PaulDotCom mailing list archives

Re: Clamav hacking

From: Jim Halfpenny <jim.halfpenny () gmail com>
Date: Tue, 6 Sep 2011 08:30:37 +0100

You could potentially DoS a machine by submitting multiple samples for
analysis if that is permitted. Scanning can chew up a lot of CPU.

Any bugs in the decoders/dissectors in clamav could be an entry point for a
malicious sample but I am not aware of any such bugs. Think of the
complexity of having multiple decoders for binary formats, packers and such.

Regards,
Jim

On Tuesday, 6 September 2011, Nathan Gibbs <nathan () cmpublishers com> wrote:

On 9/5/2011 7:21 PM, Joel Esler wrote:

I would love anything interesting regarding hacking a network instance of

ClamAV!



--
Joel Esler
Sourcefire
OpenSource Community Manager:  Snort, ClamAV, Daemonlogger, and Razorback



;)

LOL
Joel, you already know what my ideas are.


We will get there, but lets let some people smarter than me, you
included, weigh in.


--
Sincerely,

Nathan Gibbs

Systems Administrator
Christ Media
http://www.cmpublishers.com

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

Current thread:

Clamav hacking Nathan Gibbs (Sep 05)
- Re: Clamav hacking Joel Esler (Sep 05)
  - Re: Clamav hacking Nathan Gibbs (Sep 05)
    - Re: Clamav hacking Jim Halfpenny (Sep 06)
    - Re: Clamav hacking Joel Esler (Sep 06)
    - Re: Clamav hacking Nathan Gibbs (Sep 06)
    - Re: Clamav hacking Joel Esler (Sep 06)
    - Re: Clamav hacking Nathan Gibbs (Sep 06)