funsec mailing list archives
Re: Overloading AV software, try #2
From: Valdis.Kletnieks () vt edu
Date: Fri, 07 Jul 2006 16:38:14 -0400
On Fri, 07 Jul 2006 16:24:53 EDT, "Richard M. Smith" said:
My question is about overloading the user with warning messages, not DoSing a box. Let me try asking my question a different way. If an AV software package suddenly sees 200 virus files being written to a hard drive, will it present to the user 200 individual warning messages about these virus files?
Depends on its design. At that point, the more important question is how/why the source is able to write 200 files that could potentially be viruses onto the disk - that indicates a massive sandbox failure on the part of the MUA or browswer or whatever. (And yes, I know it's *theoretically* possible that a webpage have 200 alledged jpeg's on it that have malformed headers that cause a buffer overrun and a code exploit - but if you have *that*, you just want to send *one* so you can try to fly under the wire...)
Attachment:
_bin
Description:
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: Re: Question about Viruses, (continued)
- Re: Re: Question about Viruses Peter Kosinar (Jul 07)
- Re: Re: Question about Viruses Drsolly (Jul 07)
- Re: Re: Question about Viruses Dude VanWinkle (Jul 08)
- Re: Re: Question about Viruses Peter Kosinar (Jul 08)
- Re: Re: Question about Viruses Drsolly (Jul 08)
- Re: Overloading AV software, was Question about Viruses Drsolly (Jul 07)
- Re: Overloading AV software, was Question about Viruses Dude VanWinkle (Jul 07)
- RE: Overloading AV software, was Question about Viruses Peter Kosinar (Jul 07)
- Re: Overloading AV software, was Question about Viruses Valdis . Kletnieks (Jul 07)
- RE: Overloading AV software, try #2 Richard M. Smith (Jul 07)
- Re: Overloading AV software, try #2 Valdis . Kletnieks (Jul 07)
- RE: Overloading AV software, try #2 Richard M. Smith (Jul 07)
- Re: Overloading AV software, try #2 Dude VanWinkle (Jul 07)
- RE: Overloading AV software, try #2 Drsolly (Jul 07)
- Re: Overloading AV software, try #2 Valdis . Kletnieks (Jul 07)
- Re: Overloading AV software, try #2 Dude VanWinkle (Jul 07)
- Re: Overloading AV software, try #2 Peter Kosinar (Jul 07)
- Re: Overloading AV software, try #2 Dude VanWinkle (Jul 07)
- Re: Overloading AV software, try #2 Drsolly (Jul 08)
- Re: Overloading AV software, try #2 Valdis . Kletnieks (Jul 07)
- Re: Overloading AV software, try #2 Valdis . Kletnieks (Jul 07)