[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Antivirus/Trojan/Spyware scanners DoS!

To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: Re: [Full-Disclosure] Antivirus/Trojan/Spyware scanners DoS!
From: BigBrother-{BigB3} <bigbrother@xxxxxxxxxx>
Date: Mon, 14 Jun 2004 09:10:46 +0300 (EEST)

On Sun, Jun 13, 2004 at 03:30:17AM -0700, bipin gautam wrote:
Hello everybody,
I wounder how many Antivirus/Trojan/Spyware scanners
will choak to death while having a manual scan of the
file:
http://www.geocities.com/visitbipin/SERVER_dwn.zip
I was woundering, what would be the results if such
file gets stucked in an "AV gateway" (O;
please, report your findings.....
F-Prot 4.4.2 for Linux.

Looks like deadlocked. :(

Tested:

F-Prot 4.1.1 (FreeBSD 4.10)

no problem at all (took 40 seconds on my 300Mhz box)

Virus scanning report - 14 June 2004 @ 9:05

F-PROT ANTIVIRUS
Program version: 4.1.1
Engine version: 3.13.4

VIRUS SIGNATURE FILES
SIGN.DEF created 11 June 2004
SIGN2.DEF created 11 June 2004
MACRO.DEF created 7 June 2004

Search: SERVER_dwn.zip
Action: Report only
Files: Attempt to identify files
Switches: <none>

SERVER_dwn.zip->BlackHole.zip->1/~.cab->0.cab->cab.com Infection: EICAR_Test_File SERVER_dwn.zip->BlackHole.zip->1/~.zip->bipin.zip Infection: EICAR_Test_File SERVER_dwn.zip->BlackHole.zip->2/~.cab->0.cab->cab.com Infection: EICAR_Test_File SERVER_dwn.zip->BlackHole.zip->2/~.zip->bipin.zip Infection: EICAR_Test_File SERVER_dwn.zip->BlackHole.zip->3/~.cab->0.cab->cab.com Infection: EICAR_Test_File SERVER_dwn.zip->BlackHole.zip->3/~.zip->bipin.zip Infection: EICAR_Test_File SERVER_dwn.zip->BlackHole.zip->4/~.cab->0.cab->cab.com Infection: EICAR_Test_File SERVER_dwn.zip->BlackHole.zip->4/~.zip->bipin.zip Infection: EICAR_Test_File SERVER_dwn.zip->BlackHole.zip->5/~.cab->0.cab->cab.com Infection: EICAR_Test_File SERVER_dwn.zip->BlackHole.zip->5/~.zip->bipin.zip Infection: EICAR_Test_File

Results of virus scanning:

Files: 1
MBRs: 0
Boot sectors: 0
Objects scanned: 32
Infected: 10
Suspicious: 0
Disinfected: 0
Deleted: 0
Renamed: 0

Time: 0:40


---
Dreams have no limits!

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- [Full-Disclosure] Antivirus/Trojan/Spyware scanners DoS!
  - From: bipin gautam
- Re: [Full-Disclosure] Antivirus/Trojan/Spyware scanners DoS!
  - From: Rodrigo Barbosa

Prev by Date: RE: [Full-Disclosure] Antivirus/Trojan/Spyware scanners DoS!
Next by Date: [Full-Disclosure] Same old phishing link manipulation or new?
Previous by thread: Re: [Full-Disclosure] Antivirus/Trojan/Spyware scanners DoS!
Next by thread: Re: [Full-Disclosure] Antivirus/Trojan/Spyware scanners DoS!
Index(es):
- Date
- Thread