clamav-users May 2014 archive
Main Archive Page > Month Archives  > clamav-users archives
clamav-users: [clamav-users] clamav-0.98.3 does not pass vulnera

[clamav-users] clamav-0.98.3 does not pass vulnerability scan

From: anctop <anctop_at_nospam>
Date: Tue May 20 2014 - 03:22:25 GMT
To: clamav-users@lists.clamav.net

Our system is running Linux with Sendmail-8.14.6.
Last week we upgraded ClamAV from 0.98.1 to 0.98.3 without changing
the build options :

    sh ./configure --prefix=<PREFIX> --enable-shared
--disable-experimental --enable-milter

The config files are kept unchanged too.

As we perform vulnerability scan using OpenVAS-6, a couple of "High"
risks are reported :

> smtp (25/tcp) / submission (587/tcp)
> High (CVSS: 7.2) NVT: SMTP antivirus scanner DoS (OID: 1.3.6.1.4.1.25623.1.0.11036)
>
> The file 42.zip was sent 2 times. If there is an antivirus in your MTA, it might have crashed.
> Please check its status right now, as it is not possible to do so remotely
>
> Vulnerability Detection Method
> Details: SMTP antivirus scanner DoS (OID: 1.3.6.1.4.1.25623.1.0.11036)

But we've verified that ClamAV milter was still running as before.

When using ClamAV-0.98.1, the scan report reads :

> smtp (25/tcp) / submission (587/tcp)
> Log (CVSS: 7.2) NVT: SMTP antivirus scanner DoS (OID: 1.3.6.1.4.1.25623.1.0.11036)
>
> For some reason, we could not send the 42.zip file to this MTA
>
> Vulnerability Detection Method
> Details: SMTP antivirus scanner DoS (OID: 1.3.6.1.4.1.25623.1.0.11036)

Does it mean that ClamAV-0.98.3 is vulnerable to the said DoS attack ?
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml