ClamAV does not use 7-Zip for file extraction. It does use LZMA-SDK which is a library made by the 7-zip team to decompress lzma, xz, and some other compression formats.
Regarding the 7-Zip vulnerability that you referenced, that has to do with extracting ZIP archvies with 7-Zip on Windows. ClamAV doesn't use 7-zip or LZMA-SDK for ZIP handling. To be certain, I did try the Python script to craft a PoC and test it with ClamAV on Windows. I didn't see any unusual behavior. ClamAV scanned the archive and its contents correctly without following any symlinks or anything. I hope that helps. Respectfully, Val Valerie Snyder (she/they) ClamAV Development Talos Cisco Systems, Inc. ________________________________ From: clamav-users <[email protected]> on behalf of Tamás Strausz via clamav-users <[email protected]> Sent: Tuesday, December 2, 2025 7:55 AM To: [email protected] <[email protected]> Cc: Tamás Strausz <[email protected]> Subject: [clamav-users] Inquiry on 7-Zip Vulnerabilities Impact and Mitigation ClamAV Hi, We have the following inquiry about a potential vulnerability: As we see ClamAV uses 7-Zip for file extraction. Given the recently reported vulnerabilities in 7-Zip (reference: PoC Exploit for 7-Zip Vulnerabilities that Allows Remote Code Execution<https://cybersecuritynews.com/poc-exploit-7-zip-vulnerabilities/>), would like to confirm whether ClamAV is affected. Thank you for your response in advance! Best Regards / Üdvözlettel -- Tamás Strausz Software Engineering Team Lead www.opswat.com<https://www.opswat.com/> [A picture containing graphical user interface Description automatically generated]<https://www.opswat.com/> [Icon - Blogs]<https://www.opswat.com/blog> [Icon - LinkedIn] <https://www.linkedin.com/company/opswat/> [Icon - Facebook] <https://www.facebook.com/OPSWAT/> [cid:6e55d9bc-4674-4b1e-826e-f4dc0a4c1b25] <https://twitter.com/OPSWAT> [cid:afe5ffb9-e26b-4d27-bed3-076e87f467e0] <https://www.youtube.com/@OpswatInc> The content of this message is confidential. If you have received it by mistake, please inform us by an email reply and then delete the message. It is forbidden to copy, forward, or in any way reveal the contents of this message to anyone. Stay connected with us for the latest insights and updates. 👉 Follow us on LinkedIn<https://www.linkedin.com/company/opswat/?utm_campaign=GLB-BRAND&utm_source=opswat-team&utm_medium=referrals&utm_content=outlook-signature>, Facebook<https://www.facebook.com/OPSWAT/?utm_campaign=GLB-BRAND&utm_source=opswat-team&utm_medium=referrals&utm_content=outlook-signature>, X<https://x.com/OPSWAT/?utm_campaign=GLB-BRAND&utm_source=opswat-team&utm_medium=referrals&utm_content=outlook-signature> or Instagram<https://www.instagram.com/opswat/?utm_campaign=GLB-BRAND&utm_source=opswat-team&utm_medium=referrals&utm_content=outlook-signature> Subscribe to our YouTube<https://www.youtube.com/@OpswatInc/?utm_campaign=GLB-BRAND&utm_source=opswat-team&utm_medium=referrals&utm_content=outlook-signature> channel for more valuable content Explore our free community site: 👉 www.metadefender.com<https://www.metadefender.com/?utm_campaign=GLB-BRAND&utm_source=opswat-team&utm_medium=referrals&utm_content=outlook-signature> Access product downloads, support, and more at: 👉 my.opswat.com<https://my.opswat.com/?utm_campaign=GLB-BRAND&utm_source=opswat-team&utm_medium=referrals&utm_content=outlook-signature>
_______________________________________________ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
