On Thu, 21 Jun 2001, Robert Davidson Security wrote: > On Tue, Jun 19, 2001 at 08:53:54PM +0200, Michel Arboi wrote: > > --- Markus 'FvD' Weber <fvdat_private> a écrit : > > > There is 42.zip out there, 42K total size, which consists of > > > nested zip's and at the end a 4GB file (IIRC 6 levels deep, > > > each level 17 'wide') ... kills most email virus checker. > > > > I did not know it existed. Altavista found this on > > http://www.hanau.net/fgk/downloads/42.zip > > > > Why is this kind of attack not more common? I suspect that most filters > > are vulnerable and yet, they are not listed as such (e.g. on > > securityfocus). And companies continue to use them. > > This used to be really common with BBS's back in their day. The idea > back then was to get a 1Gb file full of null charactors, compress it > and upload it to the BBS, that way when the BBS's virus scanner (which > also uncompressed the file) attempted to check the archive for viruses, > it would either 1) consume all disk space, 2) keep the system busy for > ages (some people ran 386's and 486's back then). The normal thing a > user would do is upload the file and then hang up, which also leaves > that dial-up line off-line while the virus scanner is checking the > contents of the archive. > > -- > Regards, > Robert Davidson. > oh yes, the old days ...I used pcboard on my BBS and the pfed file integrity checker can run any batch job when a line starts with '@'. It's an old vulnerability i know. Maybe we should put disk quota for the user that runs virus scannner thingy.
This archive was generated by hypermail 2b30 : Sat Jun 23 2001 - 20:20:56 PDT