Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 78656

Summary: app-antivirus/clamav: RFC2397 Bypass Weakness
Product: Gentoo Security Reporter: Luke Macken (RETIRED) <lewk>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: antivirus, net-mail+disabled
Priority: High    
Version: unspecified   
Hardware: All   
OS: All   
Whiteboard: B3 [glsa] jaervosz
Package list:
Runtime testing required: ---

Description Luke Macken (RETIRED) gentoo-dev 2005-01-19 05:14:23 UTC
TITLE:
Clam AntiVirus RFC2397 Bypass Weakness

SECUNIA ADVISORY ID:
SA13900

VERIFY ADVISORY:
http://secunia.com/advisories/13900/

CRITICAL:
Not critical

IMPACT:
Security Bypass

WHERE:
>From remote

SOFTWARE:
Clam AntiVirus (clamav) 0.x
http://secunia.com/product/2538/

DESCRIPTION:
The vendor has acknowledged a weakness in Clam AntiVirus, which
allows malware to bypass detection.

For more information:
SA13792

This has been reported to affect Clam AntiVirus. Other versions may
also be affected.

SOLUTION:
This has been fixed in CVS.

Do not rely solely on gateway / perimeter security.

Apply patches to fix vulnerabilities in client software and apply
other defence in depth measures.

PROVIDED AND/OR DISCOVERED BY:
Reported by vendor.

OTHER REFERENCES:
SA13792:
http://secunia.com/advisories/13792/
Comment 1 Sune Kloppenborg Jeppesen gentoo-dev 2005-01-19 10:43:43 UTC
net-mail, antivirus please advise.
Comment 2 Thierry Carrez (RETIRED) gentoo-dev 2005-01-23 04:37:24 UTC
A new clamav version should be released with the fix, so better wait.
Comment 3 Sune Kloppenborg Jeppesen gentoo-dev 2005-01-27 00:05:10 UTC
0.81 released
Comment 4 Andrej Kacian (RETIRED) gentoo-dev 2005-01-27 00:40:20 UTC
Ebuild for 0.81 in CVS.
Comment 5 Sune Kloppenborg Jeppesen gentoo-dev 2005-01-27 01:03:54 UTC
Arches please test and mark stable.
Comment 6 Andrej Kacian (RETIRED) gentoo-dev 2005-01-27 02:21:46 UTC
Stable on x86. Added dependency on fixed zlib version (bug #61749), as suggested by jaervosz.
Comment 7 Gustavo Zacarias (RETIRED) gentoo-dev 2005-01-27 05:15:07 UTC
Ticho: you lack a DEPEND for USE="milter", so if sendmail isn't around it won't compile because libmilter is missing (dunno if there's another provider for it).
Anyway, sparc stable, since it's just a minor compile fix.
Comment 8 Andrej Kacian (RETIRED) gentoo-dev 2005-01-27 08:35:05 UTC
Yes, I noticed it earlier today when I tried to compile with +milter. I decided to leave it be for now, because I couldn't think of a way to check for sendmail installed with milter flag. This will probably be best solved by issuing an einfo/ewarn message in pkg_setup().
Comment 9 Jan Brinkmann (RETIRED) gentoo-dev 2005-01-28 13:11:40 UTC
stable on amd64
Comment 10 Michael Hanselmann (hansmi) (RETIRED) gentoo-dev 2005-01-28 13:22:32 UTC
Stable on ppc.
Comment 11 Bryan Østergaard (RETIRED) gentoo-dev 2005-01-30 12:01:51 UTC
Stable on alpha.
Comment 12 Thierry Carrez (RETIRED) gentoo-dev 2005-01-31 01:07:20 UTC
ia64 should test and mark stable too.
Comment 13 Sune Kloppenborg Jeppesen gentoo-dev 2005-01-31 11:55:24 UTC
GLSA 200501-46

hppa and ia64 please remember to mark stable to benifit from the GLSA.
Comment 14 René Nussbaumer (RETIRED) gentoo-dev 2005-06-26 05:44:47 UTC
ebuild no longer in portage.