Re: Anti Virus Mailscanners DOS
From: Martin Lesser (m-lesser@lesser-com.de)Date: 02/26/02
- Previous message: Calanan, Michael: "RE: Symantec LiveUpdate"
- In reply to: Eduardo R. Maciel: "Anti Virus Mailscanners DOS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: bugtraq@securityfocus.com From: Martin Lesser <m-lesser@lesser-com.de> Date: 26 Feb 2002 07:36:05 +0100
"Eduardo R. Maciel" <maciel@inetd.com.br> writes:
> -----------------------------------
> -----[ SECURITY ANNOUNCEMENT ]-----
> -----------------------------------
> iNetd Security Research Annoucement
>
> ...
>
> An antivirus mailscanner should check the filesizes inside a
> compressed file like .tar.gz, .zip, .bz2, etc, BEFORE open the file
> for scanning.
>
> All the products that doesn't do that checking are vulnerable to a
> Denial Of Service attack.
That is a long known issue and was described in more depth several times
in several ML/news in relation with i.e. http://www.fefe.de/antivirus/42.zip
http://groups.google.com/groups?q=42.zip+antivirus returns 27 (!)
threads about this issue...
So IMO this so called "announcement" is really no topic here.
Martin
- Previous message: Calanan, Michael: "RE: Symantec LiveUpdate"
- In reply to: Eduardo R. Maciel: "Anti Virus Mailscanners DOS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
