At 05:02 AM 10/5/2005, TAC Forums wrote:
Hi,
Can somebody please point me to some info about the viruses that use
the logical bombs like oversized.zip ?
Search google.
No actual viruses use this technique, but fall under the rather vague
category of "malicious files."
These aren't real viruses, just a specially created small zip file
that will expand to a very large or infinite size, with the intent to
fill the hard drive of anyone who tries to unzip the file. The files
by themselves don't cause any harm, but filling a hard drive can
cause a Denial of Service until someone deletes the offending
file. These aren't new; they appeared shortly after zip files first
appeared. It then didn't take long before someone noticed that you
could crash AV scanners by feeding them one of these. Now, all
antivirus scanners detect these and will either alert the user or
just not scan them.
ClamAV is configurable, and can either detect or ignore, whichever
the sysadmin prefers.
--
Noel Jones
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
