On Tue, 14 Jul 2009 17:27:04 +1000 (EST) David Shrimpton <d.shrimp...@its.uq.edu.au> wrote:
> Hi, > > 0.95.2, clamav has closed a bug #1554 > > https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1554 > > where an archive embedded in say a bitmap file was not > detected and searched for viruses , but the archive would be detected > by popular unarchivers. > > However, when I test, an ecrypted zip embedded in another file is not > reported as Encrypted.Zip when ArchiveBlockEncrypted is on in clamd.conf, > so it would still be possible to send a virus within an encrypted zip > by simply appending a few bytes to the start of the archive. Hi David, indeed, something's wrong with the detection of encrypted zips embedded into other files. Please open a bug report at bugs.clamav.net and we'll investigate it. The problem can be worked around with this basic signature: $ echo "Encrypted.Zip:1:*:*:*:*:*:*:*" > /usr/local/share/clamav/encrypted.zmd (you may need to replace /usr/local/share/clamav with your local db directory) Thanks, -- oo ..... Tomasz Kojm <tk...@clamav.net> (\/)\......... http://www.ClamAV.net/gpg/tkojm.gpg \..........._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Tue Jul 14 09:58:35 CEST 2009 _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml