TITLE: Clam AntiVirus RFC2397 Bypass Weakness SECUNIA ADVISORY ID: SA13900 VERIFY ADVISORY: http://secunia.com/advisories/13900/ CRITICAL: Not critical IMPACT: Security Bypass WHERE: >From remote SOFTWARE: Clam AntiVirus (clamav) 0.x http://secunia.com/product/2538/ DESCRIPTION: The vendor has acknowledged a weakness in Clam AntiVirus, which allows malware to bypass detection. For more information: SA13792 This has been reported to affect Clam AntiVirus. Other versions may also be affected. SOLUTION: This has been fixed in CVS. Do not rely solely on gateway / perimeter security. Apply patches to fix vulnerabilities in client software and apply other defence in depth measures. PROVIDED AND/OR DISCOVERED BY: Reported by vendor. OTHER REFERENCES: SA13792: http://secunia.com/advisories/13792/
net-mail, antivirus please advise.
A new clamav version should be released with the fix, so better wait.
0.81 released
Ebuild for 0.81 in CVS.
Arches please test and mark stable.
Stable on x86. Added dependency on fixed zlib version (bug #61749), as suggested by jaervosz.
Ticho: you lack a DEPEND for USE="milter", so if sendmail isn't around it won't compile because libmilter is missing (dunno if there's another provider for it). Anyway, sparc stable, since it's just a minor compile fix.
Yes, I noticed it earlier today when I tried to compile with +milter. I decided to leave it be for now, because I couldn't think of a way to check for sendmail installed with milter flag. This will probably be best solved by issuing an einfo/ewarn message in pkg_setup().
stable on amd64
Stable on ppc.
Stable on alpha.
ia64 should test and mark stable too.
GLSA 200501-46 hppa and ia64 please remember to mark stable to benifit from the GLSA.
ebuild no longer in portage.
