On Sat, Jun 7, 2014 at 3:05 AM, Al Varnell <alvarn...@mac.com> wrote:
> Based on the subject document < > https://www.openssl.org/news/secadv_20140605.txt> what, if any > vulnerabilities are applicable to the ClamAV® scan engine? > Hey Al, Since we use OpenSSL purely for generating hashes, the recent vulnerabilities regarding OpenSSL do not apply to ClamAV. We also, by default, dynamically link to OpenSSL. This allows end users and system administrators to decide their own upgrading schedule. If an end user or system administrator decided to force ClamAV to statically link in OpenSSL, ClamAV will need to be recompiled to pull in the updated OpenSSL (just like any other statically-linked program). TL;DR: ClamAV is not affected by the recent OpenSSL vulnerability disclosures. Thanks, Shawn _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
