On April 12, the security company SonicWALL announced Day Zero protection against vulnerability in Clam AntiVirus. The press release (see: http://biz.yahoo.com/prnews/060412/sfw078.html?.v=47) bewildered ClamAV developers. The problem described in the press release was… already fixed in the 0.88.1 version of ClamAV published on April 4. Moreover, it was ranked by the Clam AntiVirus programmers as low risk.

Information about “Clam AntiVirus Win32-UPX Heap Overflow” was posted to bugtraq (url: http://seclists.org/lists/bugtraq/2006/Apr/0174.html) on
April 6, by a member of the security group Overflow.pl . It described a potential heap overflow in the UPX unpacker. In its press release, SonicWALL failed to mention that the bug was already fixed and what’s even most important: the problem was impossible to exploit on properly configured systems. In fact, only the ClamAV installations with archive scan limits completely disabled were vulnerable to the heap overflow, however such incorrectly configured systems were at the same time vulnerable to many other attacks such as archive bombs.

It’s the opinion of Clam AntiVirus authors that these security companies and researchers should take more care about information they are publishing.
The ClamAV project always offers them help understanding its internals. (0 comments)