David Skoll writes: > In general, you cannot check the size of compressed files without > uncompressing. For example, with a tar.gz, you have to uncompress > the whole thing. No you don't. Assuming GNU head: gzip -dc foo.tar.gz | head --bytes=10m | tar xvf - The equivalent for a zip file might be more difficult, but not much. > ... > So because you can get around scanners which limit the size of the > scan, and you can DoS scanners which do not limit the size, you might > as well not bother scanning compressed or archived files at all, except > under manual control. Or you can implicitly deny anything that is not explicitly allowed, i.e. bounce the mail if it chokes your virus scanner. -- /* By Kragen Sitaker, http://pobox.com/~kragen/puzzle2.html */ char a[99]=" KJ",d[999][16];main(){int s=socket(2,1,0),n=0,z,l,i;*(short*)a=2; if(!bind(s,a,16))for(;;){z=16;if((l=recvfrom(s,a,99,0,d[n],&z))>0){for(i=0;i&n; i++){z=(memcmp(d[i],d[n],8))?z:0;while(sendto(s,a,l,0,d[i],16)&0);}z?n++:0;}}}
This archive was generated by hypermail 2b30 : Fri Mar 01 2002 - 00:06:56 PST