[clamav-users] Vulnerability Reporting?

Micah Snyder (micasnyd) micasnyd at cisco.com
Tue Aug 6 06:05:11 EDT 2019


Regarding the zip bomb vulnerability/fix, we don’t have a CVE assigned – yet.  Will have one soon.

Regards,
Micah

From: clamav-users <clamav-users-bounces at lists.clamav.net> on behalf of "Fajar A. Nugraha via clamav-users" <clamav-users at lists.clamav.net>
Reply-To: ClamAV users ML <clamav-users at lists.clamav.net>
Date: Tuesday, August 6, 2019 at 5:48 AM
To: ClamAV users ML <clamav-users at lists.clamav.net>
Cc: "Fajar A. Nugraha" <list at fajar.net>
Subject: Re: [clamav-users] Vulnerability Reporting?

OP is probably looking for  http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=clamav

... and something equivalent of xen-announce (the 'security advisories' part) from https://xenproject.org/help/mailing-list/ (which doesn't exist for clamav?)

--
Fajar

On Tue, Aug 6, 2019 at 4:42 PM Al Varnell via clamav-users <clamav-users at lists.clamav.net<mailto:clamav-users at lists.clamav.net>> wrote:
I'm also confused by what you mean by "firmware engine" and "compliance"? ClamAV doesn't reside in firmware, so are you referring to firmware vulnerabilities that impact ClamAV performance? If there are any, I have not heard about them. Is there a particular platform that you are referring to?

And with regard to compliance, is there some anti-malware standard that I'm unaware of that needs to be complied with?

Sent from my iPad

-Al-

On Aug 6, 2019, at 02:08, Henrik Hoeg Thomsen1 via clamav-users <clamav-users at lists.clamav.net<mailto:clamav-users at lists.clamav.net>> wrote:
Does CLAMAV have a forum where Vulnerabillity findings in the firmware engine can be tracked for Compliance. ? And where fixes and recomendations can be found.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20190806/37e4ecef/attachment.html>


More information about the clamav-users mailing list