Antivirus scanning update for WMF
I hung on to the last batch of 20 wmf exploit samples I had been working with for the purpose of testing my clamantivirus install against them to see when “full detection” of all 20 had been acheived. Last night, with version 1227 of the daily.cvd database, they were still detecting 8 out of the 20. Now, the signatures seem to have improved as with version 1228 of daily.cvd clamav detects all 20 as Exploit.WMF.Gen-3 FOUND
This improves the chances that those using squid with clamav scanning for web browsing have a better chance against it. That’s good news.
The bad news is that there’s been an update to the metasploit module for this exploit since those were created. Unfortunately Clamantivirus is now 0 for 20 with files from the new module. The metasploit update was reported to breeze pass current IDS signatures. Not good.
Popularity: 1% [?]
Related Posts - Version 2 of the WMF exploit vs Windows 98 SE Ok, I wasn't quite satisfied with the results of the tests against the first version of the WMF (Windows Metafile) zero day exploit that's now up to 4 or 5 days or so... Windows 98 is listed as being vulnerable, but there are no patches or workarounds currently available for......
- More testing on the second WMF exploit After my Windows 98 tests which failed to exploit the system with either the first or the second vulnerability, I started wondering how well the antivirus companies were doing in detecting this second exploit variation. I had setup and updated metasploit so I could test my Windows 98 SE install......
- Codeweavers fixes WMF vulnerability in Crossover Office There has been a bugfix release to Crossover Office, released by Codeweavers. Crossover Office is an offshoot of the Wine project, which is a windows compatibility suite for Linux, to allow Windows applications to run under modern Linux operating systems. It was found recently that wine suffered from the WMF......
Related Websites - GEVEY Sim Works on iOS 5 GM With Preserved Baseband Apple recently seeded iOS 5 GM (Golden Master) version to developers. This is the last beta build of iOS 5 released by Apple. The iOS 5 final version will be available on October 12th to the public. Update: GEVEY Sim Works on iOS 5 Final Version with Preserved Baseband And,......
- These Wordpress Plugins May help Wordpress Plugins You May Need Image by teddy-rised via Flickr I have been asked many different times from new bloggers what plugins they should use. I think a big part of it comes down to personal taste. While there are some essentials many of them are just add-on plugins......
- South Carolina 5th District House Race Updates: John Spratt and Mick Mulvaney To view other TCJ Research Polls released today, click HERE. To read our full analysis of how and why Republicans will take the Senate, click HERE. Spratt has been in office for a long time, and a win by Mulvaney could easily signify a huge shift in the House. Want to continue......
Similar Posts
- Another update to exploit?
- Antivirus vs. WMF exploit
- Version 2 of the WMF exploit vs Windows 98 SE
- Clamantivirus may get support from eEye?
- WMF exploit virus detection revisited