Re: Re: clamav and magic byte
Hi Florian,
> "...Andrey Bayora just describes one way to create new viruses, there are
countless others."
Please, read http://www.securityelf.org/magicbyteadv.html - there are 13 CVE
numbers issued for this BUG.
If it is not - why AV vendors issues patches for this "issue"?
The "new viruses" opinion comes mostly from AV companies that did not want
to believe that their AV has such trivial BUG.
http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0556.html
But, you don't must to accept my point of view.
Regards,
Andrey Bayora.
* Geoff Crompton:
> Anyone know if clamav is vulnerable to the magic byte detection evasion
> issue discussed at http://www.securityfocus.com/bid/15189?
>
> Or alternatively, can anyone work out if it is vulnerable?
It is vulnerable only in the sense that it doesn't detect viruses for
which there aren't any signatures yet.
In <http://www.securityelf.org/magicbyte.html>, Andrey Bayora just
describes one way to create new viruses, there are countless others.
Reply to: