Clam AV update fixes archive bug
Version 0.95.2 of the open source ClamAV virus scanner resolves a bug when dealing with specially crafted RAR, ZIP and CAB archives that can be used by an attacker to conceal a virus or malware from the scanner. The manipulation to create such archives formats them incorrectly, allowing them to fool scanners into overlooking malware contained within them. Despite the corrupted format, some applications and unpackers are still able to extract the files, releasing the malware. All ClamAV users are advised to install the update. ClamAV is released under the GNU General Public License (GPL).
The problem was originally reported by security specialist Thierry Zoller, who regularly examines various virus scanners for security vulnerabilities. In addition to ClamAV, several other virus scanners have also experienced the same problem when processing faulty archives. Other published reports include products from Kaspersky, Symantec, FRISK Software International (F-Prot) and Norman Data Defense Systems.
See also:
- Announcing ClamAV 0.95.2, ClamAV 0.95.2 release announcement.
- Antivirus software as a malware gateway, a report from The H.
- Security problems in multiple anti-virus products, a report from The H.
- F-PROT and AVG show vulnerabilities when processing folders, a report from The H.
- Multiple anti-virus products with archive processing vulnerabilities, a report from The H.
- Weaknesses in several virus scanners, a report from The H.
- Vulnerabilities in several security products, a report from The H.
(crve)