Your message dated Sat, 31 May 2014 19:13:26 +0200
with message-id <[email protected]>
and subject line Re: Bug#403034: Deep MIME Nesting Content Filter Bypass
has caused the Debian Bug report #403034,
regarding Deep MIME Nesting Content Filter Bypass
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
403034: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=403034
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: clamav
Version: 0.88.7-1
Severity: grave
Tags: security
While the new 0.88.7 version fixes CVE-2006-6406 and CVE-2006-6481 the
update introduces another flaw that lets viruses pass undetected. If a
virus is nested deeper than the --max-mail-recursion limit, the file
will pass and ClamAV's exit code indicates that the file was scanned
properly.
Again, details, PoC, and discussion can be found at
http://www.quantenblog.net/security/virus-scanner-bypass.
--- End Message ---
--- Begin Message ---
Hi,
upstream declared this as wontfix several years ago, so I'm closing this
bug now in order to clean up the BTS.
Best regards,
Andreas
--- End Message ---
_______________________________________________
Pkg-clamav-devel mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-clamav-devel
