[clamav-users] scanning mp3-files with clamscan
Reindl Harald
h.reindl at thelounge.net
Tue Jul 18 17:26:30 UTC 2017
Am 18.07.2017 um 19:21 schrieb Paul Kosinski:
> "...the worst thing that might happen would involve crashing the
> player..."
>
> No, the worst thing that might happen is that a buffer overflow results
> in code execution in the player's security context. With deliberate
> malicious code added to the MP3 data stream, this could even lead to
> encrypting the user's files for ransom.
and that happened often enough for several file formats like images, if
some malicious crashs a player you have a problem and multimedia fromats
are *well known* for security relevant bugs
phrases starting with "the worst thing that might happen" are known as
"the last famous words" and have no place in any security context at all
> On Mon, 17 Jul 2017 23:21:13 -0700
> Al Varnell <alvarnell at mac.com> wrote:
>
>> True MP3 files contain sounds that a media player plays. Anything
>> executable can't be handled by the player and the worst thing that
>> might happen would involve crashing the player, if that's even
>> possible.
>>
>> Most, if not all scanners ignore such files. They take a long time to
>> scan with a high probability of zero results. The only example I can
>> locate that comes close to maliciousness would is one that contacts
>> an Internet site capable of downloading actual malware. Such a site
>> would not last long and the actual malware will likely be found
>> before the download completes.
>>
>> Feel free to locate or better yet submit a sample of anything else
>> and you stand a chance of convincing someone that it would be worthy
>> of changing the policy.
More information about the clamav-users
mailing list