[24470] in bugtraq
Re: Anti Virus Mailscanners DOS
daemon@ATHENA.MIT.EDU (David F. Skoll)
Fri Mar 1 01:51:55 2002
Date: Mon, 25 Feb 2002 18:52:51 -0500 (EST)
From: "David F. Skoll" <dfs@roaringpenguin.com>
To: "Eduardo R. Maciel" <maciel@inetd.com.br>
Cc: bugtraq@securityfocus.com, <vuldb@securityfocus.com>,
Renato LinuxSecurity <renato@linuxsecurity.com.br>
In-Reply-To: <20020225162902.2279bf0d.maciel@inetd.com.br>
Message-ID: <Pine.LNX.4.44.0202251849510.1085-100000@shishi.roaringpenguin.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
On Mon, 25 Feb 2002, Eduardo R. Maciel wrote:
> An antivirus mailscanner should check the filesizes inside a
> compressed file like .tar.gz, .zip, .bz2, etc, BEFORE open the file
> for scanning.
MIMEDefang, in its normal configuration, does not look inside compressed
files or archives.
In general, I believe it is unwise for any virus scanner to look
inside compressed files or archives unless explicitly told to do so in
an interactive invocation. The extra steps required to open such
files and extract and execute the viral payload make it highly
unlikely that viruses would propagate in this way.
Viruses rely heavily on social engineering for propagation. Archives
and compression make such social engineering difficult.
--
David.
