Re: PenTesting Email AntiVirus

From: Rainer Duffner (
Date: 05/17/02

From: "Rainer Duffner" <>
Date: Fri, 17 May 2002 08:52:00 +0000

Ilici Ramirez writes:

> Hello,
> What ways do you know to pen-test email antivirus
> software?

I'd try to pack various combinations of different file-formats into
each other (OLE-container).
E.g., if they have disabled .exe to enter or leave the LAN, try sticking
it into an Excel or PPT-file.
It should not work, but that's what you're supposed to find out.
Of course, with webmail-over-https this is 80% pointless nowadays...

> A cool one that has been published before is to zip a
> very large file that contains the same character. The
> result, a very small file attached to an email could
> deplete resources on the antivirus server. Do you know
> any AV exploitable with this?

It's called and there has been a discussion about this once in a
while. Search the archives.


Rainer Duffner                   Munich          Germany        Freising
    When shall we three meet again
  In thunder, lightning, or in rain?

---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: