Re: Begs a question: AV in Linux // Re: MDKSA-2006:016



personally after poking at the FSG and the UPX vulns, and some other
possible issues with decompression im poking at myself, i would not use
clamav right now. not enough care is taken when examining "packed"
executables.


that said, im sure i would feel the same way if i were able to look at
any of the non-linux antivirus solutions as well.



-phar


On Tue, 2006-01-17 at 13:45 -0600, Benson, Sean M wrote:
> Anti-Virus in Linux.
> Should I/you or shouldn't I/you and why?
>
> With this (ClamAV) being an anti-virus program, running on Linux,
> creating a possible exploit:
>
> Should you run an anti-virus on linux for non-work issues?
> (Just home Workstations, Laptops, etc.. not mail servers.)
>
> IMHO:
> I've heard the "Keep from passing windows virus' from NTuserA --- you
> --- NTuserB."
> But I don't think that's a good enough reason to eat up my cycles, plus
> I'm a huge fan of least apps/services running.
>
> I Don't buy the "Market Share targeting" jazz either. It's more a design
> issue based on least/most priviledge in my thinking.
>
> sbenson
>
>
>
>
>
>
>
>
> -----Original Message-----
> From: QATeam User [mailto:qateam@xxxxxxxxxxxxxxxxxxxx] On Behalf Of
> Mandriva Security Team
> Sent: Monday, January 16, 2006 6:24 PM
> To: bugtraq@xxxxxxxxxxxxxxxxx
> Subject: MDKSA-2006:016 - Updated clamav packages fix vulnerability
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> _______________________________________________________________________
>
> Mandriva Linux Security Advisory MDKSA-2006:016
> http://www.mandriva.com/security/
> _______________________________________________________________________
>
> Package : clamav
> Date : January 16, 2006
> Affected: 10.1, 10.2, 2006.0, Corporate 3.0
> _______________________________________________________________________
>
> Problem Description:
>
> A heap-based buffer overflow was discovered in ClamAV versions prior to
> 0.88 which allows remote attackers to cause a crash and possibly
> execute arbitrary code via specially crafted UPX files.
>
> This update provides ClamAV 0.88 which corrects this issue and also
> fixes some other bugs.
> _______________________________________________________________________
>
> References:
>
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0162
> _______________________________________________________________________
>
> Updated Packages:
>
> Mandriva Linux 10.1:
> a6f50f607308d688ae0acbb8a03be62f
> 10.1/RPMS/clamav-0.88-0.1.101mdk.i586.rpm
> 4a91d81f7ca2baa8392e9822493e9bad
> 10.1/RPMS/clamav-db-0.88-0.1.101mdk.i586.rpm
> f37f5611b73a0b39efc030a7380fd231
> 10.1/RPMS/clamav-milter-0.88-0.1.101mdk.i586.rpm
> 3a358f56b38d12dd2f406ad01e4d15d1
> 10.1/RPMS/clamd-0.88-0.1.101mdk.i586.rpm
> 1073d9acede45ae3712dde6016d93776
> 10.1/RPMS/libclamav1-0.88-0.1.101mdk.i586.rpm
> 3ed0c1a49b4a7aaf2438d2c65a14cf46
> 10.1/RPMS/libclamav1-devel-0.88-0.1.101mdk.i586.rpm
> 70ca1d9a3498e82d89d1d8a5ef7386f6
> 10.1/SRPMS/clamav-0.88-0.1.101mdk.src.rpm
>
> Mandriva Linux 10.1/X86_64:
> da3e4a1571a2e98591c6324a06d5dbc1
> x86_64/10.1/RPMS/clamav-0.88-0.1.101mdk.x86_64.rpm
> 1d3a2630d32b08fbb72ccf5543d9ab93
> x86_64/10.1/RPMS/clamav-db-0.88-0.1.101mdk.x86_64.rpm
> 0bb23a740d77e519f79336dd94624995
> x86_64/10.1/RPMS/clamav-milter-0.88-0.1.101mdk.x86_64.rpm
> fcb790c235e892f2bcb3e40073de37dc
> x86_64/10.1/RPMS/clamd-0.88-0.1.101mdk.x86_64.rpm
> 5fbe68962ebdb338f7f2dd642af2e2c5
> x86_64/10.1/RPMS/lib64clamav1-0.88-0.1.101mdk.x86_64.rpm
> 588f38077ecc9334d87bc32d55d19693
> x86_64/10.1/RPMS/lib64clamav1-devel-0.88-0.1.101mdk.x86_64.rpm
> 70ca1d9a3498e82d89d1d8a5ef7386f6
> x86_64/10.1/SRPMS/clamav-0.88-0.1.101mdk.src.rpm
>
> Mandriva Linux 10.2:
> d2cf2ff410e827248183514a3d28bbee
> 10.2/RPMS/clamav-0.88-0.1.102mdk.i586.rpm
> c6dc409a0ca4464c89fea392773afc2a
> 10.2/RPMS/clamav-db-0.88-0.1.102mdk.i586.rpm
> c3f0b3ca067b4ed9cef80a9a3235b584
> 10.2/RPMS/clamav-milter-0.88-0.1.102mdk.i586.rpm
> 1c8c9376e21ae2ffe69d2a932a84b1d6
> 10.2/RPMS/clamd-0.88-0.1.102mdk.i586.rpm
> 513f0a8e2f11b87c8aa53bcb73c442af
> 10.2/RPMS/libclamav1-0.88-0.1.102mdk.i586.rpm
> 0add915e8292b4103a1a70a8024a9c14
> 10.2/RPMS/libclamav1-devel-0.88-0.1.102mdk.i586.rpm
> e7b233b0e93148483eaddc13fb2c08ca
> 10.2/SRPMS/clamav-0.88-0.1.102mdk.src.rpm
>
> Mandriva Linux 10.2/X86_64:
