-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Apologies for not posting this sooner, but I have been extremely busy. Your comment regarding MAIL/MIMESweeper is indeed correct. The 42.zip file (mentioned later on in the thread) consumed all available resources on MAILSweeper version 4.2.1 (CPU, memory and free hard disk space). In fact it took a while for us to remove all presence of the mail from the system. I also tested the 42.zip file on Sophos AV (version 3.4.6 on Windows 2000) and F-Secure AV 5.02 and 5.21 (both on NT4). Sophos handled the file ok and scanned it happily without consuming extreme amounts of resources; disk space, CPU and memory usage was not affected in a drastic way. However when tested on F-Secure, CPU resources were 100% utilised and the system began responding slower and slower to keypresses, mouse clicks, etc... as well as hard disk space being consumed. The processes could not be killed from Task Manager on NT4 / Windows 2000 and the system became unusable so a reboot was in order. I have contacted F-Secure but they are still unable to confirm whether the number of levels (archive within an archive within an archive...) can be reduced. They assure the feature is present in F-Secure AV for Firewalls version 6. Due to time constraints and my full calendar, I have been unable to test this any further on a range of other systems. Cheers, Paul Rogers, Network Security Analyst. MIS Corporate Defence Solutions Limited Tel: +44 (0)1622 723422 (Direct Line) +44 (0)1622 723400 (Switchboard) Fax: +44 (0)1622 728580 Website: http://www.mis-cds.com/ > -----Original Message----- > From: Michel Arboi [mailto:arboiat_private] > Sent: 17 June 2001 23:11 > To: VULN-DEVat_private > Subject: Antivirus scanner DoS with zip archives > ** Mail snipped ** -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.3 iQA/AwUBO07RxrnKcoQ5QY/3EQIpSQCeKfu7aPYbIQdN99B+FBzmU5ZcN+AAoMjf yym1Yo21/G/hn4KvIWkKEAvy =P2R6 -----END PGP SIGNATURE-----
This archive was generated by hypermail 2b30 : Fri Jul 13 2001 - 17:02:48 PDT