SonicWALL Protects Users From ClamAV Vulnerability Research team creates Day Zero defense against vulnerability in widely used

open source gateway and client anti-virus software



    SUNNYVALE, Calif., April 12 /PRNewswire-FirstCall/ -- SonicWALL, Inc.
 (Nasdaq:   SNWL) today issued a Gateway Anti-Virus signature for users of its
 Internet threat prevention technology to enable day zero protection from a
 vulnerability in Clam AntiVirus (ClamAV). The vulnerability in the widely
 used ClamAV open source gateway and client anti-virus software could lead
 to unauthorized hackers taking control of a user's system. SonicWALL uses
 proprietary gateway anti-virus, which is not affected by this
 vulnerability.
     "The vulnerability could potentially be used to crash or even possibly
 reconfigure a device using ClamAV," said Boris Yanovsky, vice president of
 services engineering at SonicWALL. "A hacker could send an e-mail with an
 attachment to a vulnerable appliance and, when the appliance checks the
 attachment for viruses, the executable would instead completely take over
 the appliance."
     The Clam AntiVirus Win32-UPX Heap Overflow vulnerability is due to a
 heap overflow error in "libclamav/upx.c" when scanning malformed UPX-packed
 executables. This could be exploited by an unauthenticated remote attacker
 to execute arbitrary commands or crash an affected application by sending
 an e- mail containing a specially crafted UPX file to a system running
 ClamAV.
     SonicWALL has deployed a signature for its Unified Threat Management
 (UTM) devices that blocks potential ClamAV Heap Overflow exploits at the
 gateway. SonicWALL, named leader in unit share and factory revenues for
 security appliances worldwide for the fourth consecutive quarter, according
 to IDC's Worldwide Q4 Security Appliance Tracker(1), delivers zero day
 gateway anti- virus and intrusion prevention signatures to its subscribers
 on a continual basis, to defend against new and existing Internet attacks
 and exploit.
     Customers with a current subscription to SonicWALL's gateway threat
 prevention services are not affected by this vulnerability. Further
 information on Clam AntiVirus Win32-UPX Heap Overflow is available at
 http://software.sonicwall.com/applications/ips/index.asp?ev=sig&sigid=3166
     About SonicWALL, Inc.
     Founded in 1991, SonicWALL, Inc. designs, develops and manufactures
 comprehensive network security, email security, secure remote access, and
 continuous data protection solutions. Offering both appliance-based
 products as well as value-added subscription services, SonicWALL's
 comprehensive solutions enable organizations to secure deep protection
 without compromising network performance. For more information, contact
 SonicWALL at +1 (408) 745-9600 or visit the company web site at
 http://www.sonicwall.com/.
     Safe Harbor Regarding Forward-Looking Statements
     Certain statements in this press release are "forward-looking
 statements" within the meaning of the Private Securities Litigation Reform
 Act of 1995. The forward-looking statements include but are not limited to
 statements regarding our ability to protect users from the Clam AntiVirus
 (ClamAV) Win32- UPX Heap Overflow vulnerability and our ability to launch
 day zero gateway anti-virus threat prevention to users to defend against
 attacks. These forward-looking statements are based on the opinions and
 estimates of management at the time the statements are made and are subject
 to certain risks and uncertainties that could cause actual results to
 differ materially from those anticipated in the forward-looking
 statements.. In addition, please see the "Risk Factors" described in our
 Securities and Exchange Commission filings, including our Annual Report on
 Form 10-K for the year ended December 31, 2005, for a more detailed
 description of the risks facing our business. All forward-looking
 statements included in this release are based upon information available to
 SonicWALL as of the date of the release, and we assume no obligation to
 update any such forward-looking statement. All forward-looking statements
 included in this release are based upon information available to SonicWALL
 as of the date of the release, and we assume no obligation to update any
 such forward-looking statement.
     NOTE: SonicWALL is a registered trademark of SonicWALL, Inc. Other
 product and company names mentioned herein may be trademarks and/or
 registered trademarks of their respective companies.
     (1) "Source: IDC WW Quarterly Security Appliance Tracker, Q4, March
 2006"
 
 

SOURCE SonicWALL, Inc.

Custom Packages

Browse our custom packages or build your own to meet your unique communications needs.

Start today.

 

PR Newswire Membership

Fill out a PR Newswire membership form or contact us at (888) 776-0942.

Learn about PR Newswire services

Request more information about PR Newswire products and services or call us at (888) 776-0942.