CVE-2008-5525

Name of the Vulnerable Software and Affected Versions ClamAV versions 0.93.1 through 0.94.1

Description The issue allows remote attackers to bypass detection of malware in an HTML document. This can be achieved by placing an MZ header at the beginning of the document and modifying the filename to have no extension, a .txt extension, or a .jpg extension.

Recommendations For ClamAV versions 0.93.1 through 0.94.1, consider updating the malware detection rules to properly handle HTML documents with modified filenames and MZ headers. As a temporary workaround, restrict the handling of files with no extension, .txt extension, or .jpg extension to minimize the risk of exploitation.