Michel Arboi wrote: > > Still playing with those crazy Zip archives, I tried to DoS "NetShield" > on out NT file server. > It failed! NetShield does not "recurse" into Zip archives, it only > looks at the first level. > This means that it is immune to this stupid DoS attack, but malicious > code may be burried under two levels of archiving. > I am not sure this should be called a "bug", as this tool only protects > (?) file transfers from/to a server. The workstation should run another > software protection. > It seems to me, IMHO, that this is more along the way that AV scanning should work in regards to archived files. 1. files are scanned on download, etc., but only one-level deep. 2. AV's have archive and zip utility hooks in them that allow the AV scanner to be notified when files are "unzipped". Then the idea is that you only check files when they become usable (uncompressed). Seats. -- Jason Seats Information Security Software Engineer TechGuard Security jason.seatsat_private www.techguardsecurity.com 636-519-4848
This archive was generated by hypermail 2b30 : Thu Jun 21 2001 - 08:59:35 PDT