RE: [Declude.Virus] F-Prot 3.16 question.

2004-11-19 Thread Panda Consulting S.A. Luis Alberto Arango 
Their release notes say
Among improvements introduced in version 3.16 of F-Prot Antivirus for
Windows is a new method of ensuring that F-Prot Antivirus is up-to-date as
soon as it has been installed with virus signature file updates now being
triggered during the installation procedure of the single-user and trial
products. In addition, handling of so called archive bombs has been
greatly improved. These are archives expand tremendously that cause scanners
or other programs to crash or hang because of intensive resource consumption
during the scanning of hundreds of levels of archives within archives. The
F-Prot Antivirus scanner now flags archive files it finds suspicious and
alerts the user that the file could be an archive bomb.


I wonder what exit code f-prot uses for an archive bombs?.. and how we
should treat it.?
Comments?

Luis


__
[Email scanned for viruses by Panda Consulting -www.pandacons.com-]
[Email escaneado contra virus por Panda Consulting -www.pandacons.com-]

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.Virus.The archives can be found
at http://www.mail-archive.com.

Re: [Declude.Virus] F-Prot 3.16 question.

2004-11-19 Thread Matt 
There are all sorts of these, also known as decompression bombs.  Many 
AV scanners have code to stop at least some of the exploits, but I don't 
know if this presents an issue with Declude (I don't think so because I 
don't think that Declude performs any form of decompression on it's own, 
but I could be wrong).

   
http://www.aerasec.de/security/advisories/decompression-bomb-vulnerability.html

Matt

Panda Consulting S.A. Luis Alberto Arango wrote:
Their release notes say
Among improvements introduced in version 3.16 of F-Prot Antivirus for
Windows is a new method of ensuring that F-Prot Antivirus is up-to-date as
soon as it has been installed with virus signature file updates now being
triggered during the installation procedure of the single-user and trial
products. In addition, handling of so called archive bombs has been
greatly improved. These are archives expand tremendously that cause scanners
or other programs to crash or hang because of intensive resource consumption
during the scanning of hundreds of levels of archives within archives. The
F-Prot Antivirus scanner now flags archive files it finds suspicious and
alerts the user that the file could be an archive bomb.
I wonder what exit code f-prot uses for an archive bombs?.. and how we
should treat it.?
Comments?
Luis
__
[Email scanned for viruses by Panda Consulting -www.pandacons.com-]
[Email escaneado contra virus por Panda Consulting -www.pandacons.com-]
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.Virus.The archives can be found
at http://www.mail-archive.com.
 

--
=
MailPure custom filters for Declude JunkMail Pro.
http://www.mailpure.com/software/
=
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.Virus.The archives can be found
at http://www.mail-archive.com.