RE: [Exim] FYI: clamav 0.65 remote DOS exploit

Top Page
Delete this message
Reply to this message
Author: Eli
Date:  
To: 'Oliver Eikemeier', exim-users
Subject: RE: [Exim] FYI: clamav 0.65 remote DOS exploit
Oliver Eikemeier <> wrote:
>> Description:
>
> It is trivial to crash clamd using a malformed uuencoded message,
> resulting in a denial of service for all programs (e.g. exiscan-acl)
> relying on clamd running. The message must only contain one uuencoded
> line with an illegal line lenght, i.e. starting with a small letter.


I am using a beta version of ClamAV and it does not contain this bug:

[root@testunix!~] clamscan --mbox -v clamtest.mbox
clamtest.mbox: OK

----------- SCAN SUMMARY -----------
Known viruses: 20101
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 0.00 MB
I/O buffer size: 131072 bytes
Time: 0.565 sec (0 m 0 s)
[root@testunix!~]

clamscan / ClamAV version devel-20040114

I believe I just took a daily snapshot and installed that. This is on a
test server though, and has not yet hit production (although I have done
some testing, and clamd has yet to crash).

I didn't take the 0.65 stable version because if you look at the current
ChangeLog for the development stuff, it's months and months ahead of 0.65
(or was it close to years? I forget). There were tons of bug fixes and
other changes mentioned and so I figured it'd be best to go for the latest
than take the last so called "stable" release :)

Eli.