Advisory published at: http://int21.de/cve/CVE-2008-1387-clamav.html clamav: Endless loop / hang with crafter arj, CVE-2008-1387 References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1387 http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog http://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html Description CERT-FI published an advisory with a large number of samples of crafted archives. The file with the md5sum b6046d890e6bd304e3756c88b989559a (named b6046d890e6bd304e3756c88b989559a.arj) hangs clamav with high load. If you're running clamav on a mailserver, an attacker can DoS your Server remotely by sending some mails with the archive attached. Workaround/Fix clamav 0.93 fixes this issue beside other security issues, if you're running clamav you should upgrade as soon as possible. Disclosure Timeline 2008-03-17 CERT-FI publishes advisory 2008-03-26 Vendor contacted 2008-03-27 Vendor approves issue 2008-04-14 Vendor releases 0.93 2008-04-16 Advisory published CVE Information The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2008-1387 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org/), which standardizes names for security problems. Credits and copyright This vulnerability was discovered by Hanno Boeck of schokokeks.org webhosting. It's licensed under the creative commons attribution license. Hanno Boeck, 2008-04-16, http://www.hboeck.de -- Hanno Böck Blog: http://www.hboeck.de/ GPG: 3DBD3B20 Jabber/Mail: hanno@hboeck.de