JPEG Virus

Rick Cooper rcooper at DWFORD.COM
Tue Sep 28 18:39:53 IST 2004


> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK]On
> Behalf Of Spicer, Kevin
> Sent: Tuesday, September 28, 2004 10:19 AM
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Re: JPEG Virus
>
>
>
>
> -----Original Message-----
>  From: Leonardo Helman [mailto:mailscanner at LISTS.COM.AR]
>
> > ClamAV JPEG Exploit (MS04-028) Detection
>  >    nervoso - 2004-09-28 06:30   -   Clam AntiVirus
>  >ClamAV 0.80rc3 successfuly detects JPEG files with modified comment
>  section that allows >attackers to remotely execute arbitrary code on
>  unpatched Windows machines.
>
>
> >I was running the stable version, 0.75-1, but it didn't catch this.
>  >I didn't have trouble with the upgrade (from sources), the rpm isn't
>  there yet.
>
> That's because this kind of detection is only supported with 0.80rc3
>  (and maybe 0.80rc2?)
>

0.80rc2 doesn't detect it, must use 0.80rc3

Rick

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).



More information about the MailScanner mailing list