http://www.aerasec.de/security/advisories/decompression-bomb-vulnerability.html
Matt
Panda Consulting S.A. Luis Alberto Arango wrote:
Their release notes say "Among improvements introduced in version 3.16 of F-Prot Antivirus for Windows is a new method of ensuring that F-Prot Antivirus is up-to-date as soon as it has been installed with virus signature file updates now being triggered during the installation procedure of the single-user and trial products. In addition, handling of so called "archive bombs" has been greatly improved. These are archives expand tremendously that cause scanners or other programs to crash or hang because of intensive resource consumption during the scanning of hundreds of levels of archives within archives. The F-Prot Antivirus scanner now flags archive files it finds suspicious and alerts the user that the file "could be an archive bomb".
I wonder what exit code f-prot uses for an "archive bombs"?.. and how we should treat it.? Comments?
Luis
______ [Email scanned for viruses by Panda Consulting -www.pandacons.com-] [Email escaneado contra virus por Panda Consulting -www.pandacons.com-]
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
-- ===================================================== MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =====================================================
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.