[clamav-users] Max Open File Descriptors issue found this morning

Jason J. W. Williams jasonjwwilliams at gmail.com
Fri Jan 26 15:41:05 UTC 2018


Hi Joel,

Appreciate you chiming in. For what its worth, I can confirm David
Shrimpton's suggestion of adding Vbs.Downloader.Generic-6431223-0 to
local.ign2 stops the problem.

-J

On Fri, Jan 26, 2018 at 7:38 AM, Joel Esler (jesler) <jesler at cisco.com>
wrote:

> There are a bunch of threads going on, so I am going to try and address
> most of them with this email, sorry if I leave anything out.
>
> There are reports of exploits against 0.99.2 in the wild. Heise reports
> on that (in german, can't find an english source right now):
> https://heise.de/-3951801
>
> No that I  have seen.  Maybe I'm wrong and maybe one of my coworkers here
> at Cisco knows something that I don't, but all of the referenced CVE's in
> my blog post here: http://blog.clamav.net/2018/01/clamav-0993-has-been-
> released.html were disclosed to us responsibly by the folks from
> Offensive Research at Salesforce.com<http://Salesforce.com>.  We
> appreciate their work, and it helps tremendously.
>
> Reading through the
> thread, it doesn't appear that ClamAV has fixed the signatures yet (as of
> 24257), or am I wrong?
>
>
> We are currently reviewing the issue to see if we can isolate the cause
> and work out a fix.  This is a "All Hands on Deck" situation (https://en.
> oxforddictionaries.com/definition/all_hands_on_deck) here.  We apologize
> for any issues, and we'll do a post mortem analysis once we fix it to
> figure out what went wrong and what we can do to remedy this in the future.
>
> ClamAV QA team: In future, please run new signatures against a clamd
> process a few thousand times to check for possible resource leakage.
>
>
> Thank you for your suggestion.  We have had some transition in personnel
> in the last several months on the ClamAV team, as well as further
> augmenting our QA resources.  I'm not making excuses, I'm just trying to
> let you all know the reality we've faced.  We want to change the model of
> ClamAV to be even more open source and develop more in a "Bazaar" method.
> More on this over time.
>
> Re: Mail loops
>
> which f**g idiot is responsible for that?
>
> Unfortunately Reindl, from what you reported, and your eloquent
> description, I'm not sure what the issue is.  I'm not seeing that issue on
> my side.
>
> Am 26.01.2018 um 15:40 schrieb Joel Esler (jesler):
> As previously mentioned, if you downloaded the beta version of ClamAV
> 0.99.3, you will need to completely uninstall it and do a fresh install
> with the production version of 0.99.3 as there are significant code
> differences
>
> when i read something like this in 2018 my brain ends with a bluescreen
>
> This is something we debated for a couple weeks here internally and we
> found this to be the best solution.  We were stuck between a rock in and a
> hard place.  Trust me, this is not the user experience I want for our users
> either, but we were faced with a tough choice, and replacing the 0.99.3
> beta with a completely different codebase was the one we found to be the
> best path forward without upsetting even more people.
>
>
>
>
>
> --
> Joel Esler | Talos: Manager | jesler at cisco.com<mailto:jesler at cisco.com>
>
>
>
>
>
>
> _______________________________________________
> clamav-users mailing list
> clamav-users at lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>



More information about the clamav-users mailing list