Re: [Exim] FYI: clamav 0.65 remote DOS exploit

Top Page
This message is part of the following thread:
M\the complete thread tree sorted by date
MMOliver Eikemeier at <-
MMTom Kistner at ->
Delete this message
Reply to this message
Author: Richard.Hall
Date:  
To: Exim Users
Subject: Re: [Exim] FYI: clamav 0.65 remote DOS exploit
Hi,

On Mon, 9 Feb 2004, Oliver Eikemeier wrote:

> >Description:
>
> It is trivial to crash clamd using a malformed uuencoded message,
> resulting in a denial of service for all programs (e.g. exiscan-acl)
> relying on clamd running. The message must only contain one uuencoded
> line with an illegal line lenght, i.e. starting with a small letter.
[...]

Am I right in thinking that, if I am using exiscan and 'demime=*', then
all the uudecode'ing has already been done before clamd gets its hands on
things? And therefore I am immune from this problem?

Or does the existence of the .eml copy of the full original message still
leave me with problems?

TIA,
Richard Hall



This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-[Exim] smtp client for testingRe: [Exim] exim-tls 3.35 & outlook->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)