Detections
Analytics
ClamAV < 0.95.2 File Scan Evasion (deprecated)
medium Nessus Network Monitor Plugin ID 5073
Synopsis
The remote host is running an anti-virus application that is affected by a file scan evasion vulnerability.Description
According to its version, the clamd anti-virus daemon on the remote host is earlier than 0.95.2. Such versions are reportedly affected by a file scan evasion vulnerability. An attacker could exploit this flaw by embedding malicious code in a specially crafted 'CAB', 'RAR', or 'ZIP' archive in order to bypass the anti-virus software.Solution
Upgrade to ClamAV 0.95.2 or later.See Also
http://blog.zoller.lu/2009/05/advisory-clamav-generic-bypass.html
Plugin Details
Severity: Medium
ID: 5073
Family: Web Clients
Published: 8/18/2004
Updated: 3/6/2019