From: npguy (npguywebsurfer.com.np)
Date: Tue Jun 15 2004 - 22:40:56 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> I believe further research should be don't to confirm,
>
> *ClamAV version 0.07, 0.72
> *eTrust InoculateIT version 6.0
>

you donot have complete picture and you incomplete research is
just making everyone confused. i better like to take reference
from the old advisory that gives atleast clear background

http://www.rapid7.com/advisories/R7-0004/index.html

about calm check "manager.c" of clam 0.15

    242 if(strbcasestr(filename, ".zip")) {
    243 char *args[] = { "unzip", "-P", "clam", "-o", (char *)
filename, NULL };
    244 if((userprg = getargl(opt, "unzip")))
    245 ret = clamav_unpack(userprg, args, tmpdir, user, opt);
    246 else
    247 ret = clamav_unpack("unzip", args, tmpdir, user, opt);

clam use unzip utility outside its process space. if unzip itself is
vulnerable (not in case of linux) then clam may face similar problem

Fprot is perfect!

On Tuesday 15 June 2004 08:43 pm, Bipin Gautam wrote:
> In-Reply-To: <20040614003349.4049.qmailwww.securityfocus.com>
>
>
> *F-Prot 4.4.2 for Linux did took considerable amount of time [avg: 90
> seconds] while scanning the file, there have been conflicting report...
> whether or not, F-Prot is vulnerable. But, a compressed archive can be
> crafted in a way so that F-Prot will take about an hour to scan....
>
>
> Are vulnerable.
>
> Please Note: This is just a simple proof of concept, smaller acrhives >
> 10kb can be created that contain a terabyte of data...

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]