Re: FW: Antivirus scanner DoS with zip archives

From: Daniel Schrader (danx1000at_private)
Date: Wed Jun 20 2001 - 11:47:21 PDT

Next message: Dom De Vitto: "RE: FW: Antivirus scanner DoS with zip archives"

Previous message: Jason R. Seats: "Re: Bugs in Mac Afee AV? [Re: Antivirus scanner DoS with zip archives]"
In reply to: Dale Martin: "Re: FW: Antivirus scanner DoS with zip archives"
Next in thread: Dom De Vitto: "RE: FW: Antivirus scanner DoS with zip archives"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Trend products have an option to select how many levels of nesting they will
unzip.  If I recall, the default is 15.  Zip files with more then that are to
be treated as a virus.

Computer Associates InocuLAN IT products also have a limit as to how deep they
will go (or at least they used to).  The default was 4 if I recall.  I don't
believe that it is user configurable (though I may be wrong - it has been 4
years since I used them).

Dan Schrader
former Chief Security Officer at Trend Micro
former Product Line Manager, Anti-Virus products, Computer Associates
VP of Product Management, Gilian Technologies.


ps CA actually had a user hit by this type of attack - which prompted CA and
Trend to change their products.



__________________________________________________
Do You Yahoo!?
Get personalized email addresses from Yahoo! Mail
http://personal.mail.yahoo.com/

Next message: Dom De Vitto: "RE: FW: Antivirus scanner DoS with zip archives"
Previous message: Jason R. Seats: "Re: Bugs in Mac Afee AV? [Re: Antivirus scanner DoS with zip archives]"
In reply to: Dale Martin: "Re: FW: Antivirus scanner DoS with zip archives"
Next in thread: Dom De Vitto: "RE: FW: Antivirus scanner DoS with zip archives"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Jun 21 2001 - 09:04:37 PDT