On Sep 6, 2011, at 10:17 AM, Nathan Gibbs wrote: > On 9/6/2011 6:43 AM, Joel Esler wrote: >> On Sep 5, 2011, at 9:04 PM, Nathan Gibbs wrote: >>> On 9/5/2011 7:21 PM, Joel Esler wrote: >>>> I would love anything interesting regarding hacking a network instance of >>>> ClamAV! >>>> >>>> >>>> -- >>>> Joel Esler >>>> Sourcefire >>>> OpenSource Community Manager: Snort, ClamAV, Daemonlogger, and Razorback >>>> >>>> >>>> >>>> ;) >>>> >>> LOL >>> Joel, you already know what my ideas are. >>> >>> >>> We will get there, but lets let some people smarter than me, you >>> included, weigh in. >> >> Actually, I don't. Did I miss a thread? >> >> > OK, I thought you had read what I put on the clamav-users list and / or > the Clamav Bugzilla and were just messing with me.
Well, I was. ;) > There is bug 2727 which I found in April. > Although it seems to be a local issue, depending on the update system > being used, it could be remotely triggered. Okay yeah, I've seen that. > > Then there is the network access control issue. > In July we released a simple tool called Clambake. > A tool for enumerating, stress testing, and/or shutting down instances > of the Clam Antivirus service on a network. > http://www.cmpublishers.com/oss/#clambake Yup, saw that too, didn't know if you had something new or were talking about this... or.. yeah. > I am more interested in what others here think than about promoting our > "super cool leet haxor tool". Seriously, its neither super, cool, leet > , or haxor. Although it was fun to build and trash our Clamav > infrastructure with.. I'd be really interested in any such progress on it. That's the great part about OSS, the "many eyes" approach. It can be a pain sometimes, but it's a great approach to finding problems. On the other hand, you create a lot of work for me ;) (totally kidding, well, not really, but yeah) Joel _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
