ReversingLabs Corp reported a deficiency in the way Clam AntiVirus checked / scanned ZIP, CAB, 7Z and RAR archive files for presence of viruses. Providing a specially-crafted archive file could allow an attacker to bypass the traditional viruses detection mechanisms (resulting in archive with malicious content to be considered as valid). Upstream bug report: [1] https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1826 Upstream patch: [2] http://git.clamav.net/gitweb?p=clamav-devel.git;a=commit;h=158c35e81a25ea5fda55a2a7f62ea9fec2e883d9 References: [3] http://secunia.com/advisories/39329/ Credit: ReversingLabs Corp
This issue affects the versions of the clamav package, as shipped with Fedora release of 11 and 12. This issue affects the versions of the clamav package, as present in EPEL-4 and EPEL-5 repositories. Please fix.
Created Fedora tracking bugs for clamav: All versions: bug #580676