Good day ClamAV and Steve
I have a client declaring that ClamAV signatures is not detecting zip bombs.
https://www.bamsoftware.com/hacks/zipbomb/
I took the liberty of spinning up a vagrant instance to find out for myself.
Here you can see I scanned the zip file, thats made available from the
above site. As you can see, clamav (inconjunction with Sanesecurity),
the file passed.
vagrant@stretch:~/src$ clamscan zbsm.zip
zbsm.zip: OK
----------- SCAN SUMMARY -----------
Known viruses: 8944025
Engine version: 0.101.4
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 63.13 MB
Data read: 0.04 MB (ratio 1616.20:1)
Time: 196.787 sec (3 m 16 s)
Here you can see the list of signatures loaded / available.
https://pastebin.com/raw/SyHcrYVX
If the community or anyone can look into this and / or make a signature
available, it would be appreciated.
Many thanks, regards
Brent Clark
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
