ClamAV < 0.88.7 MIME-encoded Scan Bypass (deprecated)

Medium Nessus Network Monitor Plugin ID 3842


The antivirus product can be tricked into not scanning potentially malicious files.


The remote host is running the ClamAV antivirus client version.
This version of ClamAV is vulnerable to a flaw where file scanning can be bypassed by passing malformed MIME-encoded requests. An attacker exploiting this flaw would be able to send malicious files through the antivirus product without detection.


Upgrade to version 0.88.7 or higher.

See Also

Plugin Details

Severity: Medium

ID: 3842

File Name: 3842.prm

Family: Web Clients

Published: 2006/12/06

Modified: 2016/02/05

Dependencies: 1735, 8314

Risk Information

Risk Factor: Medium


Base Score: 4.8

Temporal Score: 3.8

Vector: CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:N

Temporal Vector: CVSS2#E:POC/RL:OF/RC:ND


Base Score: 5.3

Temporal Score: 4.7


Temporal Vector: CVSS3#E:P/RL:O/RC:X

Reference Information

CVE: CVE-2006-6405, CVE-2006-6406, CVE-2006-6407, CVE-2006-6408, CVE-2006-6409, CVE-2006-6481, CVE-2006-5874

BID: 21609, 21510, 21461