ClamAV allows some malicious code through
Leopoldo Olmos
leodoc at cantv.net
Sat Jun 11 22:19:11 UTC 2005
I am using ClamAV with ClamAV-milter support on my AMD64 FC3 box.
Recently, I ran some tests on my mail server's virus scanning
capabilities provided by http://www.webmail.us.
Results:
Test #24 (non-virus): Test for the "Partial (Fragmented) Vulnerability".
<B>This does not include the Eicar virus</B>, however your mail server
should still block this since a virus can use this technique to break
itself into multiple emails, bypassing virus scanners, and reassembling
itself in your inbox. (attachment can be opened by virtually any mail
program)
Test #25 (non-virus): Attachment with a CLSID extension which may hide
the real file extension. <B>This does not include the Eicar virus</B>,
however your mail server should still block this since the CLSID
technique can be used to hide the true extension of a malicious file.
(attachment can be opened by any Windows computer)
So, be careful
Leopoldo Olmos
More information about the fedora-list
mailing list