Re: PenTesting Email AntiVirus

From: Rainer Duffner (rainer@ultra-secure.de)
Date: 05/17/02


From: "Rainer Duffner" <rainer@ultra-secure.de>
To: pen-test@securityfocus.com
Date: Fri, 17 May 2002 08:52:00 +0000

Ilici Ramirez writes:

> Hello,
>
> What ways do you know to pen-test email antivirus
> software?

I'd try to pack various combinations of different file-formats into
each other (OLE-container).
E.g., if they have disabled .exe to enter or leave the LAN, try sticking
it into an Excel or PPT-file.
It should not work, but that's what you're supposed to find out.
;-)
Of course, with webmail-over-https this is 80% pointless nowadays...

> A cool one that has been published before is to zip a
> very large file that contains the same character. The
> result, a very small file attached to an email could
> deplete resources on the antivirus server. Do you know
> any AV exploitable with this?

It's called 42.zip and there has been a discussion about this once in a
while. Search the archives.

cheers,
Rainer

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Rainer Duffner                   Munich
rainer@ultra-secure.de          Germany
http://www.i-duffner.de        Freising
========================================
    When shall we three meet again
  In thunder, lightning, or in rain?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 

---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/



Relevant Pages

  • Re: faster scans? (nmap)
    ... one host using nmap for syn scans in burst mode with the ... >>>This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
    (Pen-Test)
  • Re: pen test help please asap
    ... > Machine A on client site makes a configurable encrypted OUTBOUND ... > This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... This list is provided by the SecurityFocus Security Intelligence Alert ...
    (Pen-Test)
  • Re: ettercap help
    ... Anyways have never tried Ettercap for VNC. ... > This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... This list is provided by the SecurityFocus Security Intelligence Alert ...
    (Pen-Test)
  • Re: Wardialing
    ... >>> achieving the connection with the modem. ... >>This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
    (Pen-Test)
  • RE: How to Tackle the Legal Tangle?
    ... How to Tackle the Legal Tangle? ... >This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
    (Pen-Test)