Re: Overloading AV software, try #2

[Valdis.Kletnieks () vt edu]

On Fri, 07 Jul 2006 16:24:53 EDT, "Richard M. Smith" said:
> My question is about overloading the user with warning messages, not DoSing
> a box.  Let me try asking my question a different way.  If an AV software
> package suddenly sees 200 virus files being written to a hard drive, will it
> present to the user 200 individual warning messages about these virus files?

Depends on its design.  At that point, the more important question is
how/why the source is able to write 200 files that could potentially be
viruses onto the disk - that indicates a massive sandbox failure on the
part of the MUA or browswer or whatever.

(And yes, I know it's *theoretically* possible that a webpage have 200
alledged jpeg's on it that have malformed headers that cause a buffer overrun
and a code exploit - but if you have *that*, you just want to send *one*
so you can try to fly under the wire...)

Attachment: _bin
Description:

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.