Clam AntiVirus May Fail to Detect Malware in Various Archive Format Files
|
|
SecurityTracker Alert ID: 1023829 |
|
SecurityTracker URL: http://securitytracker.com/id/1023829
|
|
CVE Reference:
CVE-2010-0098
(Links to External Site)
|
Date: Apr 7 2010
|
Impact:
Host/resource access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): prior to 0.96
|
Description:
A vulnerability was reported in Clam AntiVirus. A remote user can bypass the anti-virus detection.
A remote user can create a specially crafted archive file containing malware that, when scanned by the target anti-virus engine, will not detect the enclosed malware.
The ZIP, CAB, 7Z, and RAR archive formats are affected.
The vulnerability resides in 'libclamav/mspack.c'.
ReversingLabs Corp reported this vulnerability via CERT-FI.
|
Impact:
A remote user can create content that will bypass the anti-virus detection mechanism.
|
Solution:
The vendor has issued a fix (0.96).
The vendor's advisory is available at:
https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1826
|
Vendor URL: www.clamav.net/ (Links to External Site)
|
Cause:
State error
|
Underlying OS:
Linux (Any), UNIX (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Wed, 07 Apr 2010 17:01:46 +0000
Subject: Clam AV / Clam AntiVirus
|
ReversingLabs Corp approached CERT-FI about detection evasion attacks found in
many Antivirus software and other signature-based protection software. In
short, the case is related to falures when parsing archive formats.
?ReversingLabs Corp has crafted 15 ZIP, CAB, 7Z and RAR archive files that are
considered valid by the relevant decompressors, but signature based detection
systems cannot detect malicious content contained within them.
CVE: CVE-2010-0098
|
|
