[Full-Disclosure] Antivirus/Trojan/Spyware scanners DoS!
npguy
npguy at websurfer.com.np
Mon Jun 14 06:53:22 BST 2004
clam use unzip utility outside its process space. if unzip itself is
vulnerable (not in case of linux) then clam may face similar problem
check "manager.c" of clam 0.15
242 if(strbcasestr(filename, ".zip")) {
243 char *args[] = { "unzip", "-P", "clam", "-o", (char *)
filename, NULL };
244 if((userprg = getargl(opt, "unzip")))
245 ret = clamav_unpack(userprg, args, tmpdir, user, opt);
246 else
247 ret = clamav_unpack("unzip", args, tmpdir, user, opt);
On Monday 14 June 2004 09:36 am, Syke wrote:
> $ clamscan -V
> clamscan / ClamAV version 0.71
> $ clamscan SERVER_dwn.zip
> SERVER_dwn.zip: Eicar-Test-Signature FOUND
>
> ----------- SCAN SUMMARY -----------
> Known viruses: 21951
> Scanned directories: 0
> Scanned files: 1
> Infected files: 1
> Data scanned: 20.13 MB
> I/O buffer size: 131072 bytes
> Time: 5.447 sec (0 m 5 s)
>
> No problems for me.
Full-Disclosure is hosted and sponsored by Secunia.