[24480] in bugtraq
Re: Anti Virus Mailscanners DOS
daemon@ATHENA.MIT.EDU (Paul L Daniels)
Fri Mar 1 03:31:43 2002
Date: Wed, 27 Feb 2002 08:27:32 +1000
From: Paul L Daniels <pldaniels@pldaniels.com>
To: Jedi/Sector One <j@pureftpd.org>
Cc: maciel@inetd.com.br, bugtraq@securityfocus.com, vuldb@securityfocus.com,
renato@linuxsecurity.com.br
Message-Id: <20020227082732.706c8dbf.pldaniels@pldaniels.com>
In-Reply-To: <20020226062547.GA27992@c9x.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
> You can achieve this with softlimits (from daemontools), or with a
> simple script using standard shell facilities (limit/ulimit) .
>
> It doesn't require any change to your antivirus software.
The problem lies within the fact that if vendor-'X' wants to deply a software solution onto a system, they'll have to assume/hope that the administrator has set these limits (or even installed them). Additionally, each distribution/OS has it's own methods.
Whilst I guess this is a case of "Lets blame the AV makers", the issue is that they [AV software developers] decided to put in automatic, recursive uncompression tools into their own software. I know NOD32 actually left uncompression _out_ of their software due to this matter.
There are OpenSource limits testers as well.
--
Paul L Daniels http://www.pldaniels.com
Linux/Unix systems Internet Development
ICQ#103642862,AOL:cinflex,IRC:inflex
A.B.N. 19 500 721 806
