On Sep 30, 2004, at 1:08 PM, ralf bosz wrote:
I have just upgraded to the latest version of ClamAV that is said to be able
to detect the new JPEG vulnerability. I'm using ClamAV with MailScanner to
scan e-mail. How can I test to see if ClamAV is indeed detecting the JPEG
exploit?
Download an example here: http://www.easynews.com/virus.html (watch it, it's a real virus, don't open it on unpatched system, it may crash your pc) and scan it, or check the logging for Exploit.JPEG.
This bug enabling the exploit is only affecting Windows, correct? Just to be clear. I thought I read some chatter about the buffer overflow being possible on other platforms, but I may have been mistaken...there's so much of this stuff flying around these days...
Currently about 20 hits a day for possible exploit.jpeg's.
This is the part that worries me. Are these verified as exploit, or are they possible FP's? And is there a way to check if a system has been compromised?
-Bart
_______________________________________________ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
