ClamAV < 0.95 Scan Evasion
Medium Nessus Plugin ID 36075
SynopsisThe remote antivirus service is affected by multiple vulnerabilities.
DescriptionAccording to its version, the clamd antivirus daemon on the remote host is earlier than 0.95. Such versions are affected by multiple vulnerabilities :
- A failure to handle certain malformed 'RAR' archive files could make it possible for certain archive files to evade detection from the scan engine. (Bug 1467)
- A failure to handle certain malformed 'RAR' archive files could send the application into an infinite loop, which could make it possible to crash the scan engine.
- A divide by zero issue when handling specially crafted 'PE' file could be used to crash the affected application. (Bug 1335)
SolutionUpgrade to ClamAV 0.95 or later.