ClamAV 0.94.1 to phone home

Wednesday, October 15th, 2008

The release candidate for version 0.94.1 of clam antivirus and they are eager for people to get out and test it. There is a new feature in this release called “malware statistics gathering” that will pass along observed malware information back to – they hope to be posting statistics on their site. In order […]

Good sarc monitoring tip

Wednesday, August 23rd, 2006

Sarc is still in their month of security tips per day and todays is another good one. Todays tip is about monitoring machines, particularly those that “defend” your network. (Mail antivirus scanners/ proxy fitlers/scanners/etc.) The core of the advice is to not just ping – that only tells you if the system exists and is […]

Clamav 0.88.4 and prior DoS

Monday, August 7th, 2006

According to a denial of service vulnerability has been noted in all versions of clamav prior to 0.88.4 (inclusive). At incidents last report the download for 0.88.4 was back after disappearing for a while which seemed to indicate a fix, however. I wasn’t aware 0.88.4 had been released before today (?). It looks as […]

Clamav 0.88.2 for Mandrake 10.0 rpms

Wednesday, May 3rd, 2006

Since I have a few old Mandrake 10.0 servers out there churning along, I’ve rebuilt the Clamav package to reflect the recent security fix version 0.88.2 is up on the site at As always, the rpms are here more for my convenience than anything else, rebuilt straight from the cooker package and built on […]

OK – just fresh off the 5 wordpress install updates and now clamav…

Friday, April 7th, 2006

So, I spent the better part of the evening doing WordPress updates to get 5 blogs up to v. 2.0.2 and now….. clamav has multiple vulnerabilities …………… oi…. now it’s time to rebuild clamav to install on 2 machines……    Send article as PDF   

Clamav vulnerability

Tuesday, January 10th, 2006

There’s a security fix available for a vulnerability in Clamantivirus. Version 0.88 fixes the vulnerability which could allow a remote attacker to control a machine running clamantivirus. The Security Fix has coverage on this, and the update can be found at the clamav site. This affects ClamWin as well, available here    Send article as […]

Another update to exploit?

Thursday, January 5th, 2006

I didn’t see this reported anywhere, but since yesterday when there was an update to the metasploit module for the WMF vulnerability I think there’s been yet another update. I read yesterday that it had been updated and could evade all known IDS signatures. I downloaded the update to continue my Win98 testing. Then today […]

Antivirus scanning update for WMF

Wednesday, January 4th, 2006

I hung on to the last batch of 20 wmf exploit samples I had been working with for the purpose of testing my clamantivirus install against them to see when “full detection” of all 20 had been acheived. Last night, with version 1227 of the daily.cvd database, they were still detecting 8 out of the […]

More WMF exploit testing on Windows 98

Sunday, January 1st, 2006

I’ve spent some more effort on trying to infect Windows 98 SE in a virtual machine with some of the exploit samples I can find. The first attempt was at a website with the .wmf download. No luck infecting the system there. Then, I’ve loaded up the image and visited kyeu dot info/WMF/ and tried […]

WMF zero-day exploit first hand experience

Thursday, December 29th, 2005

Well, I’ve just spent the better part of 6 hours (maybe a bit more) “sacrificing” a virtual machine to the zero-day Windows Meta File (WMF) exploit and all the malware that comes in. I picked one site from the sunbeltblog list to infect the virtual machine with and can attest to it being quite nasty. […]