[clamav-users] Vulnerability Reporting?

Henrik Hoeg Thomsen1 HHT at dk.ibm.com
Tue Aug 6 06:22:35 EDT 2019


Running on SUSE sles 12 sp2 servers.


 rpm -qa | grep clamav
clamav-0.100.3-33.21.1.x86_64

This is what i call the engine.  The actual version af clamav proccess 
active on my server.

I just want to know how to figure out  if this build has known 
vulnerabillities.

Like "can it be forced to crash by inserting infection patterns" or "can 
it be forced to loop in a scan cycle, so scan newer completes".

And 

If there is known issues. How to fix or mittigate.

---------------------------------------------------------------------------------------------------------------
Henrik Høg Thomsen
Senior IT Specialist - IBM - IPG
IBM Danmark ApS
Prøvensvej 1
2605 Brøndby
CVR nr.: 65305216 
tlf +45 51638561 mail hht at dk.ibm.com




From:   Al Varnell via clamav-users <clamav-users at lists.clamav.net>
To:     ClamAV users ML <clamav-users at lists.clamav.net>
Cc:     Al Varnell <alvarnell at mac.com>
Date:   2019/08/06 11:43
Subject:        [EXTERNAL] Re: [clamav-users] Vulnerability Reporting?
Sent by:        "clamav-users" <clamav-users-bounces at lists.clamav.net>



I'm also confused by what you mean by "firmware engine" and "compliance"? 
ClamAV doesn't reside in firmware, so are you referring to firmware 
vulnerabilities that impact ClamAV performance? If there are any, I have 
not heard about them. Is there a particular platform that you are 
referring to?

And with regard to compliance, is there some anti-malware standard that 
I'm unaware of that needs to be complied with?

Sent from my iPad

-Al-

On Aug 6, 2019, at 02:08, Henrik Hoeg Thomsen1 via clamav-users <
clamav-users at lists.clamav.net> wrote:
Does CLAMAV have a forum where Vulnerabillity findings in the firmware 
engine can be tracked for Compliance. ? And where fixes and recomendations 
can be found.[attachment "smime.p7s" deleted by Henrik Hoeg 
Thomsen1/Denmark/IBM] 
_______________________________________________

clamav-users mailing list
clamav-users at lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml



Medmindre andet er angivet ovenfor: / Unless Otherwise Stated Above:
IBM Danmark ApS
Prøvensvej 1
2605 Brøndby, Danmark
CVR nr.: 65305216
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20190806/1f57eae6/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 986 bytes
Desc: not available
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20190806/1f57eae6/attachment.gif>


More information about the clamav-users mailing list