PDA

View Full Version : ClamAV confirms critical bug, offers up patch



OMEN
04-15-2008, 10:37 AM
The popular open-source antivirus scanner was vulnerable to exploits
A vulnerability in the popular open-source Clam AntiVirus scanner can be exploited by attackers to execute malicious code, a security company announced today.

The ClamAV team updated the scanner to fix the flaw today.

According to Danish bug-tracking company Secunia, a vulnerability within the ""cli_scanpe()" function in "libclamav/pe.c" could be exploited with a rigged "Upack" file. In a warning posted Monday, Secunia credited one of its own researchers, Alin Rad Pop, with finding and reporting the bug, and ranked the threat as "highly critical," its second-highest rating.

ClamAV is most often used to scan incoming file attachments at an e-mail gateway; although it's designed for Unix, versions are available for Windows. Apple Inc. also packages ClamAV with its server operating systems, including the current production version of Mac OS X Server 10.5.

About a month ago, Apple issued a massive security update that fixed nearly 90 vulnerabilities in its operating systems, including nine ClamAV bugs in Server 10.5, to bring Mac OS X's version in line with the still-current ClamAV 0.90.3.

ClamAV Version 0.93 patches the vulnerability disclosed today and can be downloaded from the open-source project's Web site.

Prior to issuing the patch, ClamAV had remotely disabled the vulnerable module, said a spokesman. "Note that 1 week ago the vulnerable module has been switched off via DCONF using a special CVD update so older installations cannot be exploited," Luca Gibelli said in an e-mail.

Users unable to deploy the patch who have also not updated ClamAV's signatures -- the program received those as CVD, or ClamAV Virus Database file -- should not scan untrusted portable executable files, Secunia recommended.

Compworld