Antivirus scanning update for WMF



I hung on to the last batch of 20 wmf exploit samples I had been working with for the purpose of testing my clamantivirus install against them to see when “full detection” of all 20 had been acheived. Last night, with version 1227 of the daily.cvd database, they were still detecting 8 out of the 20. Now, the signatures seem to have improved as with version 1228 of daily.cvd clamav detects all 20 as Exploit.WMF.Gen-3 FOUND


This improves the chances that those using squid with clamav scanning for web browsing have a better chance against it. That’s good news.

The bad news is that there’s been an update to the metasploit module for this exploit since those were created. Unfortunately Clamantivirus is now 0 for 20 with files from the new module. The metasploit update was reported to breeze pass current IDS signatures. Not good.

Related Posts

Blog Traffic Exchange Related Posts
  • WMF Exploit -- it's worse... This is going to be a rough start to the new year for IT staff and computer users.... There's coverage at Incidents.org, the sunbeltblog and f-secure of the latest twist in what will likely be a BIG mess to clean up. It looks like there's a someone spamming emails to......
  • WMF exploit vs. Windows 98 again... If you've visited here in the last few days, you'll have noticed that I've been trying to test the WMF exploit against a Windows 98 Virtual machine since January 1st. I initially started out with a default install, which didn't work, (for the exploit), then added irfanview (didn't work), tried......
  • NEW exploit for the WMF vulnerability Just when you thought we had a good understanding of the recent zero-day WMF (Windows metafile exploit) it's worse. Sans is reporting on a new variation on the exploit released today. They have gone to yellow (again) to warn people. Here are some details. This exploit was "made by the......
Blog Traffic Exchange Related Websites
  • These Wordpress Plugins May help Wordpress Plugins You May Need Image by teddy-rised via Flickr I have been asked many different times from new bloggers what plugins they should use. I think a big part of it comes down to personal taste.  While there are some essentials many of them are just add-on plugins......
  • Unseeded Champion Wins the Legg Mason Tennis Classic There is never a greater victory in tennis than when a relatively unheard of tennis player rises to the occasion and wins the title at a tournament. This is what happened this week at the Legg Mason Tennis Classic. Those in the audience watched as Radek Stepanek took the title......
  • GEVEY Sim Works on iOS 5 GM With Preserved Baseband Apple recently seeded iOS 5 GM (Golden Master) version to developers. This is the last beta build of iOS 5 released by Apple. The iOS 5 final version will be available on October 12th to the public. Update: GEVEY Sim Works on iOS 5 Final Version with Preserved Baseband And,......
PDF24    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site