Jump to content

zip bombs with zip64 not detected

100
 Share

Recommended Posts

100

100 2

Posted
Posted (edited)

Because of this article I have downloaded the three Zip archives:

https://www.bamsoftware.com/hacks/zipbomb/

Only zblg.zip was detected as a zip bomb by Eset after the download and therefore deleted. zbsm.zip was probably too small, but zbxl.zip was probably not recognized because of zip64. 7-zip can do zip64, but of course I won't open it and don't have the courage to do a context scan with Eset.

Edited by 100
Link to comment
Share on other sites
itman

itman 1,659

Posted
Posted
3 hours ago, 100 said:

but zbxl.zip was probably not recognized because of zip64. 7-zip can do zip64, but of course I won't open it and don't have the courage to do a context scan with Eset.

Someone will have to run it on a lab test device or in a VM and see what happens.

Link to comment
Share on other sites
100

100 2

Posted
  • Author
Posted

Yes, I can confirm the detection. I also use Firefox, but inside Sandboxie and the SSL/TLS filter no longer works if Firefox is inside Sandboxie.

https://community.sophos.com/products/sandboxie/f/sandboxie-forum/113772/ssl-filtering-with-eset-doesn-t-work-with-firefox-67-0-x-in-sandboxie

But the file was detected and deleted during the download. :-)

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...