SOL7985 - ClamAV clamav-milter vulnerability - CVE-2007-4560

2007-09-27T00:00:00
ID SOL7985
Type f5
Reporter f5
Modified 2013-03-19T00:00:00

Description

The FirePass controller can be configured to provide anti-virus scanning of files uploaded through Portal Access through the ClamAV open source software. Scanning is configured on the Antivirus tab of the Portal Access: Content Inspection page, through the Enable Standalone virus Scanner option button.

A vulnerability in ClamAV versions prior to version 0.91.2 could allow a remote attacker to crash the scanner process remotely or execute arbitrary commands remotely using a specially crafted SMTP header of an email message. The vulnerability affects the clamav-milter program, when used in conjunction with the Sendmail mail transfer agent package.

The FirePass controller does not use the clamav-milter program for Sendmail. Therefore, the FirePass controller is not vulnerable to the issue described in CVE-2007-4160.

Information about this issue is available at the following location:

<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4560>