[clamav-users] clamav-0.98.3 does not pass vulnerability scan

Greg Folkert greg at donor.com
Sat May 24 13:49:46 UTC 2014 

If this is like other "assumption based" Vulnerability scanning engines
(Rapid7 and Nessus and others)...

This is a return that is classified as a False Positive. Since you've
proven that it isn't doing what it thinks it is doing.

If your Scanners works as expected and not as described, then you can
file a false positive determination with your scanning vendor.

On Sat, 2014-05-24 at 21:42 +0800, anctop at gmail.com wrote:
> Yes. After each modification, I ran "killall -HUP -e clamd" to restart clamd.
> 
> The scan report reads :
> 
> > NVT:    SMTP antivirus scanner DoS
> > OID:    1.3.6.1.4.1.25623.1.0.11036
> > Threat: High (CVSS: 7.2)
> > Port:   smtp (25/tcp)
> >         submission (587/tcp)
> >
> > The file 42.zip was sent 2 times. If there is an antivirus in your MTA, it
> > might have crashed. Please check its status right now, as it is
> > not possible to do so remotely
> >
> > Vulnerability Detection Method:
> > Details:
> > SMTP antivirus scanner DoS
> > (OID: 1.3.6.1.4.1.25623.1.0.11036)
> 
> but both clamav-milter and clamd were still working well.
> 
> 
> On Fri, 23 May 2014, Matus UHLAR - fantomas wrote:
> 
> > On 23.05.14 11:50, anctop wrote:
> >> I've tried to change the value of "MaxRecursion" in clamd.conf to 4
> >> and 44 respectively, but both experiments yield the same result.
> >
> > Did you reload/restart clamd afterwards? What was the result?
> >
> >> Can it be a problem with the MTA ?
> >
> > I can't tell you without the information above
> > -- 
> > Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
> > Warning: I wish NOT to receive e-mail advertising to this address.
> > Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
> > Spam = (S)tupid (P)eople's (A)dvertising (M)ethod
> _______________________________________________
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> http://www.clamav.net/support/ml

-- 
greg folkert - systems administration and support
web:    donor.com
email:  greg at donor.com
phone:  877-751-3300 x416
direct: 616-328-6449 (direct dial and fax)
"All sweeping assertions are erroneous."
    -- Letitia Elizabeth Landon

More information about the clamav-users mailing list