[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] Re: Multiple Antivirus Scanners DoS attack.

To: bipin gautam <visitbipin@xxxxxxxxxxx>
Subject: [Full-Disclosure] Re: Multiple Antivirus Scanners DoS attack.
From: Shashank Rai <shash@xxxxxxxxxxxxxxx>
Date: Tue, 15 Jun 2004 08:00:10 +0400

On Mon, 2004-06-14 at 18:38, bipin gautam wrote:
> Multiple Antivirus Scanners DoS attack.
> 
> --- [Vulnerable Products] ---
>       Only tested on...
> 
> * Norton Antivirus 2002
> * Norton Antivirus 2003
> * Mcafee VirusScan 6
> * Network Associates (McAfee) VirusScan Enterprise 7.1
> * Windows Xp default ZIP manager [report's wrong size of compress ZIP 
> files.]
> 
> There has been multiple reports [Unconfirmed]
> *F-Prot 4.4.2 for Linux
> *Panda Antivirus
> 
> Are vulnerable.
On a Fedora Core-2 box.....

Virus scanning report  -  15 June 2004 @ 7:50

F-PROT ANTIVIRUS
Program version: 4.4.2
Engine version: 3.14.11

VIRUS SIGNATURE FILES
SIGN.DEF created 12 June 2004
SIGN2.DEF created 12 June 2004
MACRO.DEF created 7 June 2004

Search: /home/shash/tmp/SERVER_dwn.zip
Action: Report only
Files: "Dumb" scan of all files
Switches: -ARCHIVE -PACKED -SERVER

/home/shash/tmp/SERVER_dwn.zip->BlackHole.zip->1/~.cab->0.cab->cab.com 
Infection: EICAR_Test_File
/home/shash/tmp/SERVER_dwn.zip->BlackHole.zip->1/~.zip->bipin.zip 
Infection: EICAR_Test_File
/home/shash/tmp/SERVER_dwn.zip->BlackHole.zip->2/~.cab->0.cab->cab.com 
Infection: EICAR_Test_File
/home/shash/tmp/SERVER_dwn.zip->BlackHole.zip->2/~.zip->bipin.zip 
Infection: EICAR_Test_File
/home/shash/tmp/SERVER_dwn.zip->BlackHole.zip->3/~.cab->0.cab->cab.com 
Infection: EICAR_Test_File
/home/shash/tmp/SERVER_dwn.zip->BlackHole.zip->3/~.zip->bipin.zip 
Infection: EICAR_Test_File
/home/shash/tmp/SERVER_dwn.zip->BlackHole.zip->4/~.cab->0.cab->cab.com 
Infection: EICAR_Test_File
/home/shash/tmp/SERVER_dwn.zip->BlackHole.zip->4/~.zip->bipin.zip 
Infection: EICAR_Test_File
/home/shash/tmp/SERVER_dwn.zip->BlackHole.zip->5/~.cab->0.cab->cab.com 
Infection: EICAR_Test_File
/home/shash/tmp/SERVER_dwn.zip->BlackHole.zip->5/~.zip->bipin.zip 
Infection: EICAR_Test_File

Results of virus scanning:

Files: 1
MBRs: 0
Boot sectors: 0
Objects scanned: 657
Infected: 10
Suspicious: 0
Disinfected: 0
Deleted: 0
Renamed: 0

Time: 1:13


f-prot vulnerable?????

-- 
shashank

<--
Here is the Packet that was fragmented and has been assembled again.
                                       (with apologies to JRR Tolkien :)
-->

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: [Full-Disclosure] Re: Multiple Antivirus Scanners DoS attack.
  - From: bipin gautam

Prev by Date: Re: [Full-Disclosure] FD info prompts M$ to summon the FBI on spy-vertisers
Next by Date: Re: [Full-Disclosure] Multiple Antivirus Scanners DoS attack. [summery]
Previous by thread: [Full-Disclosure] IRIX syssgi system call vulnerability and other security fixes
Next by thread: Re: [Full-Disclosure] Re: Multiple Antivirus Scanners DoS attack.
Index(es):
- Date
- Thread