Zip of Death

Mike Kercher mike at CAMAROSS.NET
Tue Jun 10 03:36:40 IST 2003


Sophos sweep finished scanning the 42.zip and found it to be a denial of service
attack.

Mike


> -----Original Message-----
> From: MailScanner mailing list
> [mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf Of Mike Kercher
> Sent: Monday, June 09, 2003 9:32 PM
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Re: Zip of Death
>
>
> I just ran it through my system.  It appears that Sophos is
> scanning each embedded zip file.  This could take a while! :)
>
> Mike
>
>
> > -----Original Message-----
> > From: MailScanner mailing list
> [mailto:MAILSCANNER at JISCMAIL.AC.UK] On
> > Behalf Of Ernest W. Lessenger
> > Sent: Monday, June 09, 2003 4:09 PM
> > To: MAILSCANNER at JISCMAIL.AC.UK
> > Subject: Re: Zip of Death
> >
> >
> > I just sent it through my system and both the primary
> > (f-prot) and secondary (Norman AV) scanners caught it. Trend Micro
> > running on my computer caused a blue-screen in Windows XP :)
> >
> > Good news is I don't think my proxy server will be affected by this
> > particular file. Bad news is I now know how to create one that will
> > kill it. I'll have get the developer to patch :(
> >
> > --Ernest
> >
> > At 04:55 PM 6/9/2003 -0400, you wrote:
> > >I sent this thru my current MS setup and CLAMAV found it in a
> > >hearbeat!!!!
> > >
> > >Thanks for the resource link!
> > >Michael Weiner
> > >
> > >-----Original Message-----
> > >From: Steffan Henke [mailto:henker at SHCOM.US]
> > >Sent: Monday, June 09, 2003 4:43 PM
> > >To: MAILSCANNER at JISCMAIL.AC.UK
> > >Subject: Re: Zip of Death
> > >
> > >On Mon, 9 Jun 2003, Ernest W. Lessenger wrote:
> > >
> > > > I'd be happy to know how to defend against this (presumably by
> > > > watching
> > >out
> > > > for a loop in the decompression routing), or happier to have a
> > > > sample to test with. PLEASE DON'T EMAIL IT LIVE!!!!
> > >
> > >You could download a testfile from here: http://www.fefe.de/
> > , it's the
> > >link "why anti viruses don't work" at the bottom of the
> page. Norton
> > >seems to choke on it, not sure about other products.
> > >
> > >Regards,
> > >
> > >Steffan
> >
>



More information about the MailScanner mailing list