[clamav-users] Vulnerability Reporting?

J.R. themadbeaker at gmail.com
Tue Aug 6 12:39:19 UTC 2019

Well, that can take a little figuring out since the package is
maintained by SUSE. A package can receive "backports" to fix
vulnerabilities (and new features) so they don't have to update to a
new version and re-certify everything still works and won't break
other packages.

SUSE does publish info with their updates:

*Usually* package maintainers are pretty quick to publish updates for
security vulnerabilities.

> Running on SUSE sles 12 sp2 servers.
> rpm -qa | grep clamav
> clamav-0.100.3-33.21.1.x86_64
> This is what i call the engine.  The actual version af clamav proccess
> active on my server.
> I just want to know how to figure out  if this build has known
> vulnerabillities.
> Like "can it be forced to crash by inserting infection patterns" or "can
> it be forced to loop in a scan cycle, so scan newer completes".
> And If there is known issues. How to fix or mittigate.

More information about the clamav-users mailing list