[clamav-users] CLAMAV: Docker Tag 0.104.2 has 9 Medium Vulnerabilities for Busy Box
Andrew C Aitchison
clamav at aitchison.me.uk
Sat Feb 19 06:39:12 UTC 2022
Jaspal,
I think Micah was replying to Marc.
Your email ettiquette was great.
On Fri, 18 Feb 2022, Jaspal Singh Sandhu via clamav-users wrote:
> Hi Micah,
>
> I will use https://github.com/Cisco-Talos/clamav/issues/new/choose.
>
> There was no intention of Mocking. It was simply to let you know that we
> saw the vulnerabilities in busybox and pulled back from that image.
>
> We have successfully upgraded clamav. It is an awesome product.
>
> Nowadays, it is good to be extra cautious.
>
> Again, thanks for your support.
>
> Thanks,
>
> Jaspal Sandhu
> Roberthalf
>
> On Thu, Feb 17, 2022 at 11:52 AM Micah Snyder (micasnyd) via clamav-users <
> clamav-users at lists.clamav.net> wrote:
>
>> Please don't hijack a thread to report a bug or request an improvement. A
>> new thread for new discussion topic is always great.
>>
>> Please also be careful in your phrasing. ClamAV's docker support was 99%
>> the work of a kind-hearted community member. Mocking the current design
>> isn't helpful. I do see what you're talking about. I'm sure there is room
>> for improvement.
>>
>> If you know there is a bug, please report the issue
>> https://github.com/Cisco-Talos/clamav/issues/new/choose
>> <https://github.com/Cisco-Talos/clamav/issues/new?assignees=&labels=&template=bug_report.md&title=>
>> If you have a proposed solution for the issue, it's still good to make the
>> issue and submit your solution in a pull-request.
>>
>> Regards,
>> Micah
>>
>> Micah Snyder
>> ClamAV Development
>> Talos
>> Cisco Systems, Inc.
>> ------------------------------
>> *From:* Marc <Marc at f1-outsourcing.eu>
>> *Sent:* Sunday, February 13, 2022 5:02 AM
>> *To:* ClamAV users ML <clamav-users at lists.clamav.net>
>> *Cc:* Micah Snyder (micasnyd) <micasnyd at cisco.com>; Sandhu, Jaspal (HQP) <
>> jaspal.sandhu at roberthalf.com>
>> *Subject:* RE: CLAMAV: Docker Tag 0.104.2 has 9 Medium Vulnerabilities
>> for Busy Box
>>
>>> My team is new to maintaining images on Docker Hub. We hadn't yet
>>> identified the best practices for how to publish an image for the same
>>> ClamAV version with a new base image. After a little investigation, I
>>> settled on this on this scheme.
>>>
>> I can see ;)
>>
>> This is of course crap.
>>
>> # Wait forever (or until canceled)
>> exec tail -f "/dev/null"
>>
>> The goal of the entrypoint.sh exec is that if it terminates the OC can
>> take proper action, eg restart the task. In your case clamd can crash and
>> no action will be taken, because the OC monitors a useless tail?????
>>
>>
>>
>> _______________________________________________
>>
>> clamav-users mailing list
>> clamav-users at lists.clamav.net
>> https://lists.clamav.net/mailman/listinfo/clamav-users
>>
>>
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>>
>> http://www.clamav.net/contact.html#ml
>>
>
--
Andrew C. Aitchison Kendal, UK
andrew at aitchison.me.uk
More information about the clamav-users
mailing list