[clamav-users] meaning of clamscan output

Dear All, i'm new to the list and quiet uncertain about the following output of clamscan: LibClamAV Error: sigperf_events_init: events table full. Increase MAX_BC LibClamAV info: Bytecode name#runs #matches usecs total usecs avg LibClamAV info: =

[clamav-users] Injection Vulnerability in 0.99.2

Hi, We¹ve been using ClamAV 0.99.2 for some time. Our security team has recently done a scan and reported that this version of ClamAV has the injection vulnerability cited here: http://www.securityspace.com/smysecure/catid.html?id=1.3.6.1.4.1.25623.1.0. 105762 I checked and 0.99.2 is the latest s

Re: [clamav-users] Injection Vulnerability in 0.99.2

The URL was corrupted in the e-mail I received. See if this works: And quoting the info found there: > Test ID: 1.3.6.1.4.1.25623.1.0.105762 > Category: General > Title:ClamAV `Service Commands` In

Re: [clamav-users] Injection Vulnerability in 0.99.2

Hi, The fact that using clamd over TCP has insecurities has come up before. If using clamd, it is recommended to use the local socket option rather than a TCP socket. # The daemon can work in local mode, network mode or both. # Due to security reasons we recommend the local mode. Until it is fix

Re: [clamav-users] Injection Vulnerability in 0.99.2

Am 28.09.2017 um 23:02 schrieb Steven Morgan: The fact that using clamd over TCP has insecurities has come up before. If using clamd, it is recommended to use the local socket option rather than a TCP socket. # The daemon can work in local mode, network mode or both. # Due to security reasons

Re: [clamav-users] Injection Vulnerability in 0.99.2

That's because you've gotten to the heart of the matter. There's no real bug or code related vulnerability here; it's a user-side network hardening issuing combined with a misunderstanding of clamd configuration options that allows for this attack surface to exist. As Steve has already pointed ou