Secunia Security Advisory - Tavis Ormandy has reported multiple vulnerabilities in Sophos Anti-Virus, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to conduct cross-site scripting attacks and compromise a user's system.
b08a7c2470ab6518631923185870143cd4ca98e17ae244daa22662ea9f1a6633
By design, antivirus products introduce a vast attack surface to a hostile environment. The vendors of these products have a responsibility to uphold the highest secure development standards possible to minimize the potential for harm caused by their software. This second paper in a series on Sophos internals applies the results previously presented to assess the increased threat Sophos customers face. This paper is intended for a technical audience, and describes the process a sophisticated attacker would take when targeting Sophos users.
6e947610a5f61d4dfef968f6267c1b7f69d040adf4a3f5f08d7edf9ebe6f3000
The Kindsight Security Labs Q3 2012 Malware Report examines general trends for malware infections in home networks or infections in mobile devices and computers connected through mobile adapters. The data in this report is aggregated across the networks where Kindsight solutions are deployed.
4358fac16115036cd5347643c7df24ea0a1c9963e8d996174c8561f908070ef5
Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a commandline scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.
a15a2bb9200ac9f2c6f1c5e1072ac265a2c4fe5a9be4663b47d076afdfa123f8
Secunia Security Advisory - Artem Chaykin has reported a vulnerability in Dr.Web Anti-virus for Android, which can be exploited by malicious people to disclose sensitive information.
ccac48f9b1e4e5e39edf8c44ef436c8187f7bce3c4538e66ff4b1d8dd6e50587
Dr.Web Anti-Virus versions 7.00.0 and below suffer from a remote SQL injection vulnerability.
1f26f1d9a0c53d31cf524b8a8317a2acbba4e04bbcfa37d8609fe95557379ad4
VirusScan Enterprise Antivirus product may have a bug (or a vulnerability) in its parser that can lead to wrong action status messages and reports, malicious file scan bypass, and name spoofing by adding the magic line to the beginning of the file header.
2245ea07c6a13e3cfa317e75e1bd13e79210f3bafacb32336208b8c41a1e3a8f
Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a commandline scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.
db6c5e1a5ec8ca0b8006cf82661d3158d3365ba1b4bc14c03c5d0bca89a93c0d
ClamSAP consists of two C shared libraries that link between ClamAV and the Virus Scan Interface (VSI) of SAP (official name: NW-VSI). A SAP application can use the ClamAV engine to scan for malicious uploads in HTTP uploads, for example.
4cc0cb65a43b084856fe6c79649ded144d8b596d567a16eaa32c9ede9bc42ab4
HP Security Bulletin HPSBPV02754 SSRT100803 - A potential security vulnerability has been identified with certain HP ProCurve 5400 zl switches containing compact flash cards which may be infected with a virus. Reuse of an infected compact flash card in a personal computer could result in a compromise of that system's integrity. Revision 1 of this advisory.
aa894cef3a0c2ea1f2d4d52dda2a5961a24ed2dc9729d8ce131a84f0c7de1ae2
Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a commandline scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.
958dd09c9da9ceb50c9e556b3ced9cbdf40e836d2bdc98286ce96e84fd4a5a53
Barracuda Spam/Virus WAF 600 suffers from a cross site scripting vulnerability.
7be3777e4289e96e5e7b2bf2cec69b4513fe8bef931de3ae26a8d16cf5177ebf
This malware report is part 1 of 2. This report is an effort to track, categorize, contain, understand root cause and infection vector of said user account/s, networked equipment or computer/s. This report pertains to all incidents reported by TIER II help desk, TIER III engineers, customer complaints or random IT Security audit/finding/pen test.
8ace29513474b3ae5ebf23335d1c8782b885f19d4f5db31bcf348fcb6e7db1b8
Kaspersky Internet Security 2011/2012 and Kaspersky Anti-Virus 2011/2012 suffer from a local memory corruption vulnerability.
18c23b61b3a5130f1676e81339edfa843b2843bccb7b7083fd3c502bd069ce8e
Whitepaper called Anti-Virus Evasion Techniques. Some of the techniques discussed are binding and splitting, converting exe to executable client side scripts, and performing code obfuscation/morphing.
a67e9dfc2edc6ef44c9c82a4132902d3b4329e23e0b4c682cc1ef2191fb41ee3
The SAP NetWeaver Virus Scan interface suffers from multiple cross site scripting vulnerabilities.
bb8285b3a50293e1b7955490ff1a6f95c2a536a27d3d98b985e8678a317a3799
Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a commandline scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.
3a8cece5b7e6b15410f6b8f96ff5591b2c5a72f290ee8a28fefda44cb5ae7aba
The service at anti-virus.cloudflare.com suffers from a cross site scripting vulnerability.
b6ee5497426ebce31868121289c9ae738ae0ad5026abab52cd9dbc4650ad8848
Qmail-Scanner, (previously known as scan4virus) is an addon that enables a Qmail Email server to scan all gatewayed Email for certain characteristics. It is typically used for its anti-virus protection functions, in which case it is used in conjunction with commercial virus scanners, but also enables a site to react to Email (at a server/site level) that contains specific strings in particular headers, or particular attachment filenames or types.
b6c430c81efd41bd28e56fb60e6e1ecbd98e44346c2faad69ff164960f042247
Whitepaper called "Embedding the Payload" or "How to avoid AV-Detection". The main goal of this paper focuses on how to undermine system integrity by circumventing anti-virus detection.
14edf4f453f8794728b0ac49c1d1ae57bab9b38e68a39ab9849188b3c9dd702d
F-Secure Anti-Virus 2010 / 2011 and Internet Security 2010 / 2011 active-x SEH overwrite exploit.
b38eddf800c45049b97bae2be28253121ba1933544a054983303e953ef2b916f
This paper describes the results of a thorough examination of Sophos Antivirus internals. The author presents a technical analysis of claims made by the vendor, and publishes the tools and reference material required to reproduce their results. Furthermore, they examine the product from the perspective of a vulnerability researcher, exploring the rich attack surface exposed, and demonstrating weaknesses and vulnerabilities.
57ecb0848e5b99ef5678dc00d7aabb2718195a8bb23f387f2d5ff429df854455
Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a commandline scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.
91503f8cff482cac1f2c951c5d62a7da8a17ba3b32eb8fa2800e29c03c7cd58a
Whitepaper called Fake Malware and Virus Scanners. Rogue security software reports a virus infection, even if your computer is clean. This kind of "software" could also fail to report viruses when your computer is infected. This document show what are the mechanisms to obfuscate this process.
0305582fef0a334d0098bff6db770a8a71c665735a44588fdd53e7b219351d8c
Whitepaper called Client-Side Threats - Anatomy of Reverse Trojan Attacks. Client-side vulnerabilities are among the biggest threats facing users. Attackers are going after weaknesses in desktop applications such as browsers, media players, common office applications and e-mail clients to install malicious software, often Trojan horses and rootkits. This document explains in detail these threats while how to prevent them.
2c1afb10f1f364d84902aa704ae75b54b7d538279adb0348248fba3c6e22acf9