oss-sec mailing list archives

Re: ClamAV small issues

From: Eren Türkay <eren () pardus org tr>
Date: Fri, 9 Apr 2010 12:22:24 +0300

On Friday 09 April 2010 11:30:19 am Ludwig Nussel wrote:

Do such issues really need to be flagged as vulnerabilities? A virus
scanner cannot detect all possible malware in any possible container
anyways. So it's kind of natural that new releases enhance the
methods to find even more hiding places.


I guess many people who deploy e-mail service with linux use ClamAV to scan 
the attachments. Accordingly to ClamAV bug #1771 (CVE-2010-1311), it is 
possible to crash the daemon with crafted file, which is not the intended 
behavior.

I think these can be flagged as vulnerabilities. However, I am not sure if 
these are critical issues. Accordingly to secunia, these are highly-critical. 
Is there a standard way to classify the vulnerabilities? Do anyone know how 
Secunia classifies vulnerabilities?

Regards,

-- 
Eren

Current thread:

ClamAV small issues Jamie Strandboge (Apr 06)
- Re: ClamAV small issues Josh Bressers (Apr 07)
  - Re: ClamAV small issues Kurt Seifried (Apr 07)
    - Re: ClamAV small issues Ludwig Nussel (Apr 09)
    - Re: ClamAV small issues Eren Türkay (Apr 09)
    - Re: ClamAV small issues Eren Türkay (Apr 09)
    - Re: ClamAV small issues Ludwig Nussel (Apr 09)