PaulDotCom mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Clamav hacking

From: Nathan Gibbs <nathan () cmpublishers com>
Date: Tue, 06 Sep 2011 10:17:42 -0400
On 9/6/2011 6:43 AM, Joel Esler wrote:

On Sep 5, 2011, at 9:04 PM, Nathan Gibbs wrote:

On 9/5/2011 7:21 PM, Joel Esler wrote:

I would love anything interesting regarding hacking a network instance of ClamAV!


--
Joel Esler
Sourcefire
OpenSource Community Manager:  Snort, ClamAV, Daemonlogger, and Razorback



;)


LOL
Joel, you already know what my ideas are.


We will get there, but lets let some people smarter than me, you
included, weigh in.


Actually, I don't.  Did I miss a thread?



OK, I thought you had read what I put on the clamav-users list and / or
the Clamav Bugzilla and were just messing with me.
:-)

There is bug 2727 which I found in April.
Although it seems to be a local issue, depending on the update system
being used, it could be remotely triggered.

Then there is the network access control issue.
In July we released a simple tool called Clambake.
A tool for enumerating, stress testing, and/or shutting down instances
of the Clam Antivirus service on a network.
http://www.cmpublishers.com/oss/#clambake

Check out this thread to see more of my thoughts on this issue.
Clamav-users thread
"Clamd network access control"
Started 7-22-2011

I am more interested in what others here think than about promoting our
"super cool leet haxor tool".  Seriously, its neither super, cool, leet
, or haxor.  Although it was fun to build and trash our Clamav
infrastructure with..
:-)

I'm not much of a security researcher or coder, but if I can find these
issues, than there must be other issues that are far worse.

What do those smarter than myself think?

-- 
Sincerely,

Nathan Gibbs

Systems Administrator
Christ Media
http://www.cmpublishers.com

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
Previous By Date Next
Previous By Thread Next

Current thread: