On Fri, 2010-04-16 at 16:00 -0400, Christopher X. Candreva wrote: > Older versions of clamd were going to crash on signatures that newer > versions would accept, and the devs have been prevented for at least 6 > months from using that type of signature. They have posted since then for > people to upgrade. > > When they did was publish this type of signature (has to do with length, > greater than about 900bytes), where the signature itself is an error > message, so when the program dumped the signature the error would be > displayed. > > That's all, not a kill switch as such, but using a known bug to deliver a > message, rather than have it just bomb out with a hex dump when they tried > to use a larger signature.
Exactly! Again, one of the first messages today showed exactly that. The error message which it dies with is: cli_hex2str(): Malformed hexstring: This ClamAV version has reached End of Life! Please upgrade to version 0.95 or later. For more information see www.clamav.net/eol-clamav-094 and www.clamav.net/download As you can see there isn't a "kill switch", but a bug in the parser 0.94 which doesn't handle the type of signature which they plan to use in the future. 0.95 just ignores this new signature, as it will do with the actual malware signatures which will be coming soon. -- Chris _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
