Welcome to GeekPolice!
HomeClamAV confirms critical bug, offers up patch
Page 1 of 1
- Doctor Inferno
Site Admin
-
OS : Windows 7 Home Premium and Ultimate X64
Anti-Malware : Kaspersky PURE and Malwarebytes' Anti-Malware
Posts : 11975
Rubies : 75702
Likes : 14 
Doctor Inferno on 16th April 2008, 7:41 am
The popular open-source antivirus scanner was vulnerable to exploits
A vulnerability in the popular open-source Clam AntiVirus scanner can be exploited by attackers to execute malicious code, a security company announced today.
The ClamAV team updated the scanner to fix the flaw today.
According to Danish bug-tracking company Secunia, a vulnerability within the ""cli_scanpe()" function in "libclamav/pe.c" could be exploited with a rigged "Upack" file. In a warning posted Monday, Secunia credited one of its own researchers, Alin Rad Pop, with finding and reporting the bug, and ranked the threat as "highly critical," its second-highest rating.
ClamAV is most often used to scan incoming file attachments at an e-mail gateway; although it's designed for Unix, versions are available for Windows. Apple Inc. also packages ClamAV with its server operating systems, including the current production version of Mac OS X Server 10.5.
About a month ago, Apple issued a massive security update that fixed nearly 90 vulnerabilities in its operating systems, including nine ClamAV bugs in Server 10.5, to bring Mac OS X's version in line with the still-current ClamAV 0.90.3.
ClamAV Version 0.93 patches the vulnerability disclosed today and can be downloaded from the open-source project's Web site.
Prior to issuing the patch, ClamAV had remotely disabled the vulnerable module, said a spokesman. "Note that 1 week ago the vulnerable module has been switched off via DCONF using a special CVD update so older installations cannot be exploited," Luca Gibelli said in an e-mail.
Users unable to deploy the patch who have also not updated ClamAV's signatures -- the program received those as CVD, or ClamAV Virus Database file -- should not scan untrusted portable executable files, Secunia recommended.
A vulnerability in the popular open-source Clam AntiVirus scanner can be exploited by attackers to execute malicious code, a security company announced today.
The ClamAV team updated the scanner to fix the flaw today.
According to Danish bug-tracking company Secunia, a vulnerability within the ""cli_scanpe()" function in "libclamav/pe.c" could be exploited with a rigged "Upack" file. In a warning posted Monday, Secunia credited one of its own researchers, Alin Rad Pop, with finding and reporting the bug, and ranked the threat as "highly critical," its second-highest rating.
ClamAV is most often used to scan incoming file attachments at an e-mail gateway; although it's designed for Unix, versions are available for Windows. Apple Inc. also packages ClamAV with its server operating systems, including the current production version of Mac OS X Server 10.5.
About a month ago, Apple issued a massive security update that fixed nearly 90 vulnerabilities in its operating systems, including nine ClamAV bugs in Server 10.5, to bring Mac OS X's version in line with the still-current ClamAV 0.90.3.
ClamAV Version 0.93 patches the vulnerability disclosed today and can be downloaded from the open-source project's Web site.
Prior to issuing the patch, ClamAV had remotely disabled the vulnerable module, said a spokesman. "Note that 1 week ago the vulnerable module has been switched off via DCONF using a special CVD update so older installations cannot be exploited," Luca Gibelli said in an e-mail.
Users unable to deploy the patch who have also not updated ClamAV's signatures -- the program received those as CVD, or ClamAV Virus Database file -- should not scan untrusted portable executable files, Secunia recommended.
Please be a GeekPolice fan on Facebook!
Have we helped you? Help us! | Doctor by day, ninja by night.
Similar topics
Create an account or log in to leave a reply
You need to be a member in order to leave a reply.
Page 1 of 1
Permissions in this forum:
You cannot reply to topics in this forum
