>From: Markus 'FvD' Weber [mailto:fvdat_private] >Sent: Tuesday, 19 June 2001 8:17 PM >To: VULN-DEVat_private >Cc: Markus 'FvD' Weber >Subject: Re: Antivirus scanner DoS with zip archives > > >There is 42.zip out there, 42K total size, which consists of >nested zip's and at the end a 4GB file (IIRC 6 levels deep, >each level 17 'wide') ... kills most email virus checker. > >To protect your self from you email virus gateway crashing, >try to ensure that each single thread which checks an email >has only limited resources. Under Unix ulimit/limit is your >best friend ... (for process and file size). > >Markus > Tested 42.zip with Trend Micro Viruswall on a poor old Pentium 100 with 400Meg drive and 130Meg free and worked just fine - no crash - must admit it took about 30 minutes to process it though. (VET from CA v10.2.5 didnt like it all) Dale __________________________________________________________________ Get your free Australian email account at http://www.start.com.au
This archive was generated by hypermail 2b30 : Wed Jun 20 2001 - 06:49:14 PDT