Package: clamav Version: 0.99.2+dfsg-0+deb8u2 Severity: important 0.99.3 has been released, see http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html.
This fixed a number of overflow bugs, each of which has assigned CVE numbers due to the potential for denial of service. We've have started seeing unexpected clamd crashes on a high-traffic mail system today, though I've been unable to isolate a test case. It's seems like too much of a coincidence that these crashes start happening the day after a security release was announced. We've implemented mitigations but an updated package would be even better. Cheers! Rob N. -- Package-specific info: --- configuration --- Checking configuration files in /etc/clamav Config file: clamd.conf ----------------------- LogFile = "/var/log/clamav/clamav.log" StatsHostID = "auto" StatsEnabled disabled StatsPEDisabled = "yes" StatsTimeout = "10" LogFileUnlock disabled LogFileMaxSize = "4294967295" LogTime = "yes" LogClean disabled LogSyslog disabled LogFacility = "LOG_LOCAL6" LogVerbose disabled LogRotate = "yes" ExtendedDetectionInfo = "yes" PidFile disabled TemporaryDirectory disabled DatabaseDirectory = "/var/lib/clamav" OfficialDatabaseOnly disabled LocalSocket = "/var/run/clamav/clamd.ctl" LocalSocketGroup = "clamav" LocalSocketMode = "666" FixStaleSocket = "yes" TCPSocket disabled TCPAddr disabled MaxConnectionQueueLength = "15" StreamMaxLength = "26214400" StreamMinPort = "1024" StreamMaxPort = "2048" MaxThreads = "12" ReadTimeout = "180" CommandReadTimeout = "5" SendBufTimeout = "200" MaxQueue = "100" IdleTimeout = "30" ExcludePath disabled MaxDirectoryRecursion = "15" FollowDirectorySymlinks disabled FollowFileSymlinks disabled CrossFilesystems = "yes" SelfCheck = "3600" DisableCache disabled VirusEvent disabled ExitOnOOM disabled AllowAllMatchScan = "yes" Foreground disabled Debug disabled LeaveTemporaryFiles disabled User = "clamav" AllowSupplementaryGroups disabled Bytecode = "yes" BytecodeSecurity = "TrustSigned" BytecodeTimeout = "60000" BytecodeUnsigned disabled BytecodeMode = "Auto" DetectPUA disabled ExcludePUA disabled IncludePUA disabled AlgorithmicDetection = "yes" ScanPE = "yes" ScanELF = "yes" DetectBrokenExecutables disabled ScanMail = "yes" ScanPartialMessages disabled PhishingSignatures = "yes" PhishingScanURLs = "yes" PhishingAlwaysBlockCloak disabled PhishingAlwaysBlockSSLMismatch disabled PartitionIntersection disabled HeuristicScanPrecedence disabled StructuredDataDetection disabled StructuredMinCreditCardCount = "3" StructuredMinSSNCount = "3" StructuredSSNFormatNormal = "yes" StructuredSSNFormatStripped disabled ScanHTML = "yes" ScanOLE2 = "yes" OLE2BlockMacros disabled ScanPDF = "yes" ScanSWF = "yes" ScanXMLDOCS = "yes" ScanHWP3 = "yes" ScanArchive = "yes" ArchiveBlockEncrypted disabled ForceToDisk disabled MaxScanSize = "104857600" MaxFileSize = "26214400" MaxRecursion = "16" MaxFiles = "10000" MaxEmbeddedPE = "10485760" MaxHTMLNormalize = "10485760" MaxHTMLNoTags = "2097152" MaxScriptNormalize = "5242880" MaxZipTypeRcg = "1048576" MaxPartitions = "50" MaxIconsPE = "100" MaxRecHWP3 = "16" PCREMatchLimit = "10000" PCRERecMatchLimit = "5000" PCREMaxFileSize = "26214400" ScanOnAccess disabled OnAccessMountPath disabled OnAccessIncludePath disabled OnAccessExcludePath disabled OnAccessExcludeUID disabled OnAccessMaxFileSize = "5242880" OnAccessDisableDDD disabled OnAccessPrevention disabled OnAccessExtraScanning disabled DevACOnly disabled DevACDepth disabled DevPerformance disabled DevLiblog disabled DisableCertCheck disabled Config file: freshclam.conf --------------------------- StatsHostID disabled StatsEnabled disabled StatsTimeout disabled LogFileMaxSize = "4294967295" LogTime = "yes" LogSyslog disabled LogFacility = "LOG_LOCAL6" LogVerbose disabled LogRotate = "yes" PidFile disabled DatabaseDirectory = "/var/lib/clamav" Foreground