[clamav-users] Vulnerability Reporting?

Fajar A. Nugraha list at fajar.net
Wed Aug 7 03:11:05 EDT 2019

On Tue, Aug 6, 2019 at 5:23 PM Henrik Hoeg Thomsen1 via clamav-users <
clamav-users at lists.clamav.net> wrote:

> Running on SUSE sles 12 sp2 servers.
>  rpm -qa | grep clamav
> clamav-0.100.3-33.21.1.x86_64
> This is what i call the engine.  The actual version af clamav proccess
> active on my server.
> I just want to know how to figure out  if this build has known
> vulnerabillities.
Short version: ask suse or whoever build your package.

The CVE page should list most recent issue first, and the linked bugzilla
will show which version has the fix.

However distros (e.g. suse, redhat) often backport security fixes, so it's
possible that your particular build already has it. The distro should have
somekind of changelog for that package. For example,

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20190807/beddc5b6/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: noname
Type: image/gif
Size: 986 bytes
Desc: not available
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20190807/beddc5b6/attachment.gif>

More information about the clamav-users mailing list