Tilman Schmidt wrote:
> John Rudd schrieb:
>> (filed as bug 631, but it's nothing new: CL_SCAN_STDOPT still doesn't
>> include CL_SCAN_PHISHING_DOMAINLIST; that omission can cause crashing
>> and hanging on certain platforms ... the clamav team already knows about
>> this problem, and they even enable that option as a default in clamscan,
>> just not in the CL_SCAN_STDOPT defined value ... my suggestion is to not
>> upgrade until they release a version that fixes this problem)
>
> Browsing the source, I see that clamd also sets this by default, and
> would even emit a log message:
>
> "Phishing: Checking all URLs, regardless of domain (FP prone).\n"
>
> if overridden by the PhishingScanURLs option in clamd.conf.
>
> So am I correct in assuming that clamd isn't vulnerable as long as that
> warning message does not appear in the log, and that users of either
> clamd or clamscan can upgrade without fear?
>
Let me clarify.
My statement to not upgrade isn't mainly on the point of safety. My
statement is because the clamav team have known about this problem for a
while, and continue to do nothing about it. I'm saying "don't upgrade
until they fix this easy to fix, but very troublesome, issue".
Some specifics:
- the problem is in using libclamav, not in using clamd nor clamscan.
For example, if you're using the Mail::ClamAV perl module, you've got to
worry about this problem.
- the platform _I_ have experienced the problem with is solaris 10 x86,
but when I was figuring out the source of the crashing, it was pointed
out to me by someone else, and the inference was that this happens on
more than just my platform. Though, I can also state that I haven't
seen the problem on Mac OS X on PowerPC, where I use the exact same code
base.
- the problem would be trivial for them to fix, it's just a one line
change in clamav.h ... all that has to be done is a simple change to
include CL_SCAN_PHISHING_DOMAINLIST in the definition of CL_SCAN_STDOPT
- there's also the simple issue of "orthogonality" (as in "orthogonal
instruction set") in the feature set. The default behaviors should be
the same across the spectrum of interfaces to the clamav functionality.
- clamscan: the default behavior implies CL_SCAN_PHISHING_DOMAINLIST
- clamd: the default behavior implies CL_SCAN_PHISHING_DOMAINLIST
- libclamav: the default does NOT imply CL_SCAN_PHISHING_DOMAINLIST
Thus, the choices for accessing clamav's virus detection
functionality are NOT orthogonal. This is, IMO, a design flaw. And, as
I said, an easy to fix design flaw.
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
