[Clamav-devel] Possible bypass via gz?

Matt Olney molney at sourcefire.com
Sat Feb 22 19:08:46 EST 2014


Nope.  This isn't a vulnerability, just a false negative.


On Sat, Feb 22, 2014 at 4:46 PM, Brandon Perry <bperry.volatile at gmail.com>wrote:

> Hey guys,
>
> Is this going to need a CVE? I can forward the info onto oss-sec list
> and get a CVE assigned.
>
>
> On 02/17/2014 08:12 AM, Matt Olney wrote:
> > Thanks, Bradon.  We'll review this.
> >
> >
> > On Sun, Feb 16, 2014 at 7:29 PM, Brandon Perry <
> bperry.volatile at gmail.com>wrote:
> >
> >> Hi,
> >>
> >> Not sure if this person is using an old version of ClamAV and I haven't
> >> attempted this, but he alleges he has found a way to bypass gzip'ed
> >> tarballs by modifying a specific byte within the headers.
> >>
> >>
> >> http://www.exploit-db.com/wp-content/themes/exploit/docs/31685.pdf
> >>
> >> Hope this is the correct place to report this.
> >> _______________________________________________
> >> http://lurker.clamav.net/list/clamav-devel.html
> >> Please submit your patches to our Bugzilla: http://bugs.clamav.net
> >>
> > _______________________________________________
> > http://lurker.clamav.net/list/clamav-devel.html
> > Please submit your patches to our Bugzilla: http://bugs.clamav.net
>
> _______________________________________________
> http://lurker.clamav.net/list/clamav-devel.html
> Please submit your patches to our Bugzilla: http://bugs.clamav.net
>



More information about the clamav-devel mailing list