In-Reply-To: <BAY17-F32jMdiiRq5jP00147ef0@xxxxxxxxxxx> CA eTrust Antivirus 7.0 SP2 scans and detects with no problems. > >Multiple Antivirus Scanners DoS attack. > >--- [Vulnerable Products] --- > Only tested on... > >* Norton Antivirus 2002 >* Norton Antivirus 2003 >* Mcafee VirusScan 6 >* Network Associates (McAfee) VirusScan Enterprise 7.1 >* Windows Xp default ZIP manager [report's wrong size of compress ZIP >files.] > >There has been multiple reports [Unconfirmed] >*F-Prot 4.4.2 for Linux >*Panda Antivirus > >Are vulnerable. > > >Risk Impact: Medium > >--- [Details] --- > >While having a manual scan of compressed files; several Antivirus, Trojan, >Spy ware scanners suffer a DoS attack if the software tries to completely >extract the archive and scan its content for a hostile file. > >--- [Proof of Concept] --- >Please download this file. >http://www.geocities.com/visitbipin/SERVER_dwn.zip > >Moreover it's not safe to set automatically 'Quarantine/delete' option set >for your AV scanner as it may try to Quarantine the virus by extracting the >archive. > >----------- >Bipin Gautam >http://www.geocities.com/visitbipin/ > >Disclaimer: The information in the advisory is believed to be accurate at >the time of printing based on currently available information. Use of the >information constitutes acceptance for use in an AS IS condition. There are >no warranties with regard to this information. Neither the author nor the >publisher accepts any liability for any direct, indirect or consequential >loss or damage arising from use of, or reliance on this information. > >_________________________________________________________________ >It's fast, it's easy and it's free. Get MSN Messenger today! >http://www.msn.co.uk/messenger > >
