Am 18.07.2017 um 19:21 schrieb Paul Kosinski:
"...the worst thing that might happen would involve crashing the
player..."
No, the worst thing that might happen is that a buffer overflow results
in code execution in the player's security context. With deliberate
malicious code added to the MP3 data stream, this could even lead to
encrypting the user's files for ransom.
and that happened often enough for several file formats like images, if
some malicious crashs a player you have a problem and multimedia fromats
are *well known* for security relevant bugs
phrases starting with "the worst thing that might happen" are known as
"the last famous words" and have no place in any security context at all
On Mon, 17 Jul 2017 23:21:13 -0700
Al Varnell <alvarn...@mac.com> wrote:
True MP3 files contain sounds that a media player plays. Anything
executable can't be handled by the player and the worst thing that
might happen would involve crashing the player, if that's even
possible.
Most, if not all scanners ignore such files. They take a long time to
scan with a high probability of zero results. The only example I can
locate that comes close to maliciousness would is one that contacts
an Internet site capable of downloading actual malware. Such a site
would not last long and the actual malware will likely be found
before the download completes.
Feel free to locate or better yet submit a sample of anything else
and you stand a chance of convincing someone that it would be worthy
of changing the policy.
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
