Clam Antivirus Vulnerability
A "critical" security flaw has been found in Clam Antivirus (ClamAV) software that attackers or viruses could exploit to take control over computers running the software.
The vulnerability has to do with the way ClamAV looks at executable programs modified by a popular free file compression utility called UPX (short for the "ultimate packer for executables"). Most bots, worms and viruses going around in e-mail these days are packed with UPX or some other type of compressor to dramatically decrease their size and often to obfuscate the contents of the file and evade detection by antivirus software.
This vulnerability is fixed in the most recent version of ClamAV for Linux/Unix systems -- version 0.88 -- downloadable here. I have used the free ClamWin (ClamAV for Windows) on one of my test machines at home for some time, and have been most impressed with its abilities. ClamWin also is affected by this flaw, so if you are using this software, be sure to grab the latest version, also 0.88.
On a side note, this vulnerability was discovered by researchers who reported the flaw to the software makers through TippingPoint/3com's "Zero Day Initiative," a controversial program whereby flaw-finders sell their vulnerability research to 3com.
Update, Jan. 16, 1:53 p.m. ET: It appears the Mac version of ClamAV (ClamXav) does need to be updated as well. You can download the latest version from here.
The comments to this entry are closed.