Virgo Pärna skrev den 2015-02-05 13:59:
Well, foxhole is something I never thought to Google:)
+1
Clamav does unpack archives recursively up to 16 levels (by default).
yep, it just create another problem, zip bomps
For clamd it is set with MaxRecursion configuration value, for clamscan
with --max-recursion=N command line switch. So that rule matches
still.
unless the scr is nasted 17 times in zip
so i think foxhole need to test if zip contains another zip, when
--max-recursion=1
And I do doubt, that such viruses are hidden deeper. I would at
least think, that odds of users accidentally executing such file would
decrease with deeper nesting.
if just end users did not press to see attachment from unknown senders,
it would be less of a problem, and if microsoft blocks installers or exe
files from unknown signers when users running administrator mode, it
would make a big diffrence
i try to defend developpers to not create clamav as a elf installer :=)
there is lots of such badnees already
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
