Re: Re: clamav and magic byte

To: <fw@deneb.enyo.de>
Cc: <debian-security@lists.debian.org>
Subject: Re: Re: clamav and magic byte
From: "Andrey Bayora" <andrey@securityelf.org>
Date: Thu, 3 Nov 2005 23:04:54 +0200
Message-id: <[🔎] 007301c5e0ba$41af17e0$0501a8c0@home>

Hi  Florian,

> "...Andrey Bayora just describes one way to create new viruses, there are
countless others."

Please, read http://www.securityelf.org/magicbyteadv.html - there are 13 CVE
numbers issued for this BUG.
If it is not - why AV vendors issues patches for this "issue"?
The "new viruses" opinion comes mostly from AV companies that did not want
to believe that their AV has such trivial BUG.
http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0556.html

But, you don't must to accept my point of view.

Regards,
Andrey Bayora.


* Geoff Crompton:

> Anyone know if clamav is vulnerable to the magic byte detection evasion
> issue discussed at http://www.securityfocus.com/bid/15189?
>
> Or alternatively, can anyone work out if it is vulnerable?

It is vulnerable only in the sense that it doesn't detect viruses for
which there aren't any signatures yet.

In <http://www.securityelf.org/magicbyte.html>, Andrey Bayora just
describes one way to create new viruses, there are countless others.

Reply to:

Follow-Ups:
- Re: clamav and magic byte
  - From: Florian Weimer <fw@deneb.enyo.de>

Prev by Date: volunteer computer-geek to help us for FREE? please contact !
Next by Date: Re: clamav and magic byte
Previous by thread: Re: clamav and magic byte
Next by thread: Re: clamav and magic byte
Index(es):
- Date
- Thread