In association with heise online

17 June 2009, 15:35

Clam AV update fixes archive bug

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Version 0.95.2 of the open source ClamAV virus scanner resolves a bug when dealing with specially crafted RAR, ZIP and CAB archives that can be used by an attacker to conceal a virus or malware from the scanner. The manipulation to create such archives formats them incorrectly, allowing them to fool scanners into overlooking malware contained within them. Despite the corrupted format, some applications and unpackers are still able to extract the files, releasing the malware. All ClamAV users are advised to install the update. ClamAV is released under the GNU General Public License (GPL).

The problem was originally reported by security specialist Thierry Zoller, who regularly examines various virus scanners for security vulnerabilities. In addition to ClamAV, several other virus scanners have also experienced the same problem when processing faulty archives. Other published reports include products from Kaspersky, Symantec, FRISK Software International (F-Prot) and Norman Data Defense Systems.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit