Randal, Phil wrote:
> [EMAIL PROTECTED] wrote:
>> There is an article on eWeek.com today concerning "instability" in AV
>> software due to the impossibility of adequately testing updates when
>> releasing them as quickly as they are needed
>> (www.eweek.com/article2/0,1895,2240656,00.asp?kc=EWKNLIN
[EMAIL PROTECTED] wrote:
> There is an article on eWeek.com today concerning "instability" in AV
> software due to the impossibility of adequately testing updates when
> releasing them as quickly as they are needed
> (www.eweek.com/article2/0,1895,2240656,00.asp?kc=EWKNLINF010208STR3).
>
Just to
David F. Skoll wrote:
> Dennis Peterson wrote:
Does any admin actually run this stuff without setting the temp
directory ahead of time?
>>> I bet the vast majority do.
>
>> I don't include Linux babies in that...
>
> :-)
>
> I bet the vast majority of FIRE-BREATHING REAL UNIX MEN who r
Dennis Peterson wrote:
>>> Does any admin actually run this stuff without setting the temp
>>> directory ahead of time?
>> I bet the vast majority do.
> I don't include Linux babies in that...
:-)
I bet the vast majority of FIRE-BREATHING REAL UNIX MEN who run Clam...
... do not bother changing
David F. Skoll wrote:
> Dennis Peterson wrote:
>
>> Does any admin actually run this stuff without setting the temp
>> directory ahead of time?
>
> I bet the vast majority do.
I don't include Linux babies in that...
>
>> This problem is as old as Unix.
>
> Indeed.
>
>> It is an operator issu
Dennis Peterson wrote:
> Does any admin actually run this stuff without setting the temp
> directory ahead of time?
I bet the vast majority do.
> This problem is as old as Unix.
Indeed.
> It is an operator issue.
No, I disagree. It's a design flaw in UNIX. UNIX should have
per-userid /tmp n
On Wednesday 02 January 2008 1:57 pm, Tomasz Kojm wrote:
> On Sun, 30 Dec 2007 21:49:11 -0600
>
> Chris <[EMAIL PROTECTED]> wrote:
> > Saw this link at SANS today, anything to it?
> >
> > http://seclists.org/fulldisclosure/2007/Dec/0625.html
> >
> > Or is this a rehash of something already known ab
David F. Skoll wrote:
> I think we all need to calm down.
>
> "Vulnerability" #1: Yes, cli_gentemp has a theoretical race condition.
> Is it theoretically exploitable? Sure. Is it *likely* to be exploited
> in the real world? No. You have to guess 128 bits of mildly-good random
> data. That's
I think we all need to calm down.
"Vulnerability" #1: Yes, cli_gentemp has a theoretical race condition.
Is it theoretically exploitable? Sure. Is it *likely* to be exploited
in the real world? No. You have to guess 128 bits of mildly-good random
data. That's quite unlikely.
"Vulnerability"
>As root
>
> audit2allow -M mypol -i /var/log/audit/audit.log
> semodule -i mypol.pp
>
>This will go through your audit log and enable everything blocked by
>SELINUX. (It's a good idea to make sure that you want everything
>blocked so far permitted.)
>
>- --
>
> Steve
Thanks Steve,
I'll try
Am 03.01.2008 um 01:20 schrieb Roflek of TK53:
> On Jan 3, 2008 12:48 AM, Christoph Cordes <[EMAIL PROTECTED]> wrote:
>> Let's leave the technical part out, since this is not a technical
>> issue as it seems. Tomasz did not deny anything, he just said that
>> this are minor issues. I fully unders
On Jan 3, 2008 12:48 AM, Christoph Cordes <[EMAIL PROTECTED]> wrote:
> Let's leave the technical part out, since this is not a technical
> issue as it seems. Tomasz did not deny anything, he just said that
> this are minor issues. I fully understand that your ego gets pushed
> by seeing your nick i
Phil Chambers wrote:
> I have a strange situation which I can't explain.
>
> I have an Internet-facing front-end server using exim with ClamAV. I also
> have
> the Sanesecurity signatures installed. Delivery is achieved by relaying to an
> Exchange server which is behind the firewall.
>
> Som
Am 03.01.2008 um 00:22 schrieb Roflek of TK53:
> On Jan 2, 2008 11:31 PM, Tomasz Kojm <[EMAIL PROTECTED]> wrote:
>> I don't negate your points about O_EXCL etc. I don't negate the
>> thesis in
>> the subject either :-) What I really negate is the FUD you're
>> making with your
>> disclosures,
On Jan 2, 2008 11:31 PM, Tomasz Kojm <[EMAIL PROTECTED]> wrote:
> I don't negate your points about O_EXCL etc. I don't negate the thesis in
> the subject either :-) What I really negate is the FUD you're making with your
> disclosures, some technical details, and the general pointless of making
> a
Steve Holdoway wrote:
> IME patches always get mangled if included in an email, tabs to spaces, etc.
> Putting it in an attachment keeps the internal formatting and usually works.
>
> Just my $0.02,
>
> Steve
>
It was sent as attach. But inline in Ed Kasky reply. Some e-mail clients
will show
> Dear Rofl and Lol as in Lek,
>
> since you didn't bother to contact us before posting full
> disclosure we didn't have a chance for a technical discussion.
