ClamAV < 0.96 Multiple Vulnerabilities

Medium Nessus Plugin ID 45437


The remote antivirus service is vulnerable to a file scan evasion attack.


According to its version, the clamd antivirus daemon on the remote host is earlier than 0.96. Such versions are reportedly affected by multiple vulnerabilities :

- An attacker could bypass antivirus detection by embedding malicious code in a specially crafted 'CAB' file. (1826)

- An error in the 'qtm_decompress()' function in 'libclamav/mspack.c' could lead to memory corruption when scanning a specially crafted Quantum-compressed file. (1771)


Upgrade to ClamAV 0.96 or later.

See Also

Plugin Details

Severity: Medium

ID: 45437

File Name: clamav_0_96.nasl

Version: $Revision: 1.13 $

Type: remote

Family: Misc.

Published: 2010/04/07

Modified: 2014/05/25

Dependencies: 39436

Risk Information

Risk Factor: Medium


Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:clamav:clamav

Required KB Items: Antivirus/ClamAV/version, Settings/ParanoidReport

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2010/04/02

Vulnerability Publication Date: 2010/04/07

Reference Information

CVE: CVE-2010-0098, CVE-2010-1311

BID: 39262

OSVDB: 63818, 63861

Secunia: 39329