Vuln in ClamAV

I should do some more reading on this, but I am amused by the US Cert comment at the end

ClamAV PE Scanning Vulnerability
added April 14, 2008 at 09:21 am

US-CERT is aware of a report of a buffer overflow vulnerability affecting ClamAV. This heap-based buffer overflow vulnerablity may allow an attacker to execute arbitrary code on an affected system.

US-CERT recommends that users do not scan PE files from untrusted sources.

Isn’t the hole point of running an av product to test for viruses in untrusted files?

Leave a Reply

OpenID

Anonymous