Zip of Death
Mike Kercher
mike at CAMAROSS.NET
Tue Jun 10 03:31:47 IST 2003
I just ran it through my system. It appears that Sophos is scanning each
embedded zip file. This could take a while! :)
Mike
> -----Original Message-----
> From: MailScanner mailing list
> [mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf Of Ernest W. Lessenger
> Sent: Monday, June 09, 2003 4:09 PM
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Re: Zip of Death
>
>
> I just sent it through my system and both the primary
> (f-prot) and secondary (Norman AV) scanners caught it. Trend
> Micro running on my computer caused a blue-screen in Windows XP :)
>
> Good news is I don't think my proxy server will be affected
> by this particular file. Bad news is I now know how to create
> one that will kill it. I'll have get the developer to patch :(
>
> --Ernest
>
> At 04:55 PM 6/9/2003 -0400, you wrote:
> >I sent this thru my current MS setup and CLAMAV found it in a
> >hearbeat!!!!
> >
> >Thanks for the resource link!
> >Michael Weiner
> >
> >-----Original Message-----
> >From: Steffan Henke [mailto:henker at SHCOM.US]
> >Sent: Monday, June 09, 2003 4:43 PM
> >To: MAILSCANNER at JISCMAIL.AC.UK
> >Subject: Re: Zip of Death
> >
> >On Mon, 9 Jun 2003, Ernest W. Lessenger wrote:
> >
> > > I'd be happy to know how to defend against this (presumably by
> > > watching
> >out
> > > for a loop in the decompression routing), or happier to have a
> > > sample to test with. PLEASE DON'T EMAIL IT LIVE!!!!
> >
> >You could download a testfile from here: http://www.fefe.de/
> , it's the
> >link "why anti viruses don't work" at the bottom of the page. Norton
> >seems to choke on it, not sure about other products.
> >
> >Regards,
> >
> >Steffan
>
More information about the MailScanner
mailing list