Updates for virus scanner remove DoS vulnerabilities
Not only do virus scanners offer no absolute protection against viruses, the real problem is that they sometimes threaten system stability, or tear open new holes themselves. Which is precisely why the developers of ClamAV were recently forced to do some follow-up work on their software. Certain Base64-code MIME email attachments could crash the scanner, in effect serving as a DoS attack. Version 0.88.8 removes the problem. According to Hendrik Weimer the potential for masking malicious attachments has not been removed.
Following iDefense's report of problems associated with the processing of RAR archives, Trend Micro was also forced to do some extracurricular work. Rigged files could cause some of their products to consume nearly 100 percent of CPU resources. As a result an affected computer would no longer respond and would have to be restarted. The bug affects Trend Micro PC Cillin - Internet Security 2006, Office Scan 7.3 and Server Protect 5.58. The report does not disclose precisely which scan engine contains the bug. The hole is purportedly not part of version 8.320 for Windows products. The software vendor has released scan engine 8.150 for HPUX and AIX systems. iDefense also mentions Sophos in its report. Again, the problem was eliminated through an update.
- ClamAV 0.88.7, release notes from the developers
- Multiple Vendor Antivirus RAR File Denial of Service Vulnerability, bug report from iDefense