I lied when I said I would write in a day the details of the ClamAV bug published by idefense last week.

 ClamAV was acquired by Sourcefire, which is the software company that is responsible for the Snort IDS.

 ClamAV code needs a fair amount of refactoring to be maintainable.  The current sources are quite disturbing.  I’m not suprised there have been a number of bugs posted against in the past 6 months.  Mind you, the ClamAV website doesn’t seem to keep on its list of security advisories, all the advisories that have been posted against it.

ClamAV is being developed by Sourcefire, and are obviously working hard to get their acquirement (the source code) up to standards.


7 responses to “ClamAV.

  1. The code was terrible! I think they’re just plugging holes at the moment but it wouldn’t surprise me if they were planning on scrapping all the code and doing a full rewrite.

    They bought the brand not the code imo.

  2. When did you become a traitor to non disc, Silvio?

  3. Give the guy some slack. He is a student. If he needs the money, it’s ok. What should he be doing? Washing dishes for $2.50 an hour so he can stay loyal to the “cause”?

  4. thanasisk: Thanks for your speedy response to my comment; certainly, if one requires money for an education, and as far as I know, Silvio dropped out a while ago, and returned to college only recently, there are other diverse and creative means of earning a living, as a ‘security professional’ other than distributing vulnerabilities to the highest bidder.

  5. “libclamav/pe.c” ? Whats was it ? Integer Overflow ?

  6. Yes, Canale.

    Versions of ClamAV prior to 0.88.1 are vulnerable to an integer overflow in the pe.c header parser.

  7. I hate the Silvio C Coding Skill… 😦 it makes me nOOb 😦

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s