Re: PenTesting Email AntiVirus

["William D. Colburn (aka Schlake)" <wcolburn () nmt edu>]

I think any AV software that is configured to unpack zip files is
vulnerable.  I think all vendors have this off by default, but some
people seem to think they want to do this and turn it in.

My antivirus milter was recently defeated by a MIME pack that had two
files attached with the same name, one a virus, the other innocuous.
The innocuous file overwrote the virus before the scanner hit it.  I
fixed my milter not to let that happen.

There seem to be lots of ways to form an incorrect MIME pack that the
RFC compliant antivirus software disregards but the cursed MS software
manages to unpack anyway.

On Wed, May 15, 2002 at 06:31:39AM -0700, Ilici Ramirez wrote:
> What ways do you know to pen-test email antivirus
> software? 
>
> A cool one that has been published before is to zip a
> very large file that contains the same character. The
> result, a very small file attached to an email could
> deplete resources on the antivirus server. Do you know
> any AV exploitable with this?

--
William Colburn, "Sysprog" <wcolburn () nmt edu>
Computer Center, New Mexico Institute of Mining and Technology
http://www.nmt.edu/tcc/     http://www.nmt.edu/~wcolburn

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/