Ralf, > > On our amavisd-new box: > Jul 30 16:36:42 mail kernel: [608438.105690] lha[700]: segfault at bfcf4d55 > ip 0804d62a sp bfceb04c error 4 in lha[8048000+d000] > Jul 30 16:41:11 mail kernel: [608707.038312] lha[1970]: segfault at bfd9ddf5 > ip 0804d62a sp bfd940ec error 4 in lha[8048000+d000] > Jul 30 21:29:54 mail kernel: [626030.125254] lha[16033]:segfault atbf8868e5 > ip 0804d62a sp bf87cbdc error 4 in lha[8048000+d000] > Jul 30 21:39:58 mail kernel: [626634.337639] lha[18297]:segfault at bffab805 > ip 0804d62a sp bffa1afc error 4 in lha[8048000+d000]
> Should I worry? Yes. Any crash caused by data over which one has no control is a potential security risk and a cause for concern. I've seen these crashes too recently. > It seems that "Trojan.Zbot-1730" makes LHA crash?! Henrik K wrote: > It would seem wiser to just let ClamAV handle LHA, instead of using some > ancient binary (I don't think there is any modern/updated version?). I agree. LHa decoder can be disabled by removing (or commenting-out) its entry in the @decoders list, or by just making the lha program unavailable (renaming or deinstalling it). Mark ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
