Posts tagged ClamAV
Third scenario of the Metasploit Exploitation Scenarios.
Here, the user is a standard user, protected by 5 countermeasures :
– Firewall rules how limit the outbound connexions only on special ports.
– Transparent HTTP/S Proxy for web surfing.
– Dual antivirus (Avira / Clamav) scanning for web surfing (useless in the case, due to the Astaro bugs).
– Dr.Web Antivirus on the target Windows XP.
– Windows Firewall on the target Windows XP.
We have experience some issues with Clamav antivirus when trying accessing Yahoo or Apple websites. The access is denied with the “Virus ‘HTML.IFrame-39’ found” message.
The “HTML.IFrame-39” pattern was introduced in the 10766 daily Clamav DB update, dated from Apr 20, 2010, 8:10 PM.
Submission notes: Email link leads to a URL not found.
Maybe some more websites are affected by this false positive.
Here under a list of websites affected : http://uk.yahoo.com, http://fr.yahoo.com, http://www.apple.com, http://www.lenovo.com, http://www.aqa.org.uk, http://www.alice-dsl.de, http://www.sky.de