Re: Antivirus/Trojan/Spyware scanners DoS [summary]

From: Bipin Gautam (visitbipin_at_hotmail.com)
Date: 06/15/04

  • Next message: cfp_at_toorcon.org: "TOORCON 2004: Call For Papers"
    Date: 15 Jun 2004 14:58:02 -0000
    To: vuln-dev@securityfocus.com
    
    
    ('binary' encoding is not supported, stored as-is) In-Reply-To: <20040614003349.4049.qmail@www.securityfocus.com>

    >> http://www.geocities.com/visitbipin/SERVER_dwn.zip

    Note: If you download such archives from an
    internet loaction, or 'copy/paste' such files from a
    distination. Those Vulnerable "Antivirus Softwares"
    with their auto-protect engines active, may also
    trigger a DoS.

    There have been reports,
    Panda Antivirus
    *Norton AV Corporate Ed. (version 7.60.926)
    *MacAfee uvscan scan for Linux (4.3.20)
    *DrWeb (http://www.drweb.ru/)
    *AVG v7.0.251

     Are vulnerable.

    *F-Prot 4.4.2 for Linux did took considerable amount of time [avg: 90 seconds] while scanning the file, there have been conflicting report... whether or not, F-Prot is vulnerable. But, a compressed archive can be crafted in a way so that F-Prot will take about an hour to scan....

    I believe further research should be don't to confirm,

    *ClamAV version 0.07, 0.72
    *eTrust InoculateIT version 6.0

        Are vulnerable.
     
    Please Note: This is just a simple proof of concept, smaller acrhives > 10kb can be created that contain a terabyte of data...


  • Next message: cfp_at_toorcon.org: "TOORCON 2004: Call For Papers"