Regarding the zip bomb vulnerability/fix, we don’t have a CVE assigned – yet. Will have one soon.
Regards, Micah From: clamav-users <clamav-users-boun...@lists.clamav.net> on behalf of "Fajar A. Nugraha via clamav-users" <clamav-users@lists.clamav.net> Reply-To: ClamAV users ML <clamav-users@lists.clamav.net> Date: Tuesday, August 6, 2019 at 5:48 AM To: ClamAV users ML <clamav-users@lists.clamav.net> Cc: "Fajar A. Nugraha" <l...@fajar.net> Subject: Re: [clamav-users] Vulnerability Reporting? OP is probably looking for http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=clamav ... and something equivalent of xen-announce (the 'security advisories' part) from https://xenproject.org/help/mailing-list/ (which doesn't exist for clamav?) -- Fajar On Tue, Aug 6, 2019 at 4:42 PM Al Varnell via clamav-users <clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>> wrote: I'm also confused by what you mean by "firmware engine" and "compliance"? ClamAV doesn't reside in firmware, so are you referring to firmware vulnerabilities that impact ClamAV performance? If there are any, I have not heard about them. Is there a particular platform that you are referring to? And with regard to compliance, is there some anti-malware standard that I'm unaware of that needs to be complied with? Sent from my iPad -Al- On Aug 6, 2019, at 02:08, Henrik Hoeg Thomsen1 via clamav-users <clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>> wrote: Does CLAMAV have a forum where Vulnerabillity findings in the firmware engine can be tracked for Compliance. ? And where fixes and recomendations can be found.
_______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
