Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: Fr33k on June 15, 2004, 06:50:30 PM
-
I have tested Avast! with the Antivirus Scanners DoS attack as reported on bugtraq. I finally got tired of waiting for the manual scan to complete after several minutes, and I cancelled the operation. Is Alwil aware of this? Is there a fix in progress?
Avast! Professional 4.1.418
-
Don't understand what you want to say?
-
I do undestand. The archives you mean.
We're aware of that and looking at possibilities to be as immune as possible... although it's not entirely possbile...
-
The following was reported on bugtraq. (securityfocus.com)
I doubt how many Antivirus/Trojan/Spyware scanners will choak to death while having a "manual scan" of this file. Please go ahead and give it a try.
http://www.geocities.com/visitbipin/SERVER_dwn.zip
I was woundering, what would be the results if such file gets stucked in an "AV gateway"
I tested this file, and Avast! can't find the Escar file in the zip.
In my experience, once an exploit is reported it's only a matter of time before it is seen in the wild. I was asking if Awlil was aware of the problem and if they are working on a solution.
-
Actually on my P4/3GHz the eicar is found in about 3 minutes... but anyway it's not good. We'll find a solution.
Please note that this ZIP is actually one of many - similar techniques exist and have been shown for all major archive formats and use different tricks. So a general solution is not really simple to find...
-
Yup. It takes a while for avast! to complete scan. It took less then 9 Sec for Command Antivirus to complete scan.
tECHNODROME
-
I tested it again without stopping it. Big mistake.
AMD XP-M 2500+ Avast Professional
After 20+ minutes the scanner crashed because it ran out of disk space. It used all 20G of free space I had. I had to restart and manualy delete the temp files.
I ran a boot scan and it scanned the zip quickly but did not find the eicar.
Tried a different machine.
AMD 64-M 3000+ Avast Home
Found the eicar in 11 minutes with no other problems. I did not try the boot scan on this machine. (40G of free disk space)
-
Strange...
nforce2 AMD XP3200+ , 1GB DDR400, STRIP SATA Raid, Windows XP Pro SP2 RC2
1st scan
Avast Pro needed 128seconds to find it
Avast Pro used 6MB temp space
GOTCHAAAAAAAAAAAAAAAAAAA
i renamed and i moved this file to another folder
2nd scan
D:\Downloads\a\111111111111111111111111111111111111111111234SERVER_dwn.zip
used right mouse menu Find Viruses in <filename>
then i repeated scan
scanner IMMEDIATELY become use 400MB of RAM and instead of using 6MB of space, it used 20MB / second, draining over 2GB of temp space and crashing ...
3rd scan
i was trying to pust close at window to stop Avast scanning but scanner freezed and refused to free used avast's TEMP files in TEMP folder ...
serious flaws :)
-
So this is something more like decompression bombs? Nice :) ;)
-
Well this IS a decompression bomb, nothing else...
-
Actually this flaw is only noticeble if you use Archive real-time scanning (useless) and all files scanning (also quiet useless).