Antivirus scanning update for WMF



I hung on to the last batch of 20 wmf exploit samples I had been working with for the purpose of testing my clamantivirus install against them to see when “full detection” of all 20 had been acheived. Last night, with version 1227 of the daily.cvd database, they were still detecting 8 out of the 20. Now, the signatures seem to have improved as with version 1228 of daily.cvd clamav detects all 20 as Exploit.WMF.Gen-3 FOUND


This improves the chances that those using squid with clamav scanning for web browsing have a better chance against it. That’s good news.

The bad news is that there’s been an update to the metasploit module for this exploit since those were created. Unfortunately Clamantivirus is now 0 for 20 with files from the new module. The metasploit update was reported to breeze pass current IDS signatures. Not good.

Related Posts

Blog Traffic Exchange Related Posts
  • Version 2 of the WMF exploit vs Windows 98 SE Ok, I wasn't quite satisfied with the results of the tests against the first version of the WMF (Windows Metafile) zero day exploit that's now up to 4 or 5 days or so... Windows 98 is listed as being vulnerable, but there are no patches or workarounds currently available for......
  • Codeweavers fixes WMF vulnerability in Crossover Office There has been a bugfix release to Crossover Office, released by Codeweavers. Crossover Office is an offshoot of the Wine project, which is a windows compatibility suite for Linux, to allow Windows applications to run under modern Linux operating systems. It was found recently that wine suffered from the WMF......
  • More testing on the second WMF exploit After my Windows 98 tests which failed to exploit the system with either the first or the second vulnerability, I started wondering how well the antivirus companies were doing in detecting this second exploit variation. I had setup and updated metasploit so I could test my Windows 98 SE install......
Blog Traffic Exchange Related Websites
  • 5 Reasons To Say Goodbye To Internet Explorer Microsoft has long championed its own proprietary web browser, Internet Explorer. Internet Explorer 7.0 proves to be the current browser version promoted by the operating system behemoth. This comes installed on every computer that operates on the Windows Vista or Windows 7 operating systems. Although this Internet Explorer is the......
  • Solidifying WP Security Designed with PHP, and powered by mySQL directories, WordPress is used by an amazing 8.5% of all websites. Web delivered spyware and web page hacking are becoming progressively more common. With such a lot of web content using WordPress as a CMS, any security weaknesses in the CMS structure or......
  • Unseeded Champion Wins the Legg Mason Tennis Classic There is never a greater victory in tennis than when a relatively unheard of tennis player rises to the occasion and wins the title at a tournament. This is what happened this week at the Legg Mason Tennis Classic. Those in the audience watched as Radek Stepanek took the title......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site