personally after poking at the FSG and the UPX vulns, and some other
possible issues with decompression im poking at myself, i would not use
clamav right now. not enough care is taken when examining "packed"
executables.
that said, im sure i would feel the same way if i were able to look at
any of the non-linux antivirus solutions as well.
-phar
On Tue, 2006-01-17 at 13:45 -0600, Benson, Sean M wrote:
Anti-Virus in Linux.
Should I/you or shouldn't I/you and why?
With this (ClamAV) being an anti-virus program, running on Linux,
creating a possible exploit:
Should you run an anti-virus on linux for non-work issues?
(Just home Workstations, Laptops, etc.. not mail servers.)
IMHO:
I've heard the "Keep from passing windows virus' from NTuserA --- you
--- NTuserB."
But I don't think that's a good enough reason to eat up my cycles, plus
I'm a huge fan of least apps/services running.
I Don't buy the "Market Share targeting" jazz either. It's more a design
issue based on least/most priviledge in my thinking.
sbenson
-----Original Message-----
From: QATeam User [mailto:qateam@linsec.homelinux.org] On Behalf Of
Mandriva Security Team
Sent: Monday, January 16, 2006 6:24 PM
To: bugtraq@securityfocus.com
Subject: MDKSA-2006:016 - Updated clamav packages fix vulnerability
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDKSA-2006:016
http://www.mandriva.com/security/
_______________________________________________________________________
Package : clamav
Date : January 16, 2006
Affected: 10.1, 10.2, 2006.0, Corporate 3.0
_______________________________________________________________________
Problem Description:
A heap-based buffer overflow was discovered in ClamAV versions prior to
0.88 which allows remote attackers to cause a crash and possibly
execute arbitrary code via specially crafted UPX files.
This update provides ClamAV 0.88 which corrects this issue and also
fixes some other bugs.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0162
_______________________________________________________________________
Updated Packages:
Mandriva Linux 10.1:
a6f50f607308d688ae0acbb8a03be62f
10.1/RPMS/clamav-0.88-0.1.101mdk.i586.rpm
4a91d81f7ca2baa8392e9822493e9bad
10.1/RPMS/clamav-db-0.88-0.1.101mdk.i586.rpm
f37f5611b73a0b39efc030a7380fd231
10.1/RPMS/clamav-milter-0.88-0.1.101mdk.i586.rpm
3a358f56b38d12dd2f406ad01e4d15d1
10.1/RPMS/clamd-0.88-0.1.101mdk.i586.rpm
1073d9acede45ae3712dde6016d93776
10.1/RPMS/libclamav1-0.88-0.1.101mdk.i586.rpm
3ed0c1a49b4a7aaf2438d2c65a14cf46
10.1/RPMS/libclamav1-devel-0.88-0.1.101mdk.i586.rpm
70ca1d9a3498e82d89d1d8a5ef7386f6
10.1/SRPMS/clamav-0.88-0.1.101mdk.src.rpm
Mandriva Linux 10.1/X86_64:
da3e4a1571a2e98591c6324a06d5dbc1
x86_64/10.1/RPMS/clamav-0.88-0.1.101mdk.x86_64.rpm
1d3a2630d32b08fbb72ccf5543d9ab93
x86_64/10.1/RPMS/clamav-db-0.88-0.1.101mdk.x86_64.rpm
0bb23a740d77e519f79336dd94624995
x86_64/10.1/RPMS/clamav-milter-0.88-0.1.101mdk.x86_64.rpm
fcb790c235e892f2bcb3e40073de37dc
x86_64/10.1/RPMS/clamd-0.88-0.1.101mdk.x86_64.rpm
5fbe68962ebdb338f7f2dd642af2e2c5
x86_64/10.1/RPMS/lib64clamav1-0.88-0.1.101mdk.x86_64.rpm
588f38077ecc9334d87bc32d55d19693
x86_64/10.1/RPMS/lib64clamav1-devel-0.88-0.1.101mdk.x86_64.rpm
70ca1d9a3498e82d89d1d8a5ef7386f6
x86_64/10.1/SRPMS/clamav-0.88-0.1.101mdk.src.rpm
Mandriva Linux 10.2:
d2cf2ff410e827248183514a3d28bbee
10.2/RPMS/clamav-0.88-0.1.102mdk.i586.rpm
c6dc409a0ca4464c89fea392773afc2a
10.2/RPMS/clamav-db-0.88-0.1.102mdk.i586.rpm
c3f0b3ca067b4ed9cef80a9a3235b584
10.2/RPMS/clamav-milter-0.88-0.1.102mdk.i586.rpm
1c8c9376e21ae2ffe69d2a932a84b1d6
10.2/RPMS/clamd-0.88-0.1.102mdk.i586.rpm
513f0a8e2f11b87c8aa53bcb73c442af
