Re: [Exim] FYI: clamav 0.65 remote DOS exploit

Inizio della pagina
Delete this message
Reply to this message
Autore: Richard.Hall
Data:  
To: Exim Users
Oggetto: Re: [Exim] FYI: clamav 0.65 remote DOS exploit
Hi,

On Mon, 9 Feb 2004, Oliver Eikemeier wrote:

> >Description:
>
> It is trivial to crash clamd using a malformed uuencoded message,
> resulting in a denial of service for all programs (e.g. exiscan-acl)
> relying on clamd running. The message must only contain one uuencoded
> line with an illegal line lenght, i.e. starting with a small letter.

[...]

Am I right in thinking that, if I am using exiscan and 'demime=*', then
all the uudecode'ing has already been done before clamd gets its hands on
things? And therefore I am immune from this problem?

Or does the existence of the .eml copy of the full original message still
leave me with problems?

TIA,
Richard Hall