Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 6 subscribers
  • Views 6087 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

What is a "zip bomb"?

babauer
This scan aborted after 8 seconds.
No notice or warning was presented.
What is a "zip bomb"?<br>
Scan started at 2011-03-04 15:36:00 -0500
2011-03-04 15:36:08 -0500 Issue: scan was aborted (possibly due to a zip bomb) while scanning file: /Volumes/Time Machine/Backups.backupdb/Brahma/2009-09-16-141431/G5/.de037a.be3/.de037a.be2/.de037a.be0/.de037a.963/.de037a.962/Installers/Adobe Creative Suite 3 Design Premium 1.0.log.gz

Scan started at 2011-03-04 15:36:00 -0500
2011-03-04 15:36:08 -0500 Issue: scan was aborted (possibly due to a zip bomb) while scanning file: /Volumes/Time Machine/Backups.backupdb/Brahma/2009-09-16-141431/G5/.de037a.be3/.de037a.be2/.de037a.be0/.de037a.963/.de037a.962/Installers/Adobe Creative Suite 3 Design Premium 1.0.log.gz

:1002255


This thread was automatically locked due to age.
Parents
  • 0

    Here's the short explanation:

    A "Zip Bomb" is a zip file constructed in such a way such that decompressing it takes an inordinate amount of time and file storage.  When SAV encounters such a file, it generally aborts scanning that file after a predetermined amount of time, to prevent affecting performance too much.  I'm not sure why there's no GUI feedback on this (I'm sure the devs will see the thread and will add that item to their "to do" list).

    In your case, Adobe Creative Suite 3 Design Premium 1.0.log.gz is a gzipped log file, and is probably quite large when unpacked.  The engine decided that it wasn't worth attempting to complete unpacking, so it threw an error and stopped scanning the file.  The result is that you have an archive that is unverified (it *could* contain something malicious).  I agree that the UI should alert you to this fact.

    :1002303
Reply
  • 0

    Here's the short explanation:

    A "Zip Bomb" is a zip file constructed in such a way such that decompressing it takes an inordinate amount of time and file storage.  When SAV encounters such a file, it generally aborts scanning that file after a predetermined amount of time, to prevent affecting performance too much.  I'm not sure why there's no GUI feedback on this (I'm sure the devs will see the thread and will add that item to their "to do" list).

    In your case, Adobe Creative Suite 3 Design Premium 1.0.log.gz is a gzipped log file, and is probably quite large when unpacked.  The engine decided that it wasn't worth attempting to complete unpacking, so it threw an error and stopped scanning the file.  The result is that you have an archive that is unverified (it *could* contain something malicious).  I agree that the UI should alert you to this fact.

    :1002303
Children
No Data