Arbomb Logo

Welcome to the Arbomb utility page.

Part of the Xamime Email content control, Policy Enforcement project

News:

  • 17/10/2002 - v0.0.3 released. Now can detect for excess length filenames
  • 02/01/2002 - v0.0.2 released. See CHANGELOG
  • 01/01/2002 - Arbomb released. Currently supports ZIP file detections.
Arbomb is a Archive "Bomb" detection utility which aims to increase the detection rate of malicious archive files that are capable of crippling non protected email filter servers.

Archive bombs are files which exploit the extremely good compression algorithms available in todays common archivers [BZip2, Gzip, Zip etc] in such a way that a seemingly innocent file will expand into a horrendous space and CPU consuming monster which can quickly cripple your server(s).

There are a couple of different sort of archive bombs,

  • File size exploders - These archive files are typically created from very compressable input files (ie, a file full of the same content). Typically, a couple of gigabytes of information can be stored in less than 100K of compressed file.
  • File quantity exploders - Rather than consuming disk space by expanding out into one large file, these exploders rely on creating many thousands of small files. This causes most file systems to quickly run out of available file handlers and/or space due to each file consuming at least one file system block (typically 4k on Linux).

Download:

Contact:

  • Contact the author
  • IRC: Server - irc.openprojects.net, Nick - inflex
  • ICQ: 103642852