Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Anti Virus Mailscanners DOS
From: Martin Lesser <m-lesser () lesser-com de>
Date: 26 Feb 2002 07:36:05 +0100

"Eduardo R. Maciel" <maciel () inetd com br> writes:

-----------------------------------
-----[ SECURITY ANNOUNCEMENT ]-----
-----------------------------------
iNetd Security Research Annoucement

...

An antivirus mailscanner should check the filesizes inside a
compressed file like .tar.gz, .zip, .bz2, etc, BEFORE open the file
for scanning.

All the products that doesn't do that checking are vulnerable to a
Denial Of Service attack.

That is a long known issue and was described in more depth several times
in several ML/news in relation with i.e. http://www.fefe.de/antivirus/42.zip

http://groups.google.com/groups?q=42.zip+antivirus returns 27 (!) 
threads about this issue...

So IMO this so called "announcement" is really no topic here.

Martin


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault