Interesting, Some favorite ClamAV bugs from 2011 have been "rediscovered". :-)
Also, from a pen tester's view, the important point is that, this attack surface does exist. User-side network hardening issues & misunderstanding of clamd configuration options may be irrelevant. Specifically, "misunderstanding" configuration options have led to interesting & publicly undisclosed discoveries useful to pen testers. :-) -- Sincerely, Nathan Gibbs On 9/28/2017 17:45, Mickey Sola wrote: > That's because you've gotten to the heart of the matter. > > There's no real bug or code related vulnerability here; it's a user-side > network hardening issuing combined with a misunderstanding of clamd > configuration options that allows for this attack surface to exist. > > As Steve has already pointed out, sound network security practices make > this a non-issue. Among other things, we're looking into improving the > configuration experience in coming releases of Clam, but for now, there's > already a solution to this problem. > > - Mickey > > On Thu, Sep 28, 2017 at 5:23 PM, Reindl Harald <h.rei...@thelounge.net> > wrote: > >> >> >> Am 28.09.2017 um 23:02 schrieb Steven Morgan: >> >>> The fact that using clamd over TCP has insecurities has come up before. If >>> using clamd, it is recommended to use the local socket option rather than >>> a >>> TCP socket. >>> >>> # The daemon can work in local mode, network mode or both. >>> # Due to security reasons we recommend the local mode. >>> >>> Until it is fixed, only use TCP sockets on externally secured networks >>> >> >> sorry, but that is hardly related to whatever bug and can be said for any >> service in general >> >> _______________________________________________ >> clamav-users mailing list >> clamav-users@lists.clamav.net >> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users >> >> >> Help us build a comprehensive ClamAV guide: >> https://github.com/vrtadmin/clamav-faq >> >> http://www.clamav.net/contact.html#ml >> > _______________________________________________ > clamav-users mailing list > clamav-users@lists.clamav.net > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml > > . >
signature.asc
Description: OpenPGP digital signature
_______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
