Bugtraq mailing list archives

Re: Decompression Bombs

From: Chris Green <cmg () dok org>
Date: Mon, 09 Feb 2004 13:13:44 -0500

"Myron Davis" <myrond () xyxx com> writes:

Theoretically one could modify a worm to send random zip'd files of zeros
along the way to different hosts to really kill the destinations
computers.


Is this all just back to fail open/fail closed?  I have a file that
will cause XXX virus scanner to crash.  Does the SMTP agent view that
as a reason to reject the email or does it pass it through?

If it does a temporary rejection message because of some internal
failure, the infection rateof these messages becomes very low. Not
sure how virus scanners + SMTP servers interact with regards to
tradition SMTP errors. 

It would be an effective anti-cleanup method though.
-- 
Chris Green <cmg () dok org>
Fame may be fleeting but obscurity is forever.

Current thread:

Decompression Bombs Matthias Leu (Feb 03)
- <Possible follow-ups>
- RE: Decompression Bombs David Bachtel (Feb 06)
  - RE: Decompression Bombs Myron Davis (Feb 09)
    - Re: Decompression Bombs Brian Dessent (Feb 09)
    - Re: Decompression Bombs Myron Davis (Feb 11)
    - Re: Decompression Bombs Chris Green (Feb 09)
- RE: Decompression Bombs SBNelson (Feb 09)
- Re: Decompression Bombs Bipin Gautam . (Feb 11)