Roberto Ullfig wrote: > John Rudd wrote: > >> Nigel Horne wrote: >> >> >>> Roberto Ullfig wrote: >>> >>> >>>> Nigel Horne wrote: >>>> >>>> >>>>> A vulnerability was identified by Secunia in 0.92.1 relating to the >>>>> PE module. >>>>> We immediately disabled this module about a month ago. Since then we >>>>> have been >>>>> working on, and produced, a fix which is included in 0.93. 0.93 is >>>>> due for release >>>>> very soon, and all users are advised to update to this release with >>>>> immediate effect. >>>>> 0.93RC1 does not include the fix. >>>>> >>>>> Regards, >>>>> >>>>> >>>>> >>>> By disabling the module do you mean to say that 0.92.1 is not >>>> vulnerable? Why does CERT say otherwise? >>>> >>>> >>> As soon as we found out about the vulnerability we issued a "dconf" update >>> to switch off the affected module, upack. All 0.92.1 users are advised to >>> upgrade to 0.93 immediately. >>> >>> >> Oh, and, while we're on the subject, what about 0.88.6? is that version >> vulnerable? (don't tell me to upgrade -- I haven't been able to get >> newer versions to compile on Mac OS X 10.4.x) >> >> >> > Just a note. When I first heard of this vulnerability I set ScanPE to no > in /usr/local/etc/clamd.conf and restarted. I assume that doing this > would prevent the PE scans and hence the vulnerability. Is that > assumption correct?
By doing that you will miss most of .exe viruses. ScanPE turns off PE scanning entirely, but only the upack module of PE is vulnerable. Best regards, --Edwin _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
