Author: Eli Date: To: 'Oliver Eikemeier', exim-users Subject: RE: [Exim] FYI: clamav 0.65 remote DOS exploit
Oliver Eikemeier <> wrote: >> Description:
>
> It is trivial to crash clamd using a malformed uuencoded message,
> resulting in a denial of service for all programs (e.g. exiscan-acl)
> relying on clamd running. The message must only contain one uuencoded
> line with an illegal line lenght, i.e. starting with a small letter.
I am using a beta version of ClamAV and it does not contain this bug:
[root@testunix!~] clamscan --mbox -v clamtest.mbox
clamtest.mbox: OK
I believe I just took a daily snapshot and installed that. This is on a
test server though, and has not yet hit production (although I have done
some testing, and clamd has yet to crash).
I didn't take the 0.65 stable version because if you look at the current
ChangeLog for the development stuff, it's months and months ahead of 0.65
(or was it close to years? I forget). There were tons of bug fixes and
other changes mentioned and so I figured it'd be best to go for the latest
than take the last so called "stable" release :)