Re: [clamav-users] ClamWin Portable DLL Hijack
On Thu, March 9, 2017 11:03 am, Groach wrote: > So what are we saying? > > Clamwin people need to be made aware of this? Or ARE aware of this and > complicit? ClamWin should be aware of this by now... let's hope they make a statement of what (if any the issues are) and what versions. For example, here's how notepad++ handled the issue: https://notepad-plus-plus.org/news/notepad-7.3.3-fix-cia-hacking-issue.html -- Cheers, Steve Twitter: @sanesecurity ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] ClamWin Portable DLL Hijack
On Thu, March 9, 2017 11:09 am, Al Varnell wrote: > Or is it based on older versions, like most of the items contained in > those documents? I suspect that the ClamWin developers are the only ones > that can tell us what has been or will be done about it. Exactly, it could just be old version... but a ClamWin statement would be nice... -- Cheers, Steve Twitter: @sanesecurity ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] ClamWin Portable DLL Hijack
Or is it based on older versions, like most of the items contained in those documents? I suspect that the ClamWin developers are the only ones that can tell us what has been or will be done about it. -Al- On Thu, Mar 09, 2017 at 03:03 AM, Groach wrote: > > So what are we saying? > > Clamwin people need to be made aware of this? Or ARE aware of this and > complicit? Or people are just paranoid and its nothing more than bad > implementation/software but otherwise causes no problems? Or simpy dont > care? (I hope its not the last 2 because they simply dont put effort into > the ports and indeed only do so if there is a noticeable benefit in > functionality). > > On 09/03/2017 08:45, Steve Basford wrote: >> Just for those who hasn't spotted ClamWin in the leak: >> >> https://wikileaks.org/ciav7p1/cms/page_27262995.html >> >> Clam Portable >> http://portableapps.com/apps/security/clamwin_portable >> >> ClamWin: >> http://www.clamwin.com/ smime.p7s Description: S/MIME cryptographic signature ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] ClamWin Portable DLL Hijack
So what are we saying? Clamwin people need to be made aware of this? Or ARE aware of this and complicit? Or people are just paranoid and its nothing more than bad implementation/software but otherwise causes no problems? Or simpy dont care? (I hope its not the last 2 because they simply dont put effort into the ports and indeed only do so if there is a noticeable benefit in functionality). On 09/03/2017 08:45, Steve Basford wrote: Just for those who hasn't spotted ClamWin in the leak: https://wikileaks.org/ciav7p1/cms/page_27262995.html Clam Portable http://portableapps.com/apps/security/clamwin_portable ClamWin: http://www.clamwin.com/ ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
