|
Welcome to the Arbomb utility page.
Part of the Xamime Email content control, Policy Enforcement project
News:
- 17/10/2002 - v0.0.3 released. Now can detect for excess length filenames
- 02/01/2002 - v0.0.2 released. See CHANGELOG
- 01/01/2002 - Arbomb released. Currently supports ZIP file detections.
Arbomb is a Archive "Bomb" detection utility which aims to increase the
detection rate of malicious archive files that are capable of crippling non
protected email filter servers.
Archive bombs are files which exploit the extremely good compression algorithms
available in todays common archivers [BZip2, Gzip, Zip etc] in such a way that a
seemingly innocent file will expand into a horrendous space and CPU consuming
monster which can quickly cripple your server(s).
There are a couple of different sort of archive bombs,
- File size exploders - These archive files are typically created from very
compressable input files (ie, a file full of the same content). Typically, a
couple of gigabytes of information can be stored in less than 100K of
compressed file.
- File quantity exploders - Rather than consuming disk space by expanding out
into one large file, these exploders rely on creating many thousands of small
files. This causes most file systems to quickly run out of available file
handlers and/or space due to each file consuming at least one file system block
(typically 4k on Linux).
Download:
Contact:
- Contact the author
- IRC: Server - irc.openprojects.net, Nick - inflex
- ICQ: 103642852
|