Package: clamav Version: 0.88.7-1 Severity: grave Tags: security While the new 0.88.7 version fixes CVE-2006-6406 and CVE-2006-6481 the update introduces another flaw that lets viruses pass undetected. If a virus is nested deeper than the --max-mail-recursion limit, the file will pass and ClamAV's exit code indicates that the file was scanned properly.
Again, details, PoC, and discussion can be found at http://www.quantenblog.net/security/virus-scanner-bypass. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]