[35430] in bugtraq
mcafee dat corrupted? (was: Virus scan attack)
daemon@ATHENA.MIT.EDU (Diyan Christian)
Tue Jun 22 18:44:44 2004
From: Diyan Christian <diyan@mitra.net.id>
To: bugtraq@securityfocus.com
Date: Tue, 22 Jun 2004 12:17:56 +0700
In-Reply-To: <40D44D15.1080306@dpi.inpe.br>
MIME-Version: 1.0
Content-Disposition: inline
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id: <200406221217.56815.diyan@mitra.net.id>
I'm using mcafee (linux) uvscan v4.1.60 with 4367 DAT, uvscan
dumps core even on execution of `uvscan --version`
(I'm using uvscan in smtp content-filtering).
Suspected of corrupted file transfer, I try to download the
DAT file again, but seems the DAT is corrupted from the source
(ftp.nai.com/pub/antivirus/datfiles/4.x/).
Revert back to 4366 and it runs ok.
On Saturday 19 June 2004 21:26, Joao B. Diehl wrote:
> We had this same problem with the DAT 4367. Returning to
> DAT 4366 it worked again.
>
> Nate Nord wrote:
> > Just wondering if anyone else has seen this come through their mail
> > portal. Something has caused our McAfee Webshield SMTP to seriously eat
> > processor time... to the point that it will no longer forward scanned
> > mail. I've had to temporarily bypass it until I figure out what it's
> > choking on. I saw several other posts that said this sent processors
> > into some kind of loop and this is exactly what appears to be happening
> > with our portal.
> >
> >
> > ] -----Original Message-----
> > ] From: Bipin Gautam [mailto:visitbipin@hotmail.com]
> > ] Sent: Sunday, June 13, 2004 7:33 AM
> > ] To: bugtraq@securityfocus.com
> > ] Subject: Antivirus/Trojan/Spyware scanners DoS!
> > ]
> > ]
> > ]
> > ] Hello everybody,
> > ]
> > ]
> > ]
> > ] I doubt how many Antivirus/Trojan/Spyware scanners will choak
> > ] to death while having a "manual scan" of this file. Please go
> > ] ahead and give it a try.
> > ]
> > ]
> > ]
> > ] http://www.geocities.com/visitbipin/SERVER_dwn.zip
> > ]
> > ]
> > ]
> > ] I was woundering, what would be the results if such file gets
> > ] stucked in an "AV gateway" (O;
> > ]
> > ]
> > ]
> > ] please, report your findings..... I have already been
> > ] bombarded with strange reports.
> > ]
> > ]
> > ]
> > ] regards,
> > ]
> > ]
> > ]
> > ] Bipin Gautam
> > ]
> > ] http://www.geocities.com/visitbipin/
