Detections
Analytics

ClamAV < 0.95 Scan Evasion (deprecated)

high Nessus Network Monitor Plugin ID 4982

Synopsis

The remote host is missing a critical security patch or upgrade.

Description

According to its version, the clamd antivirus daemon on the remote host is earlier than 0.95. Such versions fail to handle certain malformed 'RAR' archive files, and hence it may be possible for certain archive files to evade detection from the scan engine.

Solution

Upgrade to version 0.95 or higher.

See Also

http://archives.neohapsis.com/archives/bugtraq/2009-04/0021.html

http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog (bb#1467)

http://blog.zoller.lu/2009/04/clamav-094-and-below-evasion-and-bypass.html

Plugin Details

Severity: High

ID: 4982

Family: Web Clients

Published: 4/3/2009

Updated: 3/6/2019

Nessus ID: 36075

Risk Information

VPR

Risk Factor: Medium

Score: 5.8

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 7.2

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:X/RL:O/RC:C

Reference Information

CVE: CVE-2008-6680, CVE-2009-1241, CVE-2009-1270

BID: 34344, 34357