Zip of Death attack

Julian Field jkf at
Sat Sep 1 20:33:42 IST 2001

Well, we've just had our first "zip of death" denial of service attack. An
email message had a file called "" attached to it (42,374 bytes long)
which would have required 53,000 Tbytes of storage to unpack.

Interestingly, Sophos didn't run out of memory or disk space or anything
like that, so at least it didn't take the server out. However, it just went
away to scan the file for a *very* long time (I killed it after several
hours). I killed the "sweep" process that was trying to scan it and
MailScanner picked up where it left off, scanning the rest of the queue.

Not perfect, so I may have a go at Sophos about their software's behaviour
in this situation...
Julian Field                Teaching Systems Manager
jkf at         Dept. of Electronics & Computer Science
Tel. 023 8059 2817          University of Southampton
                             Southampton SO17 1BJ

More information about the MailScanner mailing list