I just saw the existing thread on clamav-users, my bad! Sorry to rehash the obvious. Please disregard...
c0uch On Jan 7, 2008 4:23 PM, c0uchw4rrior <[EMAIL PROTECTED]> wrote: > Hi all, > > On Sun Dec 30 there was a post to the Full Disclosure mailing list > regarding several vulnerabilities in ClamAV 0.92. I haven't seen any > discussion on the clamav-devel list and can't seem to find a Bugzilla > entry for these issues. > > The authors seem to have identified a race condition in cli_gentempfd > that he claims can be used to get malicious files past the Clam > engine. They also discuss a bypass using Base64-UUEncoded files, as > well as insecure file handling in sigtool. > > Have any of the ClamAV developers looked at this vulnerability > disclosure? Are these real issues? > > http://seclists.org/fulldisclosure/2007/Dec/0625.html > > Many thanks, > c0uch > _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
