The FirePass controller can be configured to provide anti-virus scanning of files uploaded through Portal Access through the ClamAV open source software. Scanning is configured on the Antivirus tab of the Portal Access: Content Inspection page, through the Enable Standalone virus Scanner option button.
A vulnerability in ClamAV versions prior to version 0.91.2 could allow a remote attacker to crash the scanner process remotely or execute arbitrary commands remotely using a specially crafted SMTP header of an email message. The vulnerability affects the clamav-milter program, when used in conjunction with the Sendmail mail transfer agent package.
The FirePass controller does not use the clamav-milter program for Sendmail. Therefore, the FirePass controller is not vulnerable to the issue described in CVE-2007-4160.
Information about this issue is available at the following location: