That's because you've gotten to the heart of the matter. There's no real bug or code related vulnerability here; it's a user-side network hardening issuing combined with a misunderstanding of clamd configuration options that allows for this attack surface to exist.
As Steve has already pointed out, sound network security practices make this a non-issue. Among other things, we're looking into improving the configuration experience in coming releases of Clam, but for now, there's already a solution to this problem. - Mickey On Thu, Sep 28, 2017 at 5:23 PM, Reindl Harald <h.rei...@thelounge.net> wrote: > > > Am 28.09.2017 um 23:02 schrieb Steven Morgan: > >> The fact that using clamd over TCP has insecurities has come up before. If >> using clamd, it is recommended to use the local socket option rather than >> a >> TCP socket. >> >> # The daemon can work in local mode, network mode or both. >> # Due to security reasons we recommend the local mode. >> >> Until it is fixed, only use TCP sockets on externally secured networks >> > > sorry, but that is hardly related to whatever bug and can be said for any > service in general > > _______________________________________________ > clamav-users mailing list > clamav-users@lists.clamav.net > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml > _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
