Ahh, but was it doing much else during that 30 mins...? Some content checkers may not crash, but they get to busy to do much else - 48*42k of emails could stop it (or slow it to a crawl & cause backlog) for 24 hours :-( Dom -----Original Message----- From: Dale Martin [mailto:dalemartinat_private] Sent: 19 June 2001 23:15 To: VULN-DEVat_private Subject: Re: FW: Antivirus scanner DoS with zip archives >From: Markus 'FvD' Weber [mailto:fvdat_private] >Sent: Tuesday, 19 June 2001 8:17 PM >To: VULN-DEVat_private >Cc: Markus 'FvD' Weber >Subject: Re: Antivirus scanner DoS with zip archives > > >There is 42.zip out there, 42K total size, which consists of >nested zip's and at the end a 4GB file (IIRC 6 levels deep, >each level 17 'wide') ... kills most email virus checker. > >To protect your self from you email virus gateway crashing, >try to ensure that each single thread which checks an email >has only limited resources. Under Unix ulimit/limit is your >best friend ... (for process and file size). > >Markus > Tested 42.zip with Trend Micro Viruswall on a poor old Pentium 100 with 400Meg drive and 130Meg free and worked just fine - no crash - must admit it took about 30 minutes to process it though. (VET from CA v10.2.5 didnt like it all) Dale __________________________________________________________________ Get your free Australian email account at http://www.start.com.au
This archive was generated by hypermail 2b30 : Thu Jun 21 2001 - 09:09:57 PDT