I tried the 'virus' perl script posted on
http://www.quantenblog.net/security/virus-scanner-bypass
and the problem is somewhat fixed in (at least) 0.90.2: when the virus
is nested under the maximum recursion level (default to 65) the virus
is detected. When is nested over this limit, it
Stephen Gran [EMAIL PROTECTED] writes:
We could return OverNesteded.MIME as the virus name, I suppose, but I
have had plenty of complaints over the years about the various block max
settings, so I'm not sure this is always the right thing to do either.
We could change clamscan's exit code,
* Stephen Gran:
I'm not sure what clamav should do here. What algorithm do you suggest
for infinitely recursive scanning without memory exhaustion or other
physical limits being hit?
MIME has been designed to support one-pass, streaming processing.
Therefore, the only thing you need to store
Package: clamav
Version: 0.88.7-1
Severity: grave
Tags: security
While the new 0.88.7 version fixes CVE-2006-6406 and CVE-2006-6481 the
update introduces another flaw that lets viruses pass undetected. If a
virus is nested deeper than the --max-mail-recursion limit, the file
will pass and
This one time, at band camp, Hendrik Weimer said:
While the new 0.88.7 version fixes CVE-2006-6406 and CVE-2006-6481 the
update introduces another flaw that lets viruses pass undetected. If a
virus is nested deeper than the --max-mail-recursion limit, the file
will pass and ClamAV's exit code
5 matches
Mail list logo
