Несколько запоздало - ЗАРАЗА уже писал об этом, но по ссылке можно найти
статью-первоисточник, в которой говорится, в частности, и о DoS в ClamAV, и
есть скрипт для генерации кривых MIME-писем
> -----Original Message-----
> From: Hendrik Weimer [mailto:hendrik@xxxxxxx]
> Sent: Wednesday, December 06, 2006 5:24 PM
> To: bugtraq@xxxxxxxxxxxxxxxxx; tkojm@xxxxxxxxxx;
> info@xxxxxxxxxxxxx; info@xxxxxxxxxxxx
> Subject: Multiple Vendor Unusual MIME Encoding Content Filter Bypass
>
> Several e-mail virus scanners can be tricked into passing an EICAR
> test file if the following conditions are met:
>
> 1. the EICAR file is encoded in Base64 including characters not in the
> standard alphabet (e.g. whitespaces) and
> 2. the part containing the EICAR file is nested within one or several
> levels of multipart/mixed content.
>
> Details and PoC can be found at:
>
>
> Vulnerable products:
> - BitDefender Mail Protection for SMB 2.0
> - ClamAV 0.88.6
> - F-Prot Antivirus for Linux x86 Mail Servers 4.6.6
> - Kaspersky Anti-Virus for Linux Mail Server 5.5.10
>
> Not recognizing the EICAR file, but aborting the scan:
> - F-Secure Anti-Virus for Linux Gateways 4.65
>
> Not vulnerable:
> - avast! for Linux/Unix Servers 2.0.0
>