10.2/RPMS/libclamav1-0.88-0.1.102mdk.i586.rpm
0add915e8292b4103a1a70a8024a9c14
10.2/RPMS/libclamav1-devel-0.88-0.1.102mdk.i586.rpm
e7b233b0e93148483eaddc13fb2c08ca
10.2/SRPMS/clamav-0.88-0.1.102mdk.src.rpm
Mandriva Linux 10.2/X86_64:
95f3d51d9161e8ce768d539fb09bf61e
x86_64/10.2/RPMS/clamav-0.88-0.1.102mdk.x86_64.rpm
32d954251997dfe4c6a90b47c1afc043
x86_64/10.2/RPMS/clamav-db-0.88-0.1.102mdk.x86_64.rpm
d65805c70d7610d8c8c4398e061263a2
x86_64/10.2/RPMS/clamav-milter-0.88-0.1.102mdk.x86_64.rpm
435700e77ca28dc666e192e7478f7d2e
x86_64/10.2/RPMS/clamd-0.88-0.1.102mdk.x86_64.rpm
511343643497d4b9766b57fe8f04273e
x86_64/10.2/RPMS/lib64clamav1-0.88-0.1.102mdk.x86_64.rpm
d0eed7f044d7e8a7f4db533af5fe9ad9
x86_64/10.2/RPMS/lib64clamav1-devel-0.88-0.1.102mdk.x86_64.rpm
e7b233b0e93148483eaddc13fb2c08ca
x86_64/10.2/SRPMS/clamav-0.88-0.1.102mdk.src.rpm
Mandriva Linux 2006.0:
56058f4cd26122cea69427cc67865c87
2006.0/RPMS/clamav-0.88-0.1.20060mdk.i586.rpm
fc2da08ef403505d405c27ecf7e70906
2006.0/RPMS/clamav-db-0.88-0.1.20060mdk.i586.rpm
bc9b7175371d7e79dd24eb4eae959963
2006.0/RPMS/clamav-milter-0.88-0.1.20060mdk.i586.rpm
33c61bd443c38a580d0951cce4fd0fc4
2006.0/RPMS/clamd-0.88-0.1.20060mdk.i586.rpm
52ac84d0d82955075917b5d1746f3c89
2006.0/RPMS/libclamav1-0.88-0.1.20060mdk.i586.rpm
17b683eff95867f061c337a5a5ddfc98
2006.0/RPMS/libclamav1-devel-0.88-0.1.20060mdk.i586.rpm
6b9450ddd32e67b51b6210c881c4ee57
2006.0/SRPMS/clamav-0.88-0.1.20060mdk.src.rpm
Mandriva Linux 2006.0/X86_64:
9f8c4d9df419f07e9b77805cc44def6d
x86_64/2006.0/RPMS/clamav-0.88-0.1.20060mdk.x86_64.rpm
052b2bce512f66ae755ca5c546e617e2
x86_64/2006.0/RPMS/clamav-db-0.88-0.1.20060mdk.x86_64.rpm
7baabc483eb84d4aa57d4eab4780e0d6
x86_64/2006.0/RPMS/clamav-milter-0.88-0.1.20060mdk.x86_64.rpm
7dedeeafe3bb5d61787d8d580cf47a10
x86_64/2006.0/RPMS/clamd-0.88-0.1.20060mdk.x86_64.rpm
ab4d8c33215c6937e78d817b24a411e7
x86_64/2006.0/RPMS/lib64clamav1-0.88-0.1.20060mdk.x86_64.rpm
dcd8465544b9e49d81788220d166c128
x86_64/2006.0/RPMS/lib64clamav1-devel-0.88-0.1.20060mdk.x86_64.rpm
6b9450ddd32e67b51b6210c881c4ee57
x86_64/2006.0/SRPMS/clamav-0.88-0.1.20060mdk.src.rpm
Corporate 3.0:
83adb159a2d4529422cc13d5946ba755
corporate/3.0/RPMS/clamav-0.88-0.1.C30mdk.i586.rpm
cc58276368f5eb263516a55376cb1d4d
corporate/3.0/RPMS/clamav-db-0.88-0.1.C30mdk.i586.rpm
ebda4c6c4e070ae0b02327f64ce5f8c1
corporate/3.0/RPMS/clamav-milter-0.88-0.1.C30mdk.i586.rpm
2343c8e3cb71f9c1f94a04ea153df0b0
corporate/3.0/RPMS/clamd-0.88-0.1.C30mdk.i586.rpm
9b9516676a908e9706070f924d127241
corporate/3.0/RPMS/libclamav1-0.88-0.1.C30mdk.i586.rpm
66c4f79955843bb0dab60021eeda4b89
corporate/3.0/RPMS/libclamav1-devel-0.88-0.1.C30mdk.i586.rpm
e670f8e1032dd9cbf38479f5bc695730
corporate/3.0/SRPMS/clamav-0.88-0.1.C30mdk.src.rpm
Corporate 3.0/X86_64:
cb622db3837b0019ee05fab5b93b3a73
x86_64/corporate/3.0/RPMS/clamav-0.88-0.1.C30mdk.x86_64.rpm
e35b47f2bb233a6a63da9111f33d34b1
x86_64/corporate/3.0/RPMS/clamav-db-0.88-0.1.C30mdk.x86_64.rpm
0bd8f3b55cdf12eb23e1450a116f42d1
x86_64/corporate/3.0/RPMS/clamav-milter-0.88-0.1.C30mdk.x86_64.rpm
c03051f1e521db11b0604ed123caaa24
x86_64/corporate/3.0/RPMS/clamd-0.88-0.1.C30mdk.x86_64.rpm
d9ad3e9cf881de0185cf58ae80c89391
x86_64/corporate/3.0/RPMS/lib64clamav1-0.88-0.1.C30mdk.x86_64.rpm
0148db41a8e5724cd229ea866b7037ad
x86_64/corporate/3.0/RPMS/lib64clamav1-devel-0.88-0.1.C30mdk.x86_64.rpm
e670f8e1032dd9cbf38479f5bc695730
x86_64/corporate/3.0/SRPMS/clamav-0.88-0.1.C30mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFDzAsDmqjQ0CJFipgRAn+hAKC+LqIePeyGT996WlgEHRz08tKDmgCeLkl9
fRY6yzxeFm2/EAO5B9Q3/to=
=F+a3
-----END PGP SIGNATURE-----
