oss-sec mailing list archives
Re: ClamAV small issues
From: Eren Türkay <eren () pardus org tr>
Date: Fri, 9 Apr 2010 12:22:24 +0300
On Friday 09 April 2010 11:30:19 am Ludwig Nussel wrote:
Do such issues really need to be flagged as vulnerabilities? A virus scanner cannot detect all possible malware in any possible container anyways. So it's kind of natural that new releases enhance the methods to find even more hiding places.
I guess many people who deploy e-mail service with linux use ClamAV to scan the attachments. Accordingly to ClamAV bug #1771 (CVE-2010-1311), it is possible to crash the daemon with crafted file, which is not the intended behavior. I think these can be flagged as vulnerabilities. However, I am not sure if these are critical issues. Accordingly to secunia, these are highly-critical. Is there a standard way to classify the vulnerabilities? Do anyone know how Secunia classifies vulnerabilities? Regards, -- Eren
Current thread:
- ClamAV small issues Jamie Strandboge (Apr 06)
- Re: ClamAV small issues Josh Bressers (Apr 07)
- Re: ClamAV small issues Kurt Seifried (Apr 07)
- Re: ClamAV small issues Ludwig Nussel (Apr 09)
- Re: ClamAV small issues Eren Türkay (Apr 09)
- Re: ClamAV small issues Eren Türkay (Apr 09)
- Re: ClamAV small issues Ludwig Nussel (Apr 09)
- Re: ClamAV small issues Kurt Seifried (Apr 07)
- Re: ClamAV small issues Josh Bressers (Apr 07)