100 2 Posted July 11, 2019 Share Posted July 11, 2019 (edited) Because of this article I have downloaded the three Zip archives: https://www.bamsoftware.com/hacks/zipbomb/ Only zblg.zip was detected as a zip bomb by Eset after the download and therefore deleted. zbsm.zip was probably too small, but zbxl.zip was probably not recognized because of zip64. 7-zip can do zip64, but of course I won't open it and don't have the courage to do a context scan with Eset. Edited July 11, 2019 by 100 Link to comment Share on other sites More sharing options...
itman 1,627 Posted July 11, 2019 Share Posted July 11, 2019 3 hours ago, 100 said: but zbxl.zip was probably not recognized because of zip64. 7-zip can do zip64, but of course I won't open it and don't have the courage to do a context scan with Eset. Someone will have to run it on a lab test device or in a VM and see what happens. Link to comment Share on other sites More sharing options...
100 2 Posted July 11, 2019 Author Share Posted July 11, 2019 Yes, the Eset lab could do it. ;-) Link to comment Share on other sites More sharing options...
itman 1,627 Posted July 14, 2019 Share Posted July 14, 2019 On 7/11/2019 at 12:52 PM, 100 said: but zbxl.zip was probably not recognized It's detected now: 100 1 Link to comment Share on other sites More sharing options...
100 2 Posted July 14, 2019 Author Share Posted July 14, 2019 Yes, I can confirm the detection. I also use Firefox, but inside Sandboxie and the SSL/TLS filter no longer works if Firefox is inside Sandboxie. https://community.sophos.com/products/sandboxie/f/sandboxie-forum/113772/ssl-filtering-with-eset-doesn-t-work-with-firefox-67-0-x-in-sandboxie But the file was detected and deleted during the download. :-) Link to comment Share on other sites More sharing options...
Recommended Posts