Re: [tlug] Clamav reports a virus: Exploit.Gif.PHPembedded

["Edmund Edgar" <lists@example.com>]

2008/6/5 Hung Nguyen Vu <vuhung16plus+shape@example.com>:

> What do you mean by "execute the file"?
> PHP can not execute the file, IIRC. All PHP Exif APIs can do is that read
> JPEG's comment, and if we want, print it out. So if we just print/echo
> the comment,
> the malicious code will be executed by PHP.

I'm talking about what happens if the jpeg file with the PHP content
in it gets run by the PHP interpreter. The PHP interpreter wouldn't
know it was an image file - it would just execute everything inside
the <?php ?> tags and print out everything else.

For example, if you ran PHP from the command line against that image
file with something like:
php yourimage.jpg
...you'd get something like
[a load of binary junk]
.
..
various
files
in
your
current
directory
[a load more binary junk]

Likewise, if you put the file up on a website with PHP enabled and
loaded it in a web browser, you'd get some binary junk, followed by a
directory listing, followed by some more binary junk.

Hope that makes sense.

Edmund