Network News

X My Profile
View More Activity

Clam Antivirus Vulnerability

A "critical" security flaw has been found in Clam Antivirus (ClamAV) software that attackers or viruses could exploit to take control over computers running the software.

The vulnerability has to do with the way ClamAV looks at executable programs modified by a popular free file compression utility called UPX (short for the "ultimate packer for executables"). Most bots, worms and viruses going around in e-mail these days are packed with UPX or some other type of compressor to dramatically decrease their size and often to obfuscate the contents of the file and evade detection by antivirus software.

This vulnerability is fixed in the most recent version of ClamAV for Linux/Unix systems -- version 0.88 -- downloadable here. I have used the free ClamWin (ClamAV for Windows) on one of my test machines at home for some time, and have been most impressed with its abilities. ClamWin also is affected by this flaw, so if you are using this software, be sure to grab the latest version, also 0.88.

Security Fix is checking to see if this problem also affects ClamXAV, which I have recommended as an excellent free antivirus scanner for Mac users.

On a side note, this vulnerability was discovered by researchers who reported the flaw to the software makers through TippingPoint/3com's "Zero Day Initiative," a controversial program whereby flaw-finders sell their vulnerability research to 3com.

Update, Jan. 16, 1:53 p.m. ET: It appears the Mac version of ClamAV (ClamXav) does need to be updated as well. You can download the latest version from here.

By Brian Krebs  |  January 10, 2006; 10:40 AM ET
Categories:  Latest Warnings  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   StumbleUpon   Technorati   Google Buzz   Previous: MS Windows Image Problem, Round 2?
Next: Microsoft Issues 2 More Patches

No comments have been posted to this entry.

The comments to this entry are closed.

RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company