[clamav-users] Stop clamdscan from stepping on itself?

G.W. Haywood clamav at jubileegroup.co.uk
Sat Oct 19 08:04:18 EDT 2019


Hi there,

On Fri, 18 Oct 2019, Paul Kosinski via clamav-users wrote:

> "of course you can't even really trust brand new drives any more"
>
> Do you mean unreliability, or active insecurity? If the latter, any
> examples? (Of drives per se, not hardware systems or subsystems.)

Reliability, in purely mechanical terms, seems to be improving all the
time.  There was a time not so long ago when I was wondering if I'd be
replacing our drives every six months or so.  It really was that bad.
But I looked into the problems methodically, changed suppliers where
it seemed advisable, and now I don't seem to need to worry about that.

Security on the other hand seems to be getting worse.  I guess we're
going to have to live with a similar kind of learning curve.  The term
you're looking for is "supply chain".  See for example

https://www.theregister.co.uk/2019/09/19/it_supply_chain_attack/

which doesn't specifically single out drives, but talks about some of
the issues.  I keep a library of links from publications like this and
it just keeps getting scarier.  I particularly liked the creativity in
the compromise of the well-known AV product 'Ccleaner', especially as
it's one I've used quite a bit in the past.  It was really little more
than good luck that this one didn't catch me (or rather, and extremely
embarrassing it would have been, a bunch of clients).

To answer your specific question, I don't have any evidence of drives
being compromised.  But given the amounts of money that are sloshing
around in criminal circles, and the number of openings that they must
have into hardware suppliers, if it isn't alreasdy going on under our
noses it has to be just a matter of time before somebody gets hurt.

> And what can any AV do about it?

Good question.  Probably you'd need to do deeper inspection of things
like drive firmware using specialist tools, but it is feasible.  The
fact that drives all have serial numbers is slightly comforting.

-- 

73,
Ged.


More information about the clamav-users mailing list