Clamav 0.90

Requests for RPMS, or new coding projects related to server administration, Plesk, security, or anything else you can think of.
luribe
Forum User
Forum User
Posts: 10
Joined: Thu Dec 28, 2006 9:07 pm

Clamav 0.90

Unread post by luribe »

Hi scott

Can you update clamav to 0.90

Thanks a lot :)
breun
Long Time Forum Regular
Long Time Forum Regular
Posts: 2813
Joined: Sat Aug 20, 2005 9:30 am
Location: The Netherlands

Unread post by breun »

I see Dag already built the packages (although 0.90 was only released yesterday!), Scott only needs to import them (or you could add Dag's channel to your setup).

See here for info on the new features.
Lemonbit Internet Dedicated Server Management
scott
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 8355
Joined: Wed Dec 31, 1969 8:00 pm
Location: earth
Contact:

Unread post by scott »

Yep its on my list. Dag has mad kung foo.
sppride
Forum User
Forum User
Posts: 20
Joined: Wed Nov 22, 2006 6:35 pm

Unread post by sppride »

From isc.sans.org - :) Explains the issues with the old version :)


--------------

The Clamav development team released version 0.90 of their open-source antivirus toolkit today. This version contains fixes for security vulnerabilities described in a number of iDefense advisories that were published today.

ClamAV CAB File Denial of Service Vulnerability (CVE-2007-0898)
Remote attackers can perform a service degradation attack by sending a malformed CAB file through a gateway scanner running ClamAV. The vulnerability can prevent ClamAV from scanning archives succesfully by depleting the available local file descriptors. iDefense investigated a number of common setups and observed that in most cases, mails that cannot be scanned will be auto-denied.

ClamAV MIME Parsing Directory Traversal Vulnerability (CVE-2007-0897)
An input validation bug allows a remote user to overwrite files on the system that are owned by the clamd scanner. A potential target mentioned in the advisory is the virus database. By overwriting this file, the scanner's effectiveness against certain threats can be reduced significantly.

Both vulnerabilities were resolved in ClamAV's new stable 0.90 release, which was released yesterday. Do note that users that automatically download and install signature updates are not automatically covered. When vulnerabilities in anti virus software are addressed, it is important to understand whether they are fixed in the signatures or scanning engines.

Depending on the solution in use, most setups are configured to automatically update the former, while the latter may require separate upgrades. One user wrote in with the really good idea of leveraging the common logwatch tool to check for the typical Freshclam error:

WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.88.7 Recommended version: 0.90
sppride
Forum User
Forum User
Posts: 20
Joined: Wed Nov 22, 2006 6:35 pm

Another Clam Advisory

Unread post by sppride »

http://labs.idefense.com/intelligence/v ... php?id=513
DESCRIPTION

Remote exploitation of a buffer overflow vulnerability in Clam AntiVirus' ClamAV allows attackers to execute arbitrary code with the privileges of the affected process.

The vulnerability exists within the cab_unstore() function in libclamav, the library used by clamd to scan various file types. A 32-bit signed integer is taken from the packet and compared against the sizeof() the destination buffer. However, the sizeof() return value is improperly casted to a signed integer. By supplying a negative value, an attacker can pass cause the comparison to succed. This eventually leads to an exploitable stack-based buffer overflow.
breun
Long Time Forum Regular
Long Time Forum Regular
Posts: 2813
Joined: Sat Aug 20, 2005 9:30 am
Location: The Netherlands

Unread post by breun »

Fixed in ClamAV 0.90.2 (which was released four days ago).
Lemonbit Internet Dedicated Server Management
breun
Long Time Forum Regular
Long Time Forum Regular
Posts: 2813
Joined: Sat Aug 20, 2005 9:30 am
Location: The Netherlands

Unread post by breun »

Both Dag and Scott created ClamAV 0.90.2 packages today.
Lemonbit Internet Dedicated Server Management
Post Reply