Research team creates Day Zero defense against vulnerability in widely used open source gateway and client anti-virus software
SUNNYVALE, Calif., April 12 / / -- SonicWALL, Inc. (NASDAQ:SNWL) today issued a Gateway Anti-Virus signature for users of its Internet threat prevention technology to enable day zero protection from a vulnerability in Clam AntiVirus (ClamAV). The vulnerability in the widely used ClamAV open source gateway and client anti-virus software could lead to unauthorized hackers taking control of a user's system. SonicWALL uses proprietary gateway anti-virus, which is not affected by this vulnerability.
"The vulnerability could potentially be used to crash or even possibly reconfigure a device using ClamAV," said Boris Yanovsky, vice president of services engineering at SonicWALL. "A hacker could send an e-mail with an attachment to a vulnerable appliance and, when the appliance checks the attachment for viruses, the executable would instead completely take over the appliance."
The Clam AntiVirus Win32-UPX Heap Overflow vulnerability is due to a heap overflow error in "libclamav/upx.c" when scanning malformed UPX-packed executables. This could be exploited by an unauthenticated remote attacker to execute arbitrary commands or crash an affected application by sending an e- mail containing a specially crafted UPX file to a system running ClamAV.
SonicWALL has deployed a signature for its Unified Threat Management (UTM) devices that blocks potential ClamAV Heap Overflow exploits at the gateway. SonicWALL, named leader in unit share and factory revenues for security appliances worldwide for the fourth consecutive quarter, according to IDC's Worldwide Q4 Security Appliance Tracker(1), delivers zero day gateway anti- virus and intrusion prevention signatures to its subscribers on a continual basis, to defend against new and existing Internet attacks and exploit.
Customers with a current subscription to SonicWALL's gateway threat prevention services are not affected by this vulnerability. Further information on Clam AntiVirus Win32-UPX Heap Overflow is available at http://software.sonicwall.com/applications/ips/index.asp?ev=sig&sigid=3166
About SonicWALL, Inc.
Founded in 1991, SonicWALL, Inc. designs, develops and manufactures comprehensive network security, email security, secure remote access, and continuous data protection solutions. Offering both appliance-based products as well as value-added subscription services, SonicWALL's comprehensive solutions enable organizations to secure deep protection without compromising network performance. For more information, contact SonicWALL at +1 (408) 745-9600 or visit the company web site at http://www.sonicwall.com/.
(1) "Source: IDC WW Quarterly Security Appliance Tracker, Q4, March 2006"
Source: SonicWALL, Inc.
CONTACT: Mary McEvoy of SonicWALL, Inc., +1-408-962-7110 or
Web site: http://www.sonicwall.com/