Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: adoria0000 on March 04, 2010, 01:56:32 PM

Title: Defending Libpng Applications Against Decompression Bombs
Post by: adoria0000 on March 04, 2010, 01:56:32 PM
About the following things, is avast!5 affected?

Security Advisory for libpng-1.4.0 and earlier, 27 February 2010
http://libpng.sourceforge.net/ADVISORY-1.4.1.html

Defending Libpng Applications Against Decompression Bombs
http://libpng.sourceforge.net/decompression_bombs.html
Title: Re: Defending Libpng Applications Against Decompression Bombs
Post by: adoria0000 on March 05, 2010, 03:27:36 PM
bump
Title: Re: Defending Libpng Applications Against Decompression Bombs
Post by: pfcpremosgirl on March 15, 2010, 01:17:45 AM
This is the first time I have gotten a "decompression bomb" result in my avast scan. There are two unable to scan:decompression files, and one that came up unable to scan: reached the end of file. The files are as follows: Starcraft+BroodWar+UpdatePatch1.151+CD Key/StarCraftBroodWar.iso\INSTALL.EXE. All three files are related to StarCraft BroodWar. I am imagining this is some type of game? My husband may have downloaded this before he deployed. Should I just leave this be? Move it? It won't let me put it into the chest. Would just having these game files on the computer slow it down? Please advise! Thank you!
Title: Re: Defending Libpng Applications Against Decompression Bombs
Post by: Lisandro on March 15, 2010, 02:55:58 AM
Decompression bomb is a file that may be rather small, but decompresses to an enormous amount of data (when processed as a packed archive). Such file are not malicious per se, but they may block an antivirus program when it tries to scan them.
This kind of files is rather hard to detect (and avoid) precisely - so, it is possible that there are some false alarms. It's not a big problem in this case, however - the "decompression bomb" announcement actually means something like "The file has a very high, maybe even suspicious, compression ratio and the AV is not going to scan the archive content".

I'd suggest to ignore these files.