Beware Anti-Virus Software Hole

McAfee, Trendmicro and Kaspersky affected

By Kieren McCarthy, Techworld

The very software designed to protect your system may be used to bring it
down, researchers have discovered.

So far, leading anti-virus software from McAfee, Trendmicro and Kaspersky
has been found to contain a vulnerability in its scanning technology that
can see a network grind to a halt with a full file system and no spare
processing power.

AERAsec has listed McAfee Virus Scan for Linux v4.16.0, Trend Micro
InterScan VirusWall 3.8 Build 1130 and Kaspersky AntiVirus for Linux 5.0.1.0
as definitely containing the hole but warns that other versions will
probably contain the same problem. The issue itself is the decompression
engine included in the software which is using to open archives prior to
being searched for a virus. There are missing limits when bzip2 files are
checked, so an over-large file can be designed to eat up huge amounts of
disk space and processing power - in effect a denial-of-service attack. Huge
files of nothing but, say, zeros can be compressed to a tiny size, making a
malicious attack easy and feasible.

On Mon, 12 Jan 2004 22:51:12 GMT, "DF" <junkontheweb@hotmail.com>
wrote:

>McAfee, Trendmicro and Kaspersky affected
>
>By Kieren McCarthy, Techworld
>
>The very software designed to protect your system may be used to bring it
>down, researchers have discovered.
>
>So far, leading anti-virus software from McAfee, Trendmicro and Kaspersky
>has been found to contain a vulnerability in its scanning technology that
>can see a network grind to a halt with a full file system and no spare
>processing power.
>
>AERAsec has listed McAfee Virus Scan for Linux v4.16.0, Trend Micro
>InterScan VirusWall 3.8 Build 1130 and Kaspersky AntiVirus for Linux 5.0.1.0
>as definitely containing the hole but warns that other versions will
>probably contain the same problem. The issue itself is the decompression
>engine included in the software which is using to open archives prior to
>being searched for a virus. There are missing limits when bzip2 files are
>checked, so an over-large file can be designed to eat up huge amounts of
>disk space and processing power - in effect a denial-of-service attack. Huge
>files of nothing but, say, zeros can be compressed to a tiny size, making a
>malicious attack easy and feasible.

lol, more scaremongering.
Yes it's possible, but it's not exactly going to destroy society as we
know it. Anyway resource hogging AVs are nothing new. Norton for
instance has been around for years.

Files are scanned before executed so although this is interesting and
may require a software update for some AVs the systems they protect
are still secure. Although saying that, my hat goes off to them for
thinking up something better this time than that viruses transmitted
through images twoddle.

Sounds strange, like a virus hoax, latest version.

1.) No proper name given
2.) "speaking" e-mail address: junkontheweb@hotmail.com

Could it be an ad for Aerasec? I won't look at their site!
Or a hungry troll?

Turan

Also McAfee version 4.16.0 is 2 revisions back. The current version is
4.32.0


"DF" <junkontheweb@hotmail.com> wrote in message
news:AxFMb.33583$Rc4.128402@attbi_s54...
> McAfee, Trendmicro and Kaspersky affected
>
> By Kieren McCarthy, Techworld
>
> The very software designed to protect your system may be used to bring it
> down, researchers have discovered.
>
> So far, leading anti-virus software from McAfee, Trendmicro and Kaspersky
> has been found to contain a vulnerability in its scanning technology that
> can see a network grind to a halt with a full file system and no spare
> processing power.
>
> AERAsec has listed McAfee Virus Scan for Linux v4.16.0, Trend Micro
> InterScan VirusWall 3.8 Build 1130 and Kaspersky AntiVirus for Linux
5.0.1.0
> as definitely containing the hole but warns that other versions will
> probably contain the same problem. The issue itself is the decompression
> engine included in the software which is using to open archives prior to
> being searched for a virus. There are missing limits when bzip2 files are
> checked, so an over-large file can be designed to eat up huge amounts of
> disk space and processing power - in effect a denial-of-service attack.
Huge
> files of nothing but, say, zeros can be compressed to a tiny size, making
a
> malicious attack easy and feasible.
>
>
>