ClamAv: is anyone paying attention?
mario.vukelic at dantian.org
Sat Nov 18 23:06:00 UTC 2006
On Sat, 2006-11-18 at 22:40 +0000, Andy wrote:
> Symantec would disagree with you on that one:
Not really. This is a worm; a virus scanner won't help you with that.
And it is old and while not harmless I figure it is pretty much dead. We
are talking about 0-2 (!) affected sites and 0-49 (!) infections
overall. I figure the hole is exploited has been closed for years.
Discovered: March 23, 2001
Updated: May 30, 2004 03:48:47 PM PDT
Systems Affected: Linux
(...) dangerous Linux worm (...)
* Wild Level: Low
* Number of Infections: 0 - 49
* Number of Sites: 0 - 2
* Geographical Distribution: Low
* Threat Containment: Easy
* Removal: Easy
* Damage Level: Medium
* Distribution Level: Low
> I have seen others as well
Me too, I have searched the Symantec site when I wrote my statement. All
I found were conceptual or similarly harmless
> Maybe we need an AV scanner, lets not get careless, again with more
> distros targeted at getting new users then then its only a matter of
> time before virus writers start attacking Linux, though it is more
> secure are you willing to bet on it being unbreakable?
As I said, diligence is called for, our favorite system certainly is
also vulnerable. But it makes little sense to create and install
scanners before there is a tangible threat. Without one, how do you even
know what to guard against? Plus, I highly doubt that virus scanners are
the way to go, it would make more sense to prevent outbreaks by fixing
bugs. Windows seems to be a lost cause in that regard so the only
solution is to heap after-the-fact services on top.
> So the fact the engine is outdated doesn't cause a problem? oddly the
> clamAV FAQ suggests that you shouldn't use outdated engines
Certainly it is always a good idea to be fully up-to-date, but read the
changelogs, there really seems little reason to get upset:
Release Name: 0.88.5
Notes: This version fixes a crash in the CHM unpacker and a heap
overflow in the function rebuilding PE files after unpacking.
- libclamav/rebuildpe.c: fix possible heap overflow [IDEF1597]
- libclamav/chmunpack.c: fix possible crash [IDEF1736]
- freshclam/manager.c: "Cache-Control: no-cache" is now disabled by
default. If you're behind a broken proxy you can recompile freshclam
Release Name: 0.88.6
Notes: Changes in this release include better handling of network
problems in freshclam and other minor bugfixes.
- freshclam: apply timeout patch from Everton da Silva Marques
<everton*lab.ipaccess.diveo.net.br> (new options: ConnectTimeout and
- clamd: change stack size at the right place (closes bug#103)
Patch from Jonathan Chen <jon+clamav*spock.org>
- libclamav/petite.c: sanity check the number of rebuilt sections (speeds
up handling of malformed files)
More information about the ubuntu-users