The actual pr is https://github.com/Cisco-Talos/clamav/pull/1417 which
is a significant big change so won't be backported
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2106024
Title:
Backport fix fo
L4126-L4129 of libclamav/scanners.c:
```
if (CL_SUCCESS != fmap_get_MD5(ctx->fmap, &hash)) {
cli_dbgmsg("cli_magic_scan: Failed to get a hash for the current
fmap.\n");
goto done;
}
```
seems like hard-coded into the scanner, so workaround:
1. (haven't backported and tried
Tried the command line way to bypass the md5:
1. Install clamav on pristine jammy: `sudo apt update && sudo apt upgrade &&
sudo apt sintall clamav`
2. `clamscan -r /tmp` no error
3. Enable fips-updates channel via pro and reboot
4. `systemctl status clamav-freshclam.service`
```bash
May 26 10:25
Might be needed in the FIPS ppa if that is the resolution, Renan added
the right team in comment #4 but I saw no reaction yet. I'll ping them
once more.
** Tags removed: server-triage-discuss
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ub
@renanrodrigo The FedRAMP requirements call for some sort of malicious
code protection mechanism, but leaves the choice of technology open to
the implementer. There are plenty of well-regarded commercially
supported solutions that exist - providing a cybersecurity protection
solution is not one of
My organization has gone the route of installing clamav via source
instead of apt to work around this issue, so backporting 1.5.0 to 22.04
wouldn't be of particular interest to me. Thanks for all of the
discussion / consideration here!
--
You received this bug notification because you are a membe
Per comments #1 and #2 this ask seems to be infeasible/invasive for
either backport (as requested) or SRU, so I'm dropping the server-todo
tag. However, while waiting for @cert's input, I'll add to the triage
discussion list for us to take another consideration before leaving it
to the backlog.
M
** Tags removed: server-todo
** Tags added: server-triage-discuss
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2106024
Title:
Backport fix for Ubuntu 22.04 FIPS-enabled environments
To manage noti
Both FIPS and clamav are needed to comply with FedRAMP.
clamav is needed to comply with FedRAMP SI-3 Malicious Code Protection
(L)(M)(H)
FIPS is needed to comply with FedRAMP SC-13 Cryptographic Protection
(L)(M)(H)
--
You received this bug notification because you are a member of Ubuntu
Bugs,
> This bug creates a significant problem for Canonical's paying
customers who need FIPS.
That's an important claim. I have subscribed canonical-security-
certification, so the team can weigh in. @certs how do you see this
issue? Do you see this as a feasible backport?
> If someone is required to
If someone is required to use FIPS then they most likely also need to
use clamav.
This bug creates a significant problem for Canonical's paying customers who
need FIPS.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.la
This backport is indeed unlikely to happen, as it sounds like a big
change in the code, and the risk of introducing regressions to stable
releases is high.
We don't even have 1.5.0 in ubuntu plucky, due to be released next week.
It's in the development release that this effort has to start, and th
Did a little dive:
1. the PR has 2 commits doing different things (one formatting, one the change)
2. the change commit has a bunch of cleanup (i see multiple log string fixes)
3. there's a mix of a couple pieces of functionality
a. there's a new setup around certificate directories
b. more
** Tags added: server-todo
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2106024
Title:
Backport fix for Ubuntu 22.04 FIPS-enabled environments
To manage notifications about this bug go to:
https:/
14 matches
Mail list logo
