[clamav-users] After 0.100.1 Update, clamd crashe

Micah Snyder (micasnyd) micasnyd at cisco.com
Tue Jul 31 13:55:07 EDT 2018


Meaning no offense here - but not every crash is a security vulnerability.  You shouldn't trust 3rd party signatures unless you trust the source of the signatures.

We take vulnerabilities in parsing untrusted user input (such as when scanning a file or email) very seriously.  Signature databases, on the other hand, should qualify as trusted input.

If there is a known defect in how a signature is parsed - we can avoid it until such time as we have the ability to fix the feature.  To be clear, Mickey stated that in the ticket that we're leaving the ticket open because it is very clearly a bug that we intend to fix.  However, we have a lot on our plates and very few developers.  If you have the time to find a good fix for it, we'll take your patch or pull request.


Micah Snyder
ClamAV Development
Cisco Systems, Inc.

On Jul 31, 2018, at 1:14 PM, G.W. Haywood <clamav at jubileegroup.co.uk<mailto:clamav at jubileegroup.co.uk>> wrote:

Hi there,

On Tue, 31 Jul 2018, Steve Basford wrote:

My little issue is with this statement:
"It wasn't quite clear at the offset of this bug, but ClamAV cannot
support unofficial signatures from a development standpoint. For numerous
reasons, we do not regress against those signatures, and in cases where
sig writers publish non-functional signatures due to insufficient testing
(which then cause crashes in newer versions of clam) we cannot devote our
resources to fixing that problem." (above Bugzilla)

I'll take issue with that statement too.  That's a cr at p developer attitude.

If an unofficial signature causes (or is even _capable_ of causing) clam
to crash, that's a fault in clam that needs to be fixed.

If nothing else it means that you're quite likely less secure if you're
running clam on Linux than you are if you're _not_ running it.


clamav-users mailing list
clamav-users at lists.clamav.net<mailto:clamav-users at lists.clamav.net>

Help us build a comprehensive ClamAV guide:


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20180731/283e708a/attachment.html>

More information about the clamav-users mailing list