Red Hat Bugzilla – Bug 427286
CVE-2007-6596 clamav does not recognize Base64-UUEncoded files
Last modified: 2008-04-25 04:44:30 EDT
Common Vulnerabilities and Exposures assigned an identifier CVE-2007-6596 to the following vulnerability:
ClamAV 0.92 does not recognize Base64 UUEncoded archives, which allows remote attackers to bypass the scanner via a Base64-UUEncoded file.
Some do not consider this a security flaw and consider it a flaw of mail clients
which open files encoded in a nonstandard way.  It makes some sense, but it
definitely makes more sense to protect all possible clients therefore we do
consider it a problem.
I guess it is nontrivial to add and maintain a base64 decoder in our package --
is upstream going to implement this?
This is not really a security bug but rather a lack of feature. Any (massive)
attempt to bypass the uuencode decoder can be stopped with regular signatures
thanks to the fact that ClamAV additionally scans all files in raw mode.
Upstream considers this as RFE as well. I'm closing this as UPSTREAM. If this
will be implemented upstream, we'll have the "fix" after next re-base, which
happens frequently in Fedora and EPEL.