[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] [ GLSA 200501-46 ] ClamAV: Multiple issues

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-Disclosure] [ GLSA 200501-46 ] ClamAV: Multiple issues
From: exon <exon@xxxxxxx>
Date: Wed, 02 Feb 2005 20:17:46 +0100

Trog wrote:

On Tue, 2005-02-01 at 14:41 -0800, Dack wrote:

By sending a base64 encoded image file in a URL an attacker could evade
virus scanning.


It's somewhat harsh to single out ClamAV for this issue. AFAICT, the
only two virus scanners that do currently protect against this are


What mail clients, if any, would execute a virus encoded in this manner?
Is this a gaping hole in other mail anti-virus systems, or do most
clients just ignore this kind of data?

I really haven't tested mail clients, but Thunderbird would be the most
likely.

Nopes. Thunderbird, being a client designed to run under a plethora of platforms, doesn't bother with executing code at all unless explicitly asked to. In my opinion that's one of its greatest feature.

References:
- [ GLSA 200501-46 ] ClamAV: Multiple issues
  - From: Sune Kloppenborg Jeppesen
- Re: [Full-Disclosure] [ GLSA 200501-46 ] ClamAV: Multiple issues
  - From: Trog
- Re: [Full-Disclosure] [ GLSA 200501-46 ] ClamAV: Multiple issues
  - From: Dack
- Re: [Full-Disclosure] [ GLSA 200501-46 ] ClamAV: Multiple issues
  - From: Trog

Prev by Date: Windows Security Checklists - 10 Parts
Next by Date: Portcullis Advisory 05-009 Update, Webseries Payment Application
Previous by thread: Re: [Full-Disclosure] [ GLSA 200501-46 ] ClamAV: Multiple issues
Next by thread: SAME LADY, DIFFERENT HAT: REELY
Index(es):
- Date
- Thread