oss-sec mailing list archives

Re: ClamAV small issues

From: Ludwig Nussel <ludwig.nussel () suse de>
Date: Fri, 9 Apr 2010 11:50:50 +0200

Eren Türkay wrote:

On Friday 09 April 2010 11:30:19 am Ludwig Nussel wrote:

Do such issues really need to be flagged as vulnerabilities? A virus
scanner cannot detect all possible malware in any possible container
anyways. So it's kind of natural that new releases enhance the
methods to find even more hiding places.


I guess many people who deploy e-mail service with linux use ClamAV to scan 
the attachments. Accordingly to ClamAV bug #1771 (CVE-2010-1311), it is 
possible to crash the daemon with crafted file, which is not the intended 
behavior.


Sure. That's a different issue though. I was referring to CVE-2010-0098.

cu
Ludwig

-- 
 (o_   Ludwig Nussel
 //\   
 V_/_  http://www.suse.de/
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)

Current thread:

ClamAV small issues Jamie Strandboge (Apr 06)
- Re: ClamAV small issues Josh Bressers (Apr 07)
  - Re: ClamAV small issues Kurt Seifried (Apr 07)
    - Re: ClamAV small issues Ludwig Nussel (Apr 09)
    - Re: ClamAV small issues Eren Türkay (Apr 09)
    - Re: ClamAV small issues Eren Türkay (Apr 09)
    - Re: ClamAV small issues Ludwig Nussel (Apr 09)