> 95f3d51d9161e8ce768d539fb09bf61e
> x86_64/10.2/RPMS/clamav-0.88-0.1.102mdk.x86_64.rpm
> 32d954251997dfe4c6a90b47c1afc043
> x86_64/10.2/RPMS/clamav-db-0.88-0.1.102mdk.x86_64.rpm
> d65805c70d7610d8c8c4398e061263a2
> x86_64/10.2/RPMS/clamav-milter-0.88-0.1.102mdk.x86_64.rpm
> 435700e77ca28dc666e192e7478f7d2e
> x86_64/10.2/RPMS/clamd-0.88-0.1.102mdk.x86_64.rpm
> 511343643497d4b9766b57fe8f04273e
> x86_64/10.2/RPMS/lib64clamav1-0.88-0.1.102mdk.x86_64.rpm
> d0eed7f044d7e8a7f4db533af5fe9ad9
> x86_64/10.2/RPMS/lib64clamav1-devel-0.88-0.1.102mdk.x86_64.rpm
> e7b233b0e93148483eaddc13fb2c08ca
> x86_64/10.2/SRPMS/clamav-0.88-0.1.102mdk.src.rpm
>
> Mandriva Linux 2006.0:
> 56058f4cd26122cea69427cc67865c87
> 2006.0/RPMS/clamav-0.88-0.1.20060mdk.i586.rpm
> fc2da08ef403505d405c27ecf7e70906
> 2006.0/RPMS/clamav-db-0.88-0.1.20060mdk.i586.rpm
> bc9b7175371d7e79dd24eb4eae959963
> 2006.0/RPMS/clamav-milter-0.88-0.1.20060mdk.i586.rpm
> 33c61bd443c38a580d0951cce4fd0fc4
> 2006.0/RPMS/clamd-0.88-0.1.20060mdk.i586.rpm
> 52ac84d0d82955075917b5d1746f3c89
> 2006.0/RPMS/libclamav1-0.88-0.1.20060mdk.i586.rpm
> 17b683eff95867f061c337a5a5ddfc98
> 2006.0/RPMS/libclamav1-devel-0.88-0.1.20060mdk.i586.rpm
> 6b9450ddd32e67b51b6210c881c4ee57
> 2006.0/SRPMS/clamav-0.88-0.1.20060mdk.src.rpm
>
> Mandriva Linux 2006.0/X86_64:
> 9f8c4d9df419f07e9b77805cc44def6d
> x86_64/2006.0/RPMS/clamav-0.88-0.1.20060mdk.x86_64.rpm
> 052b2bce512f66ae755ca5c546e617e2
> x86_64/2006.0/RPMS/clamav-db-0.88-0.1.20060mdk.x86_64.rpm
> 7baabc483eb84d4aa57d4eab4780e0d6
> x86_64/2006.0/RPMS/clamav-milter-0.88-0.1.20060mdk.x86_64.rpm
> 7dedeeafe3bb5d61787d8d580cf47a10
> x86_64/2006.0/RPMS/clamd-0.88-0.1.20060mdk.x86_64.rpm
> ab4d8c33215c6937e78d817b24a411e7
> x86_64/2006.0/RPMS/lib64clamav1-0.88-0.1.20060mdk.x86_64.rpm
> dcd8465544b9e49d81788220d166c128
> x86_64/2006.0/RPMS/lib64clamav1-devel-0.88-0.1.20060mdk.x86_64.rpm
> 6b9450ddd32e67b51b6210c881c4ee57
> x86_64/2006.0/SRPMS/clamav-0.88-0.1.20060mdk.src.rpm
>
> Corporate 3.0:
> 83adb159a2d4529422cc13d5946ba755
> corporate/3.0/RPMS/clamav-0.88-0.1.C30mdk.i586.rpm
> cc58276368f5eb263516a55376cb1d4d
> corporate/3.0/RPMS/clamav-db-0.88-0.1.C30mdk.i586.rpm
> ebda4c6c4e070ae0b02327f64ce5f8c1
> corporate/3.0/RPMS/clamav-milter-0.88-0.1.C30mdk.i586.rpm
> 2343c8e3cb71f9c1f94a04ea153df0b0
> corporate/3.0/RPMS/clamd-0.88-0.1.C30mdk.i586.rpm
> 9b9516676a908e9706070f924d127241
> corporate/3.0/RPMS/libclamav1-0.88-0.1.C30mdk.i586.rpm
> 66c4f79955843bb0dab60021eeda4b89
> corporate/3.0/RPMS/libclamav1-devel-0.88-0.1.C30mdk.i586.rpm
> e670f8e1032dd9cbf38479f5bc695730
> corporate/3.0/SRPMS/clamav-0.88-0.1.C30mdk.src.rpm
>
> Corporate 3.0/X86_64:
> cb622db3837b0019ee05fab5b93b3a73
> x86_64/corporate/3.0/RPMS/clamav-0.88-0.1.C30mdk.x86_64.rpm
> e35b47f2bb233a6a63da9111f33d34b1
> x86_64/corporate/3.0/RPMS/clamav-db-0.88-0.1.C30mdk.x86_64.rpm
> 0bd8f3b55cdf12eb23e1450a116f42d1
> x86_64/corporate/3.0/RPMS/clamav-milter-0.88-0.1.C30mdk.x86_64.rpm
> c03051f1e521db11b0604ed123caaa24
> x86_64/corporate/3.0/RPMS/clamd-0.88-0.1.C30mdk.x86_64.rpm
> d9ad3e9cf881de0185cf58ae80c89391
> x86_64/corporate/3.0/RPMS/lib64clamav1-0.88-0.1.C30mdk.x86_64.rpm
> 0148db41a8e5724cd229ea866b7037ad
> x86_64/corporate/3.0/RPMS/lib64clamav1-devel-0.88-0.1.C30mdk.x86_64.rpm
> e670f8e1032dd9cbf38479f5bc695730
> x86_64/corporate/3.0/SRPMS/clamav-0.88-0.1.C30mdk.src.rpm
> _______________________________________________________________________
>
> To upgrade automatically use MandrivaUpdate or urpmi. The verification
> of md5 checksums and GPG signatures is performed automatically for you.
>
> All packages are signed by Mandriva for security. You can obtain the
> GPG public key of the Mandriva Security Team by executing:
>
> gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
>
> You can view other update advisories for Mandriva Linux at:
>
> http://www.mandriva.com/security/advisories
>
> If you want to report vulnerabilities, please contact
>
> security_(at)_mandriva.com
> _______________________________________________________________________
>
> Type Bits/KeyID Date User ID
> pub 1024D/22458A98 2000-07-10 Mandriva Security Team
> <security*mandriva.com>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.4 (GNU/Linux)
>
> iD8DBQFDzAsDmqjQ0CJFipgRAn+hAKC+LqIePeyGT996WlgEHRz08tKDmgCeLkl9
> fRY6yzxeFm2/EAO5B9Q3/to=
> =F+a3
> -----END PGP SIGNATURE-----



