SonicWall Capture Labs Threat Research Team became aware of the ClamAV VirusEvent command injection vulnerability (CVE-2024-20328), assessed its impact, and developed mitigation measures for the vulnerability.
ClamAV is a notable, open-source anti-virus engine, widely recognized for its comprehensive suite of security solutions. It offers an array of features, including web and email scanning capabilities, endpoint security, a multi-threaded daemon, command line scanning tools, and an automatic database update service. The software boasts extensive support for various file formats, including zip, PE, rar, dmg, tar, GZIP, Bzip2, OLE2, MS Office and pdf, among others.
Read more…
Source: SonicWall