Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Security App Flaws :: hack3914.htm

Antivirus/Trojan/Spyware scanners DoS
Antivirus/Trojan/Spyware scanners DoS [summary]

> Hello everybody,


> I wounder how many Antivirus/Trojan/Spyware scanners

> will choak while having a manual scan of

> the

> file:




> I was woundering, what would be the results if such

> file gets stucked in an "AV gateway" (O;



> regards,

> Bipin Gautam



These are the recent findings, Please participate in

the discussion.

* KAV successfully passes the test! [Confirmed]

Well I find, both norton antivirus 2002 & norton  2003

first try to extract the zip file..... [note: each ~.*

is a compressed 12 GB file] fo it will [

guessed it..... DoS] Norton Antivirustakes

considerable amount of time to scan .cab files.

I tried....... 

It took for ever.... [I stopped or i might have

crassed the server]

I've tried to scan those .bz2 files with Mcafee, it

does choak for a while but it went through.

If you have Autometically 'quarentine/delete' option

set for your AV scanner and it detects a virus "ercata

test virus" inside the rar file. The AV will suffer a

DoS while extracting the .rar files.

-> Has any one tried it for trojan/spyware scanners

that scan inside compressed files???



* Winxp default zip manager just report the 12Gb zip

file to be 121 Mb!???

* Winrar [3.20] can show the size of .bz2 files and

winrar just report is 128 Mb but it start

filling up the hdd. to 12 Gb if you try to extract the


*If we try to extract the 12 Gb [Standalone] file in

Fat32 tries to extract the 12 Gb file and terminate

extraction after 4Gb [fat32 limit] I wounder, why in

the 1'st place would Winrar allow to extract a 4+ Gb

[single] file in Fat 32.



Bipin Gautam

Ps: Please, reply with the version No. of the AV.

scanner that you are using. If anyone of you have a

test PC please test the file using the online virus

scanners available at : 


These are the coments from [Full-disclosure] community...



ClamAV quarantines it, although it did take a few seconds to return:

$ clamscan -V

clamscan / ClamAV version 0.72

$ clamscan Oversized.Zip FOUND

----------- SCAN SUMMARY -----------

Known viruses: 21920

Scanned directories: 0

Scanned files: 1

Infected files: 1

Data scanned: 20.13 MB

I/O buffer size: 131072 bytes

Time: 3.004 sec (0 m 3 s)



F-Prot 4.4.2 for Linux.

Looks like deadlocked. :(


Grisoft AVG 6.0 Free Edition v6.0.75

No problem manually scanning file, took about a second in total.

Ben C


Groupshield says it was replaced because of a Scanner Timed Out Virus.


I have tried it with Norton AntiVirus 2003 on a PIII 550/256 MB RAM

machine. It

took it 8 minutes to scan 42 files before I aborted it.


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH