ClamAV < 0.96 Multiple Vulnerabilities
Medium Nessus Plugin ID 45437
SynopsisThe remote antivirus service is vulnerable to a file scan evasion attack.
DescriptionAccording to its version, the clamd antivirus daemon on the remote host is earlier than 0.96. Such versions are reportedly affected by multiple vulnerabilities :
- An attacker could bypass antivirus detection by embedding malicious code in a specially crafted 'CAB' file. (1826)
- An error in the 'qtm_decompress()' function in 'libclamav/mspack.c' could lead to memory corruption when scanning a specially crafted Quantum-compressed file. (1771)
SolutionUpgrade to ClamAV 0.96 or later.