funsec mailing list archives
Re: Overloading AV software, was Question about Viruses
From: Valdis.Kletnieks () vt edu
Date: Fri, 07 Jul 2006 17:18:23 -0400
On Fri, 07 Jul 2006 16:55:15 EDT, Dude VanWinkle said:
The zip-bomb? I seem to remember McAffe or Symantec doing that
No, the zip bombs were zips that unpacked into gigabytes of trash and
blew out the storage. This was something structured like:
multipart/mixed
multipart/mixed
multipart/mixed
(.....)
application/zip-worm
So it would look at the mime, unpack the multipart to scan the parts, then it
would have to unpack the inner multipart to scan its contents, then the *inner*
inner multipart, and so on...
Attachment:
_bin
Description:
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: Overloading AV software, try #2, (continued)
- Re: Overloading AV software, try #2 Valdis . Kletnieks (Jul 07)
- Re: Overloading AV software, try #2 Dude VanWinkle (Jul 07)
- Re: Overloading AV software, try #2 Peter Kosinar (Jul 07)
- Re: Overloading AV software, try #2 Dude VanWinkle (Jul 07)
- Re: Overloading AV software, try #2 Drsolly (Jul 08)
- Re: Overloading AV software, try #2 Valdis . Kletnieks (Jul 07)
- Re: Overloading AV software, try #2 Valdis . Kletnieks (Jul 07)
- RE: Overloading AV software, try #2 Peter Kosinar (Jul 07)
- RE: Overloading AV software, try #2 Drsolly (Jul 07)
- Re: Overloading AV software, was Question about Viruses Dude VanWinkle (Jul 07)
- Re: Overloading AV software, was Question about Viruses Valdis . Kletnieks (Jul 07)
- Re: Question about Viruses Peter Kosinar (Jul 07)
- Re: Question about Viruses Drsolly (Jul 07)
- Re: Question about Viruses Peter Kosinar (Jul 07)
- Re: Question about Viruses Drsolly (Jul 07)
- Re: Question about Viruses Dude VanWinkle (Jul 07)