Re: [clamav-users] CLAMAV: Docker Tag 0.104.2 has 9 Medium Vulnerabilities for Busy Box

2022-02-18 Thread Jaspal Singh Sandhu via clamav-users 
Hi Micah,

I will use https://github.com/Cisco-Talos/clamav/issues/new/choose.

There was no intention of Mocking.   It was simply to let you know that we
saw the vulnerabilities in busybox and pulled back