disabled Debug disabled AllowSupplementaryGroups disabled UpdateLogFile = "/var/log/clamav/freshclam.log" DatabaseOwner = "clamav" Checks = "24" DNSDatabaseInfo = "current.cvd.clamav.net" DatabaseMirror = "db.local.clamav.net", "database.clamav.net" PrivateMirror disabled MaxAttempts = "5" ScriptedUpdates = "yes" TestDatabases = "yes" CompressLocalDatabase disabled ExtraDatabase disabled DatabaseCustomURL disabled HTTPProxyServer disabled HTTPProxyPort disabled HTTPProxyUsername disabled HTTPProxyPassword disabled HTTPUserAgent disabled NotifyClamd = "/etc/clamav/clamd.conf" OnUpdateExecute disabled OnErrorExecute disabled OnOutdatedExecute disabled LocalIPAddress disabled ConnectTimeout = "30" ReceiveTimeout = "30" SubmitDetectionStats disabled DetectionStatsCountry disabled DetectionStatsHostID disabled SafeBrowsing disabled Bytecode = "yes" clamav-milter.conf not found Software settings ----------------- Version: 0.99.2 Optional features supported: MEMPOOL IPv6 FRESHCLAM_DNS_FIX AUTOIT_EA06 BZIP2 LIBXML2 PCRE ICONV JSON RAR JIT Database information -------------------- Database directory: /var/lib/clamav bytecode.cld: version 283, sigs: 53, built on Thu Jun 23 15:01:37 2016 daily.cld: version 22385, sigs: 730021, built on Tue Oct 18 05:56:58 2016 main.cvd: version 57, sigs: 4218790, built on Wed Mar 16 23:17:06 2016 Total number of signatures: 4948864 Platform information -------------------- uname: Linux 4.9.37-fm64 #1 SMP Fri Jul 14 10:59:57 UTC 2017 x86_64 OS: linux-gnu, ARCH: x86_64, CPU: x86_64 Full OS version: Debian GNU/Linux 8.8 (jessie) zlib version: 1.2.8 (1.2.8), compile flags: a9 Triple: x86_64-pc-linux-gnu CPU: corei7, Little-endian platform id: 0x0a2152520804090201040902 Build information ----------------- GNU C: 4.9.2 (4.9.2) GNU C++: 4.9.2 (4.9.2) CPPFLAGS: -D_FORTIFY_SOURCE=2 CFLAGS: -g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security -Wall -D_FILE_OFFSET_BITS=64 -fno-strict-aliasing -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE CXXFLAGS: LDFLAGS: -fPIE -pie -Wl,-z,relro -Wl,-z,now -Wl,--as-needed Configure: '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=/usr/include' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--libexecdir=/usr/lib/clamav' '--disable-maintainer-mode' '--disable-dependency-tracking' 'CFLAGS=-g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security -Wall -D_FILE_OFFSET_BITS=64' 'CPPFLAGS=-D_FORTIFY_SOURCE=2' 'CXXFLAGS=-g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security -Wall -D_FILE_OFFSET_BITS=64' 'LDFLAGS=-fPIE -pie -Wl,-z,relro -Wl,-z,now -Wl,--as-needed' '--with-dbdir=/var/lib/clamav' '--sysconfdir=/etc/clamav' '--disable-clamav' '--disable-unrar' '--enable-milter' '--enable-dns-fix' '--with-libjson' '--with-gnu-ld' '-with-system-llvm=/usr/bin/llvm-config' '--with-llvm-linking=dynamic' '--with-systemdsystemunitdir=/lib/systemd/system' 'build_alias=x86_64-linux-gnu' sizeof(void*) = 8 Engine flevel: 82, dconf: 82 --- data dir --- total 154708 -rw-r--r-- 1 sshd clamav 446464 Jun 23 2016 bytecode.cld -rw-r--r-- 1 sshd clamav 48823808 Oct 18 2016 daily.cld -rw-r--r-- 1 sshd clamav 109143933 Apr 8 2016 main.cvd -rw------- 1 sshd clamav 936 Oct 18 2016 mirrors.dat -- System Information: Debian Release: 8.8 APT prefers oldstable APT policy: (500, 'oldstable') Architecture: amd64 (x86_64) Kernel: Linux 4.9.37-fm64 (SMP w/16 CPU cores) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/bash Init: sysvinit (via /sbin/init) Versions of packages clamav depends on: ii clamav-freshclam [clamav-data] 0.99.2+dfsg-0+deb8u2 ii libc6 2.19-18+deb8u9 ii libclamav7 0.99.2+dfsg-0+deb8u2 ii libcurl3 7.38.0-4+deb8u8 ii libssl1.0.0 1.0.1t-1+deb8u6 ii zlib1g 1:1.2.8.dfsg-2+b1 Versions of packages clamav recommends: ii clamav-base 0.99.2+dfsg-0+deb8u2 Versions of packages clamav suggests: pn clamav-docs <none> -- no debconf information
