Michael S. Gilbert wrote: > The following CVE (Common Vulnerabilities & Exposures) ids were > published for clamav. > > CVE-2008-5525[0]: > | ClamAV 0.94.1 and possibly 0.93.1, when Internet Explorer 6 or 7 is > | used, allows remote attackers to bypass detection of malware in an > | HTML document by placing an MZ header (aka "EXE info") at the > | beginning, and modifying the filename to have (1) no extension, (2) a > | .txt extension, or (3) a .jpg extension, as demonstrated by a document > | containing a CVE-2006-5745 exploit.
Hi, This is an Internet Explorer issue and has got nothign to do with ClamAV. In fact clamd/clamscan are file-based scanners and cannot know the content type returned by the web server nor the original file extension: ClamAV scans a binary file looking like an MZ executable as an MZ executable. If other 3rd party applications choose to render a binary executable file as HTML, there is nothing ClamAV can do to stop them. -aCaB -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
