Anti-virus software hole can knock out your system
McAfee, Trendmicro and Kaspersky affected
12 January 2004
The very software designed to protect your system may be used to bring it down, researchers have discovered.
So far, leading anti-virus software from McAfee, Trendmicro and Kaspersky has been found to contain a vulnerability in its scanning technology that can see a network grind to a halt with a full file system and no spare processing power.
AERAsec has listed McAfee Virus Scan for Linux v4.16.0, Trend Micro InterScan VirusWall 3.8 Build 1130 and Kaspersky AntiVirus for Linux 126.96.36.199 as definitely containing the hole but warns that other versions will probably contain the same problem.
The issue itself is the decompression engine included in the software which is using to open archives prior to being searched for a virus. There are missing limits when bzip2 files are checked, so an over-large file can be designed to eat up huge amounts of disk space and processing power - in effect a denial-of-service attack. Huge files of nothing but, say, zeros can be compressed to a tiny size, making a malicious attack easy and feasible.
This is clearly not a good thing and you can learn more about it here.