I saw an article on bigtraq today that discussed an interesting vectored attack against anti-virus software and was curious if any type of checks were in place for clamav.
Basically a decompression bomb is a zero padded file of extreme size (100GB) that is compressed using bzip, gzip, zip, etc... The resulting compressed file is rather small (69KB) so it will make it through a file size window and be passed to the anit-virus program. When the anit-virus program tries to uncompress the file, it overflows the bounds of the software causing it to crash. Rather interesting "attack". The link for more information about the attacks and the software that they tested it against (clamav was not included, to the best of my knowledge): http://www.aerasec.de/security/advisories/decompression-bomb-vulnerabili ty.html Just wanted some feed back from the developers if this is something we need to take a look at. Tom Walsh Network Administrator http://www.ala.net/ ------------------------------------------------------- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