Relevant Pages

  • [Full-disclosure] [ MDVSA-2008:189-1 ] clamav
    ... Package: clamav ... Multiple vulnerabilities were discovered in ClamAV and corrected with ... Updated Packages: ... Mandriva Linux 2007.1/X86_64: ...
    (Full-Disclosure)
  • [ MDVSA-2008:189-1 ] clamav
    ... Package: clamav ... Multiple vulnerabilities were discovered in ClamAV and corrected with ... Updated Packages: ... Mandriva Linux 2007.1/X86_64: ...
    (Bugtraq)
  • [Full-disclosure] [ MDVSA-2009:097 ] clamav
    ... Multiple vulnerabilities has been found and corrected in clamav: ... libclamav/pe.c in ClamAV before 0.95 allows remote attackers to cause ... Mandriva Linux 2008.1/X86_64: ...
    (Full-Disclosure)
  • [Full-disclosure] [ MDVSA-2009:097 ] clamav
    ... Multiple vulnerabilities has been found and corrected in clamav: ... libclamav/pe.c in ClamAV before 0.95 allows remote attackers to cause ... Mandriva Linux 2008.1/X86_64: ...
    (Full-Disclosure)
  • [ MDVSA-2009:097 ] clamav
    ... Multiple vulnerabilities has been found and corrected in clamav: ... libclamav/pe.c in ClamAV before 0.95 allows remote attackers to cause ... Mandriva Linux 2008.1/X86_64: ...
    (Bugtraq)