Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CALx_OUB_dVWkY6LVVXguoC27moKgVb+3-iVZ15Z_X4EJCFYPWw@mail.gmail.com>
Date: Tue, 18 Nov 2014 22:41:05 -0800
From: Michal Zalewski <lcamtuf@...edump.cx>
To: oss-security <oss-security@...ts.openwall.com>
Subject: Re: RE: [security-vendor] Re: Fuzzing
 findings (and maybe CVE requests) - Image/GraphicsMagick, elfutils, GIMP,
 gdk-pixbuf, file, ndisasm, less

> Speaking of fuzzing so that clamav issue, was triggered by a file that
> existed in public since 2010 or so (at least that's what virustotal had
> for the first submission date). So you'd think based on what people use
> clamav for it would have been heavily fuzzed by now (scanning all sorts
> of random/malicious input) but I guess people don't report stuff upstream.

Tavis looked at several commercial AV engines some time ago, I think
it wasn't pretty. I suspect that clamav may be very much worth fuzzing
or auditing.

/mz

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.