Cisco's open source antivirus has just received a new update making it more efficient.
O ClamAV an antivirus developed by Cisco Systems, the world leader in open source IT and networking solutions, is famous among Linux and BSD users. Multiplatform, ClamAV is available for many operating systems such as: Windows, Linux, BSD, Solaris and macOS. An interesting alternative in detecting Trojans, viruses, malware and other threats.
Cisco recently released a new version of its antivirus, ClamAV 0.101.3, eliminating a vulnerability that could allow a denial of service attack by transferring a ZIP file. Obviously, this file should be prepared in advance and with such malicious intent. This threatens a variation of the non-recursive zip bomb, also known by other names (death or decompression bomb).
The zip pump can block or disable the program or system on which to attempt to unzip it. With a monstrous decompression load such a file tries to achieve the maximum zip format compression rate, around 28 million times. For example, a 10MB zip bomb file will unpack approximately 281 TB of data (no computer can handle it). The intent of this technique is to open virus holes in the system during all this overhead, disabling or hindering the use of antivirus in the machine (this is if software for this purpose is installed, otherwise it will be one step less for the zip pump).
The new version of ClamAV 0.101.3 can identify the zip bomb and its variants, as well as update the integrated libmspack library, eliminating data leakage by opening a specially designed chm file (CVE-2019-1010305). In parallel a beta version of the new branch of ClamAV 0.102 was presented. This version transferred the open file scan of the clamd process to the separate clamonacc. This allows clamd to work without the need for elevated root privileges.
File support (ESTsoft) was implemented and the freshclam program redesigned, this allowed for the addition of HTTPS and the ability to work with request mirrors on no-80 network ports.
Do you use antivirus in your Linux distro? We will soon demonstrate how easy it is to install ClamAV antivirus, and in which scenarios its use would be extremely valid.
At l stay tuned in the blog Diolinux and join our community Diolinux Plus.
I wait for you next post, SYSTEMATICALLY!
_____________________________________________________________________________ See any errors or would you like to add any suggestions to this article? Collaborate, click here.