>
> I don't negate your points about O_EXCL etc. I don't negate
> the thesis in the subject either :-) What I really negate is
> the FUD
On Wed, 2 Jan 2008 22:08:45 +0100
"Roflek of TK53" <[EMAIL PROTECTED]> wrote:
> Simply generating very long filenames doesn't protect you from race
> conditions and symlink attacks. Well, from a practical, naive point of
> view that only considers what is easy to observe, it is. But since
> securi
James Kosin wrote:
> But, it makes it extremely unlikely to occur; which is not what the
> reporter suggests.
Howver, an atomic create-or-fail operation would eliminate all the
danger for sure and also reduce the need for such an... erm...
ornate filename-generation algorithm. (And using O_NOFOL
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Roflek of TK53 wrote:
> Hello everyone,
>> "1) ClamAV uses own functions to create temporary files. One such
routine is
>> vulnerable to a race condition attack."
>>
>> The analysis is incorrect. The author mistakenly assumed that name_salt is
>> fixe
Hello everyone,
> "1) ClamAV uses own functions to create temporary files. One such routine is
> vulnerable to a race condition attack."
>
> The analysis is incorrect. The author mistakenly assumed that name_salt is
> fixed and this is not true. After each call to cli_gentemp() name_salt gets
> upd
Hi,
I notice that Clam 0.92 has dropped support for Sensory Networks'
hardware scanner, yet this is not mentioned in the release notes.
Is there a reason for omitting this from the release notes?
Regards,
David.
___
Help us build a comprehensive ClamAV
On Wed, 02 Jan 2008 13:18:47 -0600
Michael Brown <[EMAIL PROTECTED]> wrote:
> In theory, anything can mess up an AV package. ClamAV had a issue a
> while back with bad updates that would crash ClamAV daemon, so yes I
> guess technically that could be counted as an instability, even if it
> real
On Sun, 30 Dec 2007 21:49:11 -0600
Chris <[EMAIL PROTECTED]> wrote:
> Saw this link at SANS today, anything to it?
>
> http://seclists.org/fulldisclosure/2007/Dec/0625.html
>
> Or is this a rehash of something already known about?
A few comments on the advisory:
"1) ClamAV uses own functions t
ClamAV's strong point for me, has always been the ability to turn off
just about anything causing an issue. I haven't seen this kind of fine
detail ability in any AV product (commercial or free) that can match
ClamAV for flexibility.
In theory, anything can mess up an AV package. ClamAV had a i
There is an article on eWeek.com today concerning "instability" in AV
software due to the impossibility of adequately testing updates when
releasing them as quickly as they are needed
(www.eweek.com/article2/0,1895,2240656,00.asp?kc=EWKNLINF010208STR3).
As I understand it, ClamAV is perhaps unusua
On Wed, 02 Jan 2008 00:42:52 +0100
Sarocet <[EMAIL PROTECTED]> wrote:
> Ed Kasky wrote:
> > At 06:07 AM Monday, 12/31/2007, you wrote -=>
> >
> >> Chris wrote:
> >>
> >>> Saw this link at SANS today, anything to it?
> >>>
> >>> http://seclists.org/fulldisclosure/2007/Dec/0625.html
> >>>
>
I have a strange situation which I can't explain.
I have an Internet-facing front-end server using exim with ClamAV. I also have
the Sanesecurity signatures installed. Delivery is achieved by relaying to an
Exchange server which is behind the firewall.
Some users have re-direction set up so th
On 1 Jan 2008, at 10:13, Török Edwin wrote:
> Robert wrote:
>> On 29 Dec 2007, at 04:23, Joe Smith wrote:
>>
>> I'm no coder or developer, just curious...
>>
>> Using OSX 10.5.1 client and Clamav -0.92 here's what I found
>> In the clamav source folder, edit the 'configure' file.
>>
>> Find a
"Noel Jones" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]
> Jeremy Fairbrass wrote:
>> Hi all,
>> Is it possible to disable a specific virus name so that ClamAV won't detect
>> it anymore? For example by creating some sort of
>> special
>> whitelist database file (in the same loca
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 01/02/2008 07:23 AM, Joseph L. Casale wrote:
>> Not on CentOS it can't. CentOS has SELinux enabled by default.
>>
>> HTH
>> T.
>
> Yup, that was the ticket. Looking on rpmforge's mailing list there was an
> issue raised about the package not setti
>Not on CentOS it can't. CentOS has SELinux enabled by default.
>
>HTH
>T.
Yup, that was the ticket. Looking on rpmforge's mailing list there was an issue
raised about the package not setting up selinux correctly, and had a fix that
involved integration with amavisd. I don't have amavisd, so I d
G.W. Haywood schrieb:
>
> On Wed, 2 Jan 2008 Joseph L. Casale wrote:
>
>> Reading the docs, root needs to start clamd for the service to drop
>> to a non privileged user, so why can't root start clamd in my
>> config?
>
> Root can do anything. :)
Not on CentOS it can't. CentOS has SELinux enabl
Hi there,
On Wed, 2 Jan 2008 Joseph L. Casale wrote:
> I did a yum install from rpmforge of the 0.92 release under CentOS
> 5.1 and created the users using the pdf document as guide. If I
> issue #service clamd start it errors out with "ERROR: Unable to open
> file or directory". I have searched
34 matches
Mail list logo
