"...the worst thing that might happen would involve crashing the player..."
No, the worst thing that might happen is that a buffer overflow results in code execution in the player's security context. With deliberate malicious code added to the MP3 data stream, this could even lead to encrypting the user's files for ransom. This sort of buffer overflow execution flaw has surfaced in other situations where "mere" passive data has led to security problems due to buggy processing, and is often being patched in various application programs. Of course, executable files (incl. less obvious ones like PDFs) pose a worse threat, but why single out MP3 among passive data formats? They are not the only big "passive" files -- TIFs can be really big these days, and various video formats even bigger (H.264, MPEG-2 etc.). On Mon, 17 Jul 2017 23:21:13 -0700 Al Varnell <[email protected]> wrote: > True MP3 files contain sounds that a media player plays. Anything > executable can't be handled by the player and the worst thing that > might happen would involve crashing the player, if that's even > possible. > > Most, if not all scanners ignore such files. They take a long time to > scan with a high probability of zero results. The only example I can > locate that comes close to maliciousness would is one that contacts > an Internet site capable of downloading actual malware. Such a site > would not last long and the actual malware will likely be found > before the download completes. > > Feel free to locate or better yet submit a sample of anything else > and you stand a chance of convincing someone that it would be worthy > of changing the policy. > > Sent from Janet's iPad > > -Al- _______________________________________________ clamav-users mailing list [email protected] http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
