Zip of Death
Ernest W. Lessenger
ernest at OACYS.COM
Mon Jun 9 22:09:19 IST 2003
I just sent it through my system and both the primary (f-prot) and
secondary (Norman AV) scanners caught it. Trend Micro running on my
computer caused a blue-screen in Windows XP :)
Good news is I don't think my proxy server will be affected by this
particular file. Bad news is I now know how to create one that will kill
it. I'll have get the developer to patch :(
At 04:55 PM 6/9/2003 -0400, you wrote:
>I sent this thru my current MS setup and CLAMAV found it in a hearbeat!!!!
>Thanks for the resource link!
>From: Steffan Henke [mailto:henker at SHCOM.US]
>Sent: Monday, June 09, 2003 4:43 PM
>To: MAILSCANNER at JISCMAIL.AC.UK
>Subject: Re: Zip of Death
>On Mon, 9 Jun 2003, Ernest W. Lessenger wrote:
> > I'd be happy to know how to defend against this (presumably by watching
> > for a loop in the decompression routing), or happier to have a sample to
> > test with. PLEASE DON'T EMAIL IT LIVE!!!!
>You could download a testfile from here: http://www.fefe.de/ ,
>it's the link "why anti viruses don't work" at the bottom of the page.
>Norton seems to choke on it, not sure about other products.
More information about the MailScanner