ClamAV Vulnerable to WinRAR critical vulnerability
Take action: If you are running ClamAV on your email gateways or in your products, time to update the version. Quickly, since all it takes is a malicious archive to be sent for your system to be compromised.
Learn More
ClamAV, a valued open-source product in the antivirus e-mail scanning for mail gateways is potentially vulnerable to the WinRAR vulnerability CVE-2023-40477.
Clam AntiVirus, is an open-source antivirus software designed to detect and mitigate various forms of malware, including viruses, trojans, worms, and other malicious software threats. It is particularly known for its effectiveness in scanning email attachments, making it a popular choice for email gateway systems
The original vulnerability allows for potential execution arbitrary commands on a target computer system by exploiting a flaw when opening a specially crafted RAR file. In simple terms, if an attacker sends the victim a malicious RAR file, the victim will be compromised by simply opening the archive.
In the context of ClamAV, the vulnerability revolves around "UnRAR," an open-source library developed by WinRAR's creators. This library, known as "libclamunrar," is integrated into ClamAV. ClamAV has expressed concern that the library "libclamunrar" might be affected by CVE-2023-40477.
Since ClamAV will automatically unpack an archive in emails to scan the contents, an attacker can compromise the email gateway that runs ClamAV by simply sending a malicious email to the gateway.
The vulnerability impacts ClamAV versions 1.1.x prior to 1.1.2, 1.0.x prior to 1.0.3, and 0.103.x earlier than 0.103.10. To address this issue, ClamAV has released versions 1.2.0 and 1.1.1, along with 1.0.2 and 0.103.10, to patch the vulnerability. Users of ClamAV are advised to promptly update to the latest version to mitigate potential risks.
