I think any AV software that is configured to unpack zip files is vulnerable. I think all vendors have this off by default, but some people seem to think they want to do this and turn it in. My antivirus milter was recently defeated by a MIME pack that had two files attached with the same name, one a virus, the other innocuous. The innocuous file overwrote the virus before the scanner hit it. I fixed my milter not to let that happen. There seem to be lots of ways to form an incorrect MIME pack that the RFC compliant antivirus software disregards but the cursed MS software manages to unpack anyway. On Wed, May 15, 2002 at 06:31:39AM -0700, Ilici Ramirez wrote: > What ways do you know to pen-test email antivirus > software? > > A cool one that has been published before is to zip a > very large file that contains the same character. The > result, a very small file attached to an email could > deplete resources on the antivirus server. Do you know > any AV exploitable with this? -- William Colburn, "Sysprog" <wcolburnat_private> Computer Center, New Mexico Institute of Mining and Technology http://www.nmt.edu/tcc/ http://www.nmt.edu/~wcolburn ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Fri May 17 2002 - 12:10:56 PDT