Re: Friend did something similar
So I'm assuming here that he sent a sample of the recursive zip file to his email address and the virus scanner picked it up and...
What happens next is the interesting bit. Any competent virus scanner would (hopefully) be able to detect a malformed zip file and not try and parse it for eternity, and then remove it from the email. I'm guessing this is not what happened, which strongly implies that the bit of software designed to explicitly look for malicious code is pretty poor at finding it.
The severity of the result is going to depend on whether this is a single instance 'scanning' all email, or a separate thread for each email, and whether it has been designed with any sensible timeout. On balance, I think I'd probably design such a thing to use a thread pool, and scan each email on an idle thread, queueing them up if the thread limit is exceeded, and putting a sensible timeout on the processing (maybe 60 seconds which should be more than ample for most cases), with the timeout configurable. There may still be some other attack vectors to cause a denial of service, for instance flooding with multiple malformed messages, so perhaps limit the processing to one message per sender simultaneously. That's not going to deal with multiple malicious emails fro multiple senders, but that's the sort of thing that's getting into DoS prevention/mitigation territory and it has its own solutions.
Biting the hand that feeds IT
