ClamAV < 0.95 Scan Evasion (deprecated)

High Nessus Network Monitor Plugin ID 4982

Synopsis

The remote host is missing a critical security patch or upgrade.

Description

According to its version, the clamd antivirus daemon on the remote host is earlier than 0.95. Such versions fail to handle certain malformed 'RAR' archive files, and hence it may be possible for certain archive files to evade detection from the scan engine.

Solution

Upgrade to version 0.95 or higher.

See Also

http://archives.neohapsis.com/archives/bugtraq/2009-04/0021.html

http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog (bb#1467)

http://blog.zoller.lu/2009/04/clamav-094-and-below-evasion-and-bypass.html

Plugin Details

Severity: High

ID: 4982

Family: Web Clients

Published: 2009/04/03

Modified: 2018/09/16

Dependencies: 1735, 8314

Nessus ID: 36075

Risk Information

Risk Factor: High

CVSSv2

Base Score: 7.8

Temporal Score: 6.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

CVSSv3

Base Score: 7.5

Temporal Score: 7.2

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS3#E:X/RL:O/RC:C

Reference Information

CVE: CVE-2008-6680, CVE-2009-1270, CVE-2009-1241

BID: 34344, 34357