|
Full Disclosure
mailing list archives
Re: BZIP2 bomb question
From: "Alex Shipp" <ashipp () messagelabs com>
Date: Mon, 12 Jan 2004 21:36:54 -0000
----- Original Message -----
From: "Gregh" <chows () ozemail com au>
Please note I am not a good programmer here but here goes:
I am wondering why, for those who HAVE to auto unpack, a script cannot be
written which, upon receipt of an archive of any sort, inspects it for, as
an example, 100K of the same character repeated (keeping in mind that the
NULL character, chr$(7) etc have all been used for compressed bombs) and if
there *IS* such a file, move the file to some safe location for later
manual
inspection and if not, allow automatic unpacking etc.
Ignoring lots of technical details (!) this can indeed be done, and can be
used
along with lots of other heuristics to defend against compressed bombs.
There are implementaions that already do this.
Regards,
Alex
________________________________________________________________________
This email has been scanned for all viruses by the MessageLabs Email
Security System. For more information on a proactive email security
service working around the clock, around the globe, visit
http://www.messagelabs.com
________________________________________________________________________
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
 By Date 
By Thread
Current thread:
|
Intro
