[Dshield] Decompression Bombs

Kenneth Coney superc at visuallink.com
Sat Feb 7 13:23:26 GMT 2004


That's about right.  Long gone are the days of instantly downloading and 
reading the emails.  Five years ago it took less than a minute to put the 
morning's mail in viewable format.  These days with 187 or so spams and 
malware mixed in the batch it is get mail, then leave the room for coffee. 
  Usually the mail is readable with the spam and malware auto trashed upon 
return after the coffee is done.  Some of it is because the list of virus 
definitions is so long, some is the amount of emails to be filtered, some 
of it is CPU and bandwidth limitations.  If the email account was a target 
of hostile intent and 8,187 emails were waiting (or if I didn't check the 
email for a week or two) it is conceivable that clicking get mail will 
start a process that will end around lunch time.  By then new mail will 
have arrived.


Subject: Re: [Dshield] Decompression Bombs
From: "Alonzo Hess" <alonzo.hess at uavco.com>
Date: Fri, 6 Feb 2004 15:46:42 -0500
To: "General DShield Discussion List" <list at dshield.org>

----- Original Message -----
From: "Jim Race" <vimages at well.com>
To: "General DShield Discussion List" <list at dshield.org>
Sent: Friday, February 06, 2004 2:36 PM
Subject: Re: [Dshield] Decompression Bombs



 >> Alonzo Hess wrote:
 >>
 >
 >>> > Norton AV Corp edition 8.00.9374
 >>> > Scan Engine 4.1.0.15
 >>> > defs dated 2/5/04 rev5
 >>> >
 >>> > scanned 4369 files and didn't complain about it.
 >
 >>
 >> And how long did that take to scan?
 >>
 >> Now multiply that by 100 copies of the thing, with random names.
 >>
 >> Ulp.
 >>
 >> -jim
 >>

Jim,
   28 seconds on a desktop 1.8Ghz w/512 ram

Alonzo Hess Jr
Systems Administrator
United American Video
803.548.1056 xt1163









More information about the list mailing list