My ClamAV scan (engine version: 0.99.2) just found the following:
I uploaded the file to https://www.virustotal.com and received a 0/54 detection ratio (their ClamAV rated the file harmless). The file was identified as billion-laughs.xml, which is an XML bomb or Exponential Entity Expansion attack per https://en.wikipedia.org/wiki/Billion_laughs. I checked the content of the file and it is an exponential entity expansion.
Has anyone else seen this? I am trying to figure out if freebsd-update really installed this file or not. The file timestamp reads Nov 3 2014.
Code:
/var/db/freebsd-update/files/c822bfa33df8b376f97c676f60f601bd091b3cfc51b4bcb73f01c6308432d37b.gz: Xml.Exploit.CVE_2013_3860-1 FOUND
I uploaded the file to https://www.virustotal.com and received a 0/54 detection ratio (their ClamAV rated the file harmless). The file was identified as billion-laughs.xml, which is an XML bomb or Exponential Entity Expansion attack per https://en.wikipedia.org/wiki/Billion_laughs. I checked the content of the file and it is an exponential entity expansion.
Has anyone else seen this? I am trying to figure out if freebsd-update really installed this file or not. The file timestamp reads Nov 3 2014.