Anti-Virus Dependent Vulnerabilities in E-mail Infrastructure Security

{A-D-V-E-I-S)

A description of any technique that uses "unanticipated" file formats and/or E-mail headers to interfere with anti-virus software. The interference can be a simple nuisance or, worse, cause the anti-virus software to do something it isn't supposed to (e.g., shut down a server).

The basic problem revolves around the possibility of programming errors in the anti-virus software. Since the anti-virus software runs at a very low level in the system, any errors it may generate could propagate up through the system and maybe even shut it down. One simple example might be a zero-length .COM file. At one time such a file would have hung some anti-virus software and if that software were running on a server, would have hung the server as well and required a server restart. This is more than just a nuisance in today's world where such things as servers are extensively used and typically, if they handle E-mail, will also be running some form of anti-virus software.

This isn't new; it was highlighted in a ZDNet News article back in August 1999 and has been known for some time before that. Rob Rosen­ber­g, editor at VMyths.com has been discussing this topic for some time as well.

More Information

• ZDNet Article
• VMyths