Hi, The fact that using clamd over TCP has insecurities has come up before. If using clamd, it is recommended to use the local socket option rather than a TCP socket.
# The daemon can work in local mode, network mode or both. # Due to security reasons we recommend the local mode. Until it is fixed, only use TCP sockets on externally secured networks. Also check the TCPAddr clamd configuration statement: # TCP address. # By default we bind to INADDR_ANY, probably not wise. # Enable the following to provide some degree of protection # from the outside world. This option can be specified multiple # times if you want to listen on multiple IPs. IPv6 is now supported. # Default: no #TCPAddr 127.0.0.1 Steve On Thu, Sep 28, 2017 at 4:47 PM, Al Varnell <alvarn...@mac.com> wrote: > The URL was corrupted in the e-mail I received. See if this works: > <http://www.securityspace.com/smysecure/catid.html?id=1.3.6. > 1.4.1.25623.1.0.105762> > > And quoting the info found there: > > Test ID: 1.3.6.1.4.1.25623.1.0.105762 > > Category: General > > Title: ClamAV `Service Commands` Injection Vulnerability > > Summary: ClamAV 0.99.2, and possibly other previous versions, allow > the execution of clamav commands SCAN and SHUTDOWN without authentication. > > Description: Summary: > > ClamAV 0.99.2, and possibly other previous versions, allow the execution > of clamav commands SCAN and SHUTDOWN without authentication. > > > > CVSS Score: > > 5.0 > > > > CVSS Vector: > > AV:N/AC:L/Au:N/C:P/I:N/A:N > > > > Copyright Copyright (C) 2016 Greenbone Networks GmbH > > -Al- > _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
