G.W. Haywood schrieb:
On Wed, 2 Jan 2008 Joseph L. Casale wrote:
Reading the docs, root needs to start clamd for the service to drop
to a non privileged user, so why can't root start clamd in my
config?
Root can do anything. :)
Not on CentOS it can't. CentOS has SELinux enabled by
Not on CentOS it can't. CentOS has SELinux enabled by default.
HTH
T.
Yup, that was the ticket. Looking on rpmforge's mailing list there was an issue
raised about the package not setting up selinux correctly, and had a fix that
involved integration with amavisd. I don't have amavisd, so I
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 01/02/2008 07:23 AM, Joseph L. Casale wrote:
Not on CentOS it can't. CentOS has SELinux enabled by default.
HTH
T.
Yup, that was the ticket. Looking on rpmforge's mailing list there was an
issue raised about the package not setting up
Noel Jones [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED]
Jeremy Fairbrass wrote:
Hi all,
Is it possible to disable a specific virus name so that ClamAV won't detect
it anymore? For example by creating some sort of
special
whitelist database file (in the same location as my .db
I have a strange situation which I can't explain.
I have an Internet-facing front-end server using exim with ClamAV. I also have
the Sanesecurity signatures installed. Delivery is achieved by relaying to an
Exchange server which is behind the firewall.
Some users have re-direction set up so
On Wed, 02 Jan 2008 00:42:52 +0100
Sarocet [EMAIL PROTECTED] wrote:
Ed Kasky wrote:
At 06:07 AM Monday, 12/31/2007, you wrote -=
Chris wrote:
Saw this link at SANS today, anything to it?
http://seclists.org/fulldisclosure/2007/Dec/0625.html
Or is this a rehash of
There is an article on eWeek.com today concerning instability in AV
software due to the impossibility of adequately testing updates when
releasing them as quickly as they are needed
(www.eweek.com/article2/0,1895,2240656,00.asp?kc=EWKNLINF010208STR3).
As I understand it, ClamAV is perhaps unusual
ClamAV's strong point for me, has always been the ability to turn off
just about anything causing an issue. I haven't seen this kind of fine
detail ability in any AV product (commercial or free) that can match
ClamAV for flexibility.
In theory, anything can mess up an AV package. ClamAV had a
On Sun, 30 Dec 2007 21:49:11 -0600
Chris [EMAIL PROTECTED] wrote:
Saw this link at SANS today, anything to it?
http://seclists.org/fulldisclosure/2007/Dec/0625.html
Or is this a rehash of something already known about?
A few comments on the advisory:
1) ClamAV uses own functions to
On Wed, 02 Jan 2008 13:18:47 -0600
Michael Brown [EMAIL PROTECTED] wrote:
In theory, anything can mess up an AV package. ClamAV had a issue a
while back with bad updates that would crash ClamAV daemon, so yes I
guess technically that could be counted as an instability, even if it
really
Hi,
I notice that Clam 0.92 has dropped support for Sensory Networks'
hardware scanner, yet this is not mentioned in the release notes.
Is there a reason for omitting this from the release notes?
Regards,
David.
___
Help us build a comprehensive
Hello everyone,
1) ClamAV uses own functions to create temporary files. One such routine is
vulnerable to a race condition attack.
The analysis is incorrect. The author mistakenly assumed that name_salt is
fixed and this is not true. After each call to cli_gentemp() name_salt gets
updated
On Wed, 2 Jan 2008 22:08:45 +0100
Roflek of TK53 [EMAIL PROTECTED] wrote:
Simply generating very long filenames doesn't protect you from race
conditions and symlink attacks. Well, from a practical, naive point of
view that only considers what is easy to observe, it is. But since
security is a
Dear Rofl and Lol as in Lek,
since you didn't bother to contact us before posting full
disclosure we didn't have a chance for a technical discussion.
I don't negate your points about O_EXCL etc. I don't negate
the thesis in the subject either :-) What I really negate is
the FUD you're
Steve Holdoway wrote:
IME patches always get mangled if included in an email, tabs to spaces, etc.
Putting it in an attachment keeps the internal formatting and usually works.
Just my $0.02,
Steve
It was sent as attach. But inline in Ed Kasky reply. Some e-mail clients
will show next
On Jan 2, 2008 11:31 PM, Tomasz Kojm [EMAIL PROTECTED] wrote:
I don't negate your points about O_EXCL etc. I don't negate the thesis in
the subject either :-) What I really negate is the FUD you're making with your
disclosures, some technical details, and the general pointless of making
a
Am 03.01.2008 um 00:22 schrieb Roflek of TK53:
On Jan 2, 2008 11:31 PM, Tomasz Kojm [EMAIL PROTECTED] wrote:
I don't negate your points about O_EXCL etc. I don't negate the
thesis in
the subject either :-) What I really negate is the FUD you're
making with your
disclosures, some
Phil Chambers wrote:
I have a strange situation which I can't explain.
I have an Internet-facing front-end server using exim with ClamAV. I also
have
the Sanesecurity signatures installed. Delivery is achieved by relaying to an
Exchange server which is behind the firewall.
Some users
On Jan 3, 2008 12:48 AM, Christoph Cordes [EMAIL PROTECTED] wrote:
Let's leave the technical part out, since this is not a technical
issue as it seems. Tomasz did not deny anything, he just said that
this are minor issues. I fully understand that your ego gets pushed
by seeing your nick in a
Am 03.01.2008 um 01:20 schrieb Roflek of TK53:
On Jan 3, 2008 12:48 AM, Christoph Cordes [EMAIL PROTECTED] wrote:
Let's leave the technical part out, since this is not a technical
issue as it seems. Tomasz did not deny anything, he just said that
this are minor issues. I fully understand
David F. Skoll wrote:
I think we all need to calm down.
Vulnerability #1: Yes, cli_gentemp has a theoretical race condition.
Is it theoretically exploitable? Sure. Is it *likely* to be exploited
in the real world? No. You have to guess 128 bits of mildly-good random
data. That's quite
Dennis Peterson wrote:
Does any admin actually run this stuff without setting the temp
directory ahead of time?
I bet the vast majority do.
This problem is as old as Unix.
Indeed.
It is an operator issue.
No, I disagree. It's a design flaw in UNIX. UNIX should have
per-userid /tmp
David F. Skoll wrote:
Dennis Peterson wrote:
Does any admin actually run this stuff without setting the temp
directory ahead of time?
I bet the vast majority do.
I don't include Linux babies in that...
This problem is as old as Unix.
Indeed.
It is an operator issue.
No, I
Dennis Peterson wrote:
Does any admin actually run this stuff without setting the temp
directory ahead of time?
I bet the vast majority do.
I don't include Linux babies in that...
:-)
I bet the vast majority of FIRE-BREATHING REAL UNIX MEN who run Clam...
... do not bother changing tmpdir.
[EMAIL PROTECTED] wrote:
There is an article on eWeek.com today concerning instability in AV
software due to the impossibility of adequately testing updates when
releasing them as quickly as they are needed
(www.eweek.com/article2/0,1895,2240656,00.asp?kc=EWKNLINF010208STR3).
Just to force
Randal, Phil wrote:
[EMAIL PROTECTED] wrote:
There is an article on eWeek.com today concerning instability in AV
software due to the impossibility of adequately testing updates when
releasing them as quickly as they are needed
26 matches
Mail list logo