Avast 4.2 - Error in detection in .VHD file

[jimbo45]

Hi all

I've been testing AVAST 4.2 fairly rigorously on both VISTA X-64 and W7 7100 X-64.

Straight from the MS site I downloaded the .VHD Virtual disks (XP compatability mode)

AVAST reports that the .VHD file contains a "COMPRESSION BOMB". Now this doesn't actually tell me what this is -- but the fact that it reports something with the word BOMB in it means it can't be good.

Now as this VHD file was downloaded from the official Microsoft site I assume it HAS to be OK (or does it - I would imagine MS regularly checks its own websites - there's plenty of people out there who'd jump at a chance of attacking a MS site if they could).

I'm going to download the XP compatability mode again and have another scan.

VISTA again reports the file as CLEAN) so I think there still might be a couple of things AVAST need to fix in W7 when reading compressed or "archive" type files.

I can't post the screenshot -- once I see something with the word "BOMB" in it I immediately WIPE the entire machine. Schnell Fast, Pronto.

Cheers
jimbo

 

[rddash]

The Avast forum reports this: A decompression bomb is a file that unpacks to an enormous amount of data - thus "flooding" the unpacking engine. It's quite hard to detect such files reliably, so it's possible that it gives some false alarms ocassionally.

The entire forum is here,
Hope this helps..

 

[jimbo45]

Hi there
Thanks
It's a pity they have to use the word "Bomb" in this -- they should perhaps just say "unable to scan" or whatever. By using the word BOMB I'm sure most people would assume the file is NOT good.

Cheers
jimbo.

 

[rddash]

No problem, glad to help. And I agree about the word 'bomb', but it sure catches your attention.

 

[Win7User512]

Hi all

I've been testing AVAST 4.2 fairly rigorously on both VISTA X-64 and W7 7100 X-64.

Straight from the MS site I downloaded the .VHD Virtual disks (XP compatability mode)

AVAST reports that the .VHD file contains a "COMPRESSION BOMB". Now this doesn't actually tell me what this is -- but the fact that it reports something with the word BOMB in it means it can't be good.

Now as this VHD file was downloaded from the official Microsoft site I assume it HAS to be OK (or does it - I would imagine MS regularly checks its own websites - there's plenty of people out there who'd jump at a chance of attacking a MS site if they could).

I'm going to download the XP compatability mode again and have another scan.

VISTA again reports the file as CLEAN) so I think there still might be a couple of things AVAST need to fix in W7 when reading compressed or "archive" type files.

I can't post the screenshot -- once I see something with the word "BOMB" in it I immediately WIPE the entire machine. Schnell Fast, Pronto.

Cheers
jimbo

When I first saw that term I was pretty freakin' scared too. But then I learned it just means a compressed file that if it were to be uncompressed to be scanned would take up all the memory in the machine. So, unless you were to suspect that file was particularly vulnerable to being infected, then you don't have to worry about it.