On Mon, 18 Jun 2001, Michel Arboi wrote: [snip] > > Countermeasures? > I am not sure that those attacks work (I just tried on my personal AV > at home). However, I'd suggest to forbid archives inside archives (or > not more than 1 level?!), or limit the global number & size of the > files inside. > A simple way to reject such things could be to set a timeout on the > scanning operation. If it takes too long, the file, attachment, web > page, whatever, is just rejected. > > I'd appreciate comments on this weird idea... > How much ability to determine problems would be lost, if the scanner reads only chunks of the file at a time, perhaps a tad larger then sed's line at a time? Thanks, Ron DuFresne ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart ***testing, only testing, and damn good at it too!*** OK, so you're a Ph.D. Just don't touch anything.
This archive was generated by hypermail 2b30 : Mon Jun 18 2001 - 15:27:34 PDT