[clamav-users] Injection Vulnerability in 0.99.2

Nathan Gibbs nathan at cmpublishers.com
Thu Nov 2 20:12:22 UTC 2017 

Interesting,

Some favorite ClamAV bugs from 2011 have been "rediscovered".
:-)

Also, from a pen tester's view, the important point is that, this attack
surface does exist.

User-side network hardening issues & misunderstanding of clamd
configuration options may be irrelevant.

Specifically, "misunderstanding" configuration options have led to
interesting & publicly undisclosed discoveries useful to pen testers.
:-)

-- 
Sincerely,
Nathan Gibbs

On 9/28/2017 17:45, Mickey Sola wrote:
> That's because you've gotten to the heart of the matter.
> 
> There's no real bug or code related vulnerability here; it's a user-side
> network hardening issuing combined with a misunderstanding of clamd
> configuration options that allows for this attack surface to exist.
> 
> As Steve has already pointed out, sound network security practices make
> this a non-issue. Among other things, we're looking into improving the
> configuration experience in coming releases of Clam, but for now, there's
> already a solution to this problem.
> 
> - Mickey
> 
> On Thu, Sep 28, 2017 at 5:23 PM, Reindl Harald <h.reindl at thelounge.net>
> wrote:
> 
>>
>>
>> Am 28.09.2017 um 23:02 schrieb Steven Morgan:
>>
>>> The fact that using clamd over TCP has insecurities has come up before. If
>>> using clamd, it is recommended to use the local socket option rather than
>>> a
>>> TCP socket.
>>>
>>> # The daemon can work in local mode, network mode or both.
>>> # Due to security reasons we recommend the local mode.
>>>
>>> Until it is fixed, only use TCP sockets on externally secured networks
>>>
>>
>> sorry, but that is hardly related to whatever bug and can be said for any
>> service in general
>>
>> _______________________________________________
>> clamav-users mailing list
>> clamav-users at lists.clamav.net
>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>>
>>
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>>
>> http://www.clamav.net/contact.html#ml
>>
> _______________________________________________
> clamav-users mailing list
> clamav-users at lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml
> 
> .
> 



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20171102/fd65b5cc/attachment.sig>

More information about the clamav-users mailing list