Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2007-12-31 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

False Positives from CA's AV for certain Javascript apps

Published: 2007-12-31
Last Updated: 2007-12-31 23:07:19 UTC
by Toby Kohlenberg (Version: 1)
0 comment(s)

We have gotten a number of reports of CA's eTrust AV and InnoculateIT AV product, AKA Vet Anti Virus, giving false positives for certain complex javascript applications.

CA has been notified and it looks like updating to signature file 31.3.5419 will solve the problem.

Keywords:
0 comment(s)

New Vulnerabilities in ClamAV

Published: 2007-12-31
Last Updated: 2007-12-31 13:51:03 UTC
by Toby Kohlenberg (Version: 1)
0 comment(s)

Roflek and Lolek of TK53 has published a couple new vulnerabilities in ClamAV. Specifically three vulnerabilities- a race condition, a way to bypass scanning in Base64 UUencoded files, and finally a failure in file existence checking that potentially allows an attacker to overwrite files. It's a good read, full details are here: http://seclists.org/fulldisclosure/2007/Dec/0625.html

Keywords:
0 comment(s)
Diary Archives