clam use unzip utility outside its process space. if unzip itself is vulnerable (not in case of linux) then clam may face similar problem
check "manager.c" of clam 0.15 242 if(strbcasestr(filename, ".zip")) { 243 char *args[] = { "unzip", "-P", "clam", "-o", (char *) filename, NULL }; 244 if((userprg = getargl(opt, "unzip"))) 245 ret = clamav_unpack(userprg, args, tmpdir, user, opt); 246 else 247 ret = clamav_unpack("unzip", args, tmpdir, user, opt); On Monday 14 June 2004 09:36 am, Syke wrote: > $ clamscan -V > clamscan / ClamAV version 0.71 > $ clamscan SERVER_dwn.zip > SERVER_dwn.zip: Eicar-Test-Signature FOUND > > ----------- SCAN SUMMARY ----------- > Known viruses: 21951 > Scanned directories: 0 > Scanned files: 1 > Infected files: 1 > Data scanned: 20.13 MB > I/O buffer size: 131072 bytes > Time: 5.447 sec (0 m 5 s) > > No problems for me. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html