[clamav-users] Vulnerability Reporting?

J.R. themadbeaker at gmail.com
Tue Aug 6 08:39:19 EDT 2019


Well, that can take a little figuring out since the package is
maintained by SUSE. A package can receive "backports" to fix
vulnerabilities (and new features) so they don't have to update to a
new version and re-certify everything still works and won't break
other packages.

SUSE does publish info with their updates:
https://www.suse.com/support/update/announcement/2019/suse-su-20190897-1/

*Usually* package maintainers are pretty quick to publish updates for
security vulnerabilities.

> Running on SUSE sles 12 sp2 servers.
>
> rpm -qa | grep clamav
> clamav-0.100.3-33.21.1.x86_64
>
> This is what i call the engine.  The actual version af clamav proccess
> active on my server.
>
> I just want to know how to figure out  if this build has known
> vulnerabillities.
>
> Like "can it be forced to crash by inserting infection patterns" or "can
> it be forced to loop in a scan cycle, so scan newer completes".
>
> And If there is known issues. How to fix or mittigate.


More information about the clamav-users mailing list