Re: PenTesting Email AntiVirus

From: William D. Colburn (aka Schlake) (wcolburn@nmt.edu)
Date: 05/16/02


Date: Thu, 16 May 2002 13:56:33 -0600
From: "William D. Colburn (aka Schlake)" <wcolburn@nmt.edu>
To: Ilici Ramirez <ilici_ramirez@yahoo.com>

I think any AV software that is configured to unpack zip files is
vulnerable. I think all vendors have this off by default, but some
people seem to think they want to do this and turn it in.

My antivirus milter was recently defeated by a MIME pack that had two
files attached with the same name, one a virus, the other innocuous.
The innocuous file overwrote the virus before the scanner hit it. I
fixed my milter not to let that happen.

There seem to be lots of ways to form an incorrect MIME pack that the
RFC compliant antivirus software disregards but the cursed MS software
manages to unpack anyway.

On Wed, May 15, 2002 at 06:31:39AM -0700, Ilici Ramirez wrote:
> What ways do you know to pen-test email antivirus
> software?
>
> A cool one that has been published before is to zip a
> very large file that contains the same character. The
> result, a very small file attached to an email could
> deplete resources on the antivirus server. Do you know
> any AV exploitable with this?

--
William Colburn, "Sysprog" <wcolburn@nmt.edu>
Computer Center, New Mexico Institute of Mining and Technology
http://www.nmt.edu/tcc/     http://www.nmt.edu/~wcolburn

---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/



Relevant Pages

  • RE: Laboratory Setup Help (RS)
    ... >> This list is provided by the SecurityFocus Security ... For more information on SecurityFocus' SIA service which ... >> vulnerabilities please see: ... >This list is provided by the SecurityFocus Security Intelligence Alert ...
    (Pen-Test)
  • RE: Laboratory Setup Help (RS)
    ... You can find information on vulnerable packages from the distribution's ... GNU/Linux distributions (either the database or the advisories sent to ... > This list is provided by the SecurityFocus Security ... > vulnerabilities please see: ...
    (Pen-Test)
  • Re: Scanners and unpublished vulnerabilities - Full Disclosure
    ... > often the very latest vulnerabilities come into play in their work. ... SecurityFocus was working on for CORE ST to report to a series of vendors ... > holes Microsoft fixed. ...
    (Pen-Test)
  • RE: Vulnebrability level definition
    ... 'severity' of a given vulnerability, and this severity can change with time. ... different methodologies to rate vulnerabilities and present the associated ... This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
    (Pen-Test)
  • RE: Cross Site Scripting Vulnerabilities - XSS
    ... Cross Site Scripting Vulnerabilities - XSS ... >> This list is provided by the SecurityFocus Security Intelligence ... For more information on SecurityFocus' SIA service which ...
    (Pen-Test)