-Disclosure] Swen Really Sucks"
Maybe in reply to: gregh: "[Full-Disclosure] Just when you thought Macafee stuff was safe!"
Next in thread: Jeremiah Cornelius: "[Full-Disclosure] **NEW** OpenSSH Vuln Today"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]