clamav-users May 2014 archive
Main Archive Page > Month Archives  > clamav-users archives
clamav-users: Re: [clamav-users] clamav-0.98.3 does not pass vul

Re: [clamav-users] clamav-0.98.3 does not pass vulnerability scan

From: anctop <anctop_at_nospam>
Date: Tue May 20 2014 - 08:22:27 GMT
To: clamav-users@lists.clamav.net

Both clamav-milter & clamd were still working after the "attack" by the scan.

Our config files assume default values for recursive scanning.
I'd like to know if the recursion depth is lowered, will clamd fail to
detect those viruses deeply hidden in nested directories ?

>>> The file 42.zip was sent 2 times. If there is an antivirus in your MTA, it might have crashed.
>>> Please check its status right now, as it is not possible to do so remotely
>>>
>>> Vulnerability Detection Method
>>> Details: SMTP antivirus scanner DoS (OID: 1.3.6.1.4.1.25623.1.0.11036)
>
>On 20.05.14 11:22, anctop wrote:
>>But we've verified that ClamAV milter was still running as before.
>
>The milter only passes data from milter to clamd. You need to look if the clamd crashed.
>
>>When using ClamAV-0.98.1, the scan report reads :
>>
>>> smtp (25/tcp) / submission (587/tcp)
>>> Log (CVSS: 7.2) NVT: SMTP antivirus scanner DoS (OID: 1.3.6.1.4.1.25623.1.0.11036)
>>>
>>> For some reason, we could not send the 42.zip file to this MTA
>>>
>>> Vulnerability Detection Method
>>> Details: SMTP antivirus scanner DoS (OID: 1.3.6.1.4.1.25623.1.0.11036)
>>
>>Does it mean that ClamAV-0.98.3 is vulnerable to the said DoS attack ?
>
>you can set up archive depth and similar limits in clamd.conf
>--
>Matus UHLAR - fantomas, uhlar_at_fantomas.sk ; http://www.fantomas.sk/
>Warning: I wish NOT to receive e-mail advertising to this address.
>Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
>He who laughs last thinks slowest.
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml