Subscribe to the RSS feed in case you are interested in updates

Release mode: Coordinated but limited disclosure
Ref : [TZO-40-2009] - Clamav generic evasion (CAB)
Vendor : &
Status : Patched (in version 0.95.2)
CVE : none provided
Security notification reaction rating : good

Disclosure Policy :

Affected products :
- ClamAV below 0.95.2

Affected systems:
- MACOSX server,
- IBM Secure E-mail Express Solution for System
Others :

I. Background
Quote: "Clam AntiVirus is an open source (GPL) anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways. It provides a number of utilities including a flexible and scalable multi-threaded
daemon, a command line scanner and advanced tool for automatic database updates. The core of the package is an anti-virus engine available in a form of shared library. "

II. Description
The parsing engine can be bypassed by manipulating CAB (Filesize) archives in a "certain way" that the Clamav engine cannot extract the content but the end user is able to.

III. Impact

To know more about the impact and type of "evasion", I updated the  description at

IV. Disclosure timeline

Nothing particular too note.


Post a Comment