You are right. But more than that, merely *reading* a file will exercise such code. I wonder if anybody has devised a file which exploits such a kernel bug? (Shudder.)
After I wrote my objection, I realized that to be even more safe, one should scan removable disks at the block level before mounting them. But given the capacity these days of even USB thumb drives, this approach is pretty much impractical. Beside, what looks like a USB thumb drive might actually act as a USB keyboard! (In fact, I think somebody built a prototype.) On Fri, 09 Jun 2023 18:15:39 -0700 Kenneth Porter <sh...@sewingwitch.com> wrote: > Filesystems are also files, interpreted by kernel-level filesystem drivers. > Some filesystems have a compression feature. Scanning ANY file exercises > such code. _______________________________________________ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
