Bugtraq mailing list archives
Re: Anti Virus Mailscanners DOS
From: Martin Lesser <m-lesser () lesser-com de>
Date: 26 Feb 2002 07:36:05 +0100
"Eduardo R. Maciel" <maciel () inetd com br> writes:
----------------------------------- -----[ SECURITY ANNOUNCEMENT ]----- ----------------------------------- iNetd Security Research Annoucement ... An antivirus mailscanner should check the filesizes inside a compressed file like .tar.gz, .zip, .bz2, etc, BEFORE open the file for scanning. All the products that doesn't do that checking are vulnerable to a Denial Of Service attack.
That is a long known issue and was described in more depth several times in several ML/news in relation with i.e. http://www.fefe.de/antivirus/42.zip http://groups.google.com/groups?q=42.zip+antivirus returns 27 (!) threads about this issue... So IMO this so called "announcement" is really no topic here. Martin
Current thread:
- Anti Virus Mailscanners DOS Eduardo R. Maciel (Feb 26)
- Re: Anti Virus Mailscanners DOS Piotr Klaban (Feb 26)
- Re: Anti Virus Mailscanners DOS Jedi/Sector One (Feb 26)
- Re: Anti Virus Mailscanners DOS Martin Lesser (Feb 26)
- <Possible follow-ups>
- Re: Anti Virus Mailscanners DOS David F. Skoll (Feb 26)