Our system is running Linux with Sendmail-8.14.6.
Last week we upgraded ClamAV from 0.98.1 to 0.98.3 without changing
the build options :
sh ./configure --prefix=<PREFIX> --enable-shared
--disable-experimental --enable-milter
The config files are kept unchanged too.
As we perform vulnerability scan using OpenVAS-6, a couple of "High"
risks are reported :
> smtp (25/tcp) / submission (587/tcp)
> High (CVSS: 7.2) NVT: SMTP antivirus scanner DoS (OID:
> 1.3.6.1.4.1.25623.1.0.11036)
>
> The file 42.zip was sent 2 times. If there is an antivirus in your MTA, it
> might have crashed.
> Please check its status right now, as it is not possible to do so remotely
>
> Vulnerability Detection Method
> Details: SMTP antivirus scanner DoS (OID: 1.3.6.1.4.1.25623.1.0.11036)
But we've verified that ClamAV milter was still running as before.
When using ClamAV-0.98.1, the scan report reads :
> smtp (25/tcp) / submission (587/tcp)
> Log (CVSS: 7.2) NVT: SMTP antivirus scanner DoS (OID:
> 1.3.6.1.4.1.25623.1.0.11036)
>
> For some reason, we could not send the 42.zip file to this MTA
>
> Vulnerability Detection Method
> Details: SMTP antivirus scanner DoS (OID: 1.3.6.1.4.1.25623.1.0.11036)
Does it mean that ClamAV-0.98.3 is vulnerable to the said DoS attack ?
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml
