Antivirus scanning update for WMF
I hung on to the last batch of 20 wmf exploit samples I had been working with for the purpose of testing my clamantivirus install against them to see when “full detection” of all 20 had been acheived. Last night, with version 1227 of the daily.cvd database, they were still detecting 8 out of the 20. Now, the signatures seem to have improved as with version 1228 of daily.cvd clamav detects all 20 as Exploit.WMF.Gen-3 FOUND
This improves the chances that those using squid with clamav scanning for web browsing have a better chance against it. That’s good news.
The bad news is that there’s been an update to the metasploit module for this exploit since those were created. Unfortunately Clamantivirus is now 0 for 20 with files from the new module. The metasploit update was reported to breeze pass current IDS signatures. Not good.