Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Security App Flaws :: hack3914.htm

Antivirus/Trojan/Spyware scanners DoS



Antivirus/Trojan/Spyware scanners DoS [summary]



> Hello everybody,

> 

> I wounder how many Antivirus/Trojan/Spyware scanners

> will choak while having a manual scan of

> the

> file:

> 

> http://www.geocities.com/visitbipin/SERVER_dwn.zip 

> 

> I was woundering, what would be the results if such

> file gets stucked in an "AV gateway" (O;

> 

> 

> regards,

> Bipin Gautam

> 

> http://www.geocities.com/visitbipin/ 





These are the recent findings, Please participate in

the discussion.



* KAV successfully passes the test! [Confirmed]



Well I find, both norton antivirus 2002 & norton  2003

first try to extract the zip file..... [note: each ~.*

is a compressed 12 GB file] fo it will [.....you

guessed it..... DoS] Norton Antivirustakes

considerable amount of time to scan .cab files.



I tried.......

http://www.ravantivirus.com/scan/indexn.php 

It took for ever.... [I stopped or i might have

crassed the server]



I've tried to scan those .bz2 files with Mcafee, it

does choak for a while but it went through.



If you have Autometically 'quarentine/delete' option

set for your AV scanner and it detects a virus "ercata

test virus" inside the rar file. The AV will suffer a

DoS while extracting the .rar files.



-> Has any one tried it for trojan/spyware scanners

that scan inside compressed files???



 

-----------------------------

* Winxp default zip manager just report the 12Gb zip

file to be 121 Mb!???

* Winrar [3.20] can show the size of .bz2 files and

winrar just report bipin.zip is 128 Mb but it start

filling up the hdd. to 12 Gb if you try to extract the

file.

*If we try to extract the 12 Gb [Standalone] file in

Fat32 tries to extract the 12 Gb file and terminate

extraction after 4Gb [fat32 limit] I wounder, why in

the 1'st place would Winrar allow to extract a 4+ Gb

[single] file in Fat 32.

------------------------------



Regards,

Bipin Gautam







Ps: Please, reply with the version No. of the AV.

scanner that you are using. If anyone of you have a

test PC please test the file using the online virus

scanners available at : http://virusall.com/downscan.html 



_________________________________________________________

These are the coments from [Full-disclosure] community...

_________________________________________________________



----------------------------

ClamAV quarantines it, although it did take a few seconds to return:



$ clamscan -V

clamscan / ClamAV version 0.72

$ clamscan SERVER_dwn.zip

SERVER_dwn.zip: Oversized.Zip FOUND



----------- SCAN SUMMARY -----------

Known viruses: 21920

Scanned directories: 0

Scanned files: 1

Infected files: 1

Data scanned: 20.13 MB

I/O buffer size: 131072 bytes

Time: 3.004 sec (0 m 3 s)



-Eric

-----------------------------

F-Prot 4.4.2 for Linux.



Looks like deadlocked. :(

-----------------------------

Grisoft AVG 6.0 Free Edition v6.0.75



No problem manually scanning file, took about a second in total.



Ben C

-----------------------------

Groupshield says it was replaced because of a Scanner Timed Out Virus.

-----------------------------

I have tried it with Norton AntiVirus 2003 on a PIII 550/256 MB RAM

machine. It

took it 8 minutes to scan 42 files before I aborted it.

-----------------------------


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH