<<< Date Index >>>     <<< Thread Index >>>

Re: [Full-Disclosure] [ GLSA 200501-46 ] ClamAV: Multiple issues



Trog wrote:
On Tue, 2005-02-01 at 14:41 -0800, Dack wrote:

By sending a base64 encoded image file in a URL an attacker could evade
virus scanning.

It's somewhat harsh to single out ClamAV for this issue. AFAICT, the
only two virus scanners that do currently protect against this are

What mail clients, if any, would execute a virus encoded in this manner?
Is this a gaping hole in other mail anti-virus systems, or do most
clients just ignore this kind of data?


I really haven't tested mail clients, but Thunderbird would be the most
likely.


Nopes. Thunderbird, being a client designed to run under a plethora of platforms, doesn't bother with executing code at all unless explicitly asked to. In my opinion that's one of its greatest feature.