Back to Front
Contact
Journalism
CV
Pub Tour
General
Projects
Internet


Journalism - Techworld

Anti-virus software hole can knock out your system

McAfee, Trendmicro and Kaspersky affected

12 January 2004

The very software designed to protect your system may be used to bring it down, researchers have discovered.

So far, leading anti-virus software from McAfee, Trendmicro and Kaspersky has been found to contain a vulnerability in its scanning technology that can see a network grind to a halt with a full file system and no spare processing power.

AERAsec has listed McAfee Virus Scan for Linux v4.16.0, Trend Micro InterScan VirusWall 3.8 Build 1130 and Kaspersky AntiVirus for Linux 5.0.1.0 as definitely containing the hole but warns that other versions will probably contain the same problem.

The issue itself is the decompression engine included in the software which is using to open archives prior to being searched for a virus. There are missing limits when bzip2 files are checked, so an over-large file can be designed to eat up huge amounts of disk space and processing power - in effect a denial-of-service attack. Huge files of nothing but, say, zeros can be compressed to a tiny size, making a malicious attack easy and feasible.

This is clearly not a good thing and you can learn more about it here.


Back to Techworld index

Back to Techworld 2004 index



This story on Techworld





Contact | Journalism | CV | Pub Tour | General | Projects | Internet