On Monday 31 December 2007 8:07 am, Sarocet wrote: > Chris wrote: > > Saw this link at SANS today, anything to it? > > > > http://seclists.org/fulldisclosure/2007/Dec/0625.html > > > > Or is this a rehash of something already known about > > I'm not a clam developer, but here's my view about them: > > It lists three "vulnerabilities" > 1- cli_gentempfd is vulnerable to a race condition attack. > It's a bug. O_EXCL needs to be added to libclamav/others.c line 847. Not > fixed yet on trunk. > Attacker needs a local account. > > I'm attaching a patch for it, so you can patch and rebuild your version. > > 2- ClamAV fails to properly check for base64-UUEncoded files, allowing > bypassing of the scanner through the use of such files. > > Not really a bug. Having ClamAV check those files would be an *enhacement*. > > 3- Sigtool utility overwrites files when utf16-decoding. > I'm not sure that it's a vulnerability. It's run by the user, which > could be willing to overwrite it. > Adding an "overwriting file" warning would be a good idea, but denying > to write an existing file > could break some scripts (and if you were to add an overwrite flag the > "danger" is exactly the same as now). > Only dangerous if you have sigtool suid.
Thanks, I'm not running a server here, just use ClamAV here on my home desktop in with Spamassassin, basically as a tool to catch and report spam and virus's to the offending ISP's, etc.. Chris -- Chris KeyID 0xE372A7DA98E6705C
pgpTGAWtMWajq.pgp
Description: PGP signature
_______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
