Theres a new clamav version, I only heard about it from our security
people a couple hours ago. It has security fixes, too.
-------- Original Message --------
>>> From: firstname.lastname@example.org
>>> To: email@example.com
>>> Cc: firstname.lastname@example.org
>>> July 25, 2005
>>> ClamAV is the most widely used GPL antivirus library today. It provides
>>> file format support for virus analysis. During analysis ClamAV
>>> Library is vulnerable to buffer overflows allowing attackers complete
>>> control of the system. These vulnerabilities can be exploited remotely
>>> without user interaction or authentication through common protocols
>>> as SMTP, SMB, HTTP, FTP, etc.
>>> Specifically, ClamAV is responsible for parsing multiple file formats.
>>> At least 4 of its file format processors contain remote security bugs.
>>> Specifically, during the processing of TNEF, CHM, & FSG formats an
>>> attacker is able to trigger several integer overflows that allow
>>> attackers to overwrite heap data to obtain complete control of the
>>> system. These vulnerabilities can be reached by default and triggered
>>> without user interaction by sending an e-mail containing crafted data.
>>> Successful exploitation of ClamAV protected systems allows attackers
>>> unauthorized control of data and related privileges. It also provides
>>> leverage for further network compromise. ClamAV implementations are
>>> likely vulnerable in their default configuration.
>>> Affected Products
>>> ClamAV – 0.86.1 (current) and prior
>>> There are numerous implementations of ClamAV listed on their site which
>>> are likely vulnerable. One party of note is Apple. Apple includes
>>> by default in Mac OS X Server. In addition, ClamAV has been ported to
>>> windows and a variety of other platforms by third parties who’s
>>> implementations are also likely vulnerable. Refer to vendor for
>>> These vulnerabilities were discovered and researched by Neel Mehta &
>>> Alex Wheeler.
Scott Dier <email@example.com>
CS/IT Systems Staff