Author Topic: 3.08 can identify necessary system files as "decompression bombs"  (Read 4066 times)

0 Members and 1 Guest are viewing this topic.

Offline grantwmiller

  • Newbie
  • *
  • Posts: 2
This is tricky.  OsX Snow Leopard and Leopard contain system packages which are necessary for the computer to boot, which 3.08 identifies as decompression bombs.  BE ADVISED IF IT LOOKS SYSTEM IS ISN'T LIKELY A THREAT! --gwm

Offline grantwmiller

  • Newbie
  • *
  • Posts: 2
Re: 3.07 can identify necessary system files as "decompression bombs"
« Reply #1 on: June 30, 2010, 10:27:23 PM »
I meant 3.07 in previous post.  Good thing error 13 is gone thoug. Keep up good work Czechs!

Offline zilog

  • Avast team
  • Advanced Poster
  • *
  • Posts: 957
  • or #f0; daa; add a,#a0; adc a,#40
Re: 3.07 can identify necessary system files as "decompression bombs"
« Reply #2 on: July 01, 2010, 12:30:01 PM »
I meant 3.07 in previous post.  Good thing error 13 is gone thoug. Keep up good work Czechs!

Hallo,
this is hard to solve, in general, because the file really has all properties as a hand-crafted decompression bomb. Well, we can raise those limit, but the drawback will be that some real decompression bombs won't be detected anymore.

Solution is to use exceptions on those system directories (= don't scan them). Wait please for 3.10 version, which is built right now, and will rerplace the 3.07, 08 and 09 where sdome flaws were found (all of them were consequences of apple's internal quirks - sigh).

regards,
pc
May's Law: Software efficiency halves every 18 months, compensating Moore's Law. (David May, INMOS)