Regarding the zip bomb vulnerability/fix, we don’t have a CVE assigned – yet. Will have one soon.
Regards, Micah From: clamav-users <[email protected]> on behalf of "Fajar A. Nugraha via clamav-users" <[email protected]> Reply-To: ClamAV users ML <[email protected]> Date: Tuesday, August 6, 2019 at 5:48 AM To: ClamAV users ML <[email protected]> Cc: "Fajar A. Nugraha" <[email protected]> Subject: Re: [clamav-users] Vulnerability Reporting? OP is probably looking for http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=clamav ... and something equivalent of xen-announce (the 'security advisories' part) from https://xenproject.org/help/mailing-list/ (which doesn't exist for clamav?) -- Fajar On Tue, Aug 6, 2019 at 4:42 PM Al Varnell via clamav-users <[email protected]<mailto:[email protected]>> wrote: I'm also confused by what you mean by "firmware engine" and "compliance"? ClamAV doesn't reside in firmware, so are you referring to firmware vulnerabilities that impact ClamAV performance? If there are any, I have not heard about them. Is there a particular platform that you are referring to? And with regard to compliance, is there some anti-malware standard that I'm unaware of that needs to be complied with? Sent from my iPad -Al- On Aug 6, 2019, at 02:08, Henrik Hoeg Thomsen1 via clamav-users <[email protected]<mailto:[email protected]>> wrote: Does CLAMAV have a forum where Vulnerabillity findings in the firmware engine can be tracked for Compliance. ? And where fixes and recomendations can be found.
_______________________________________________ clamav-users mailing list [email protected] https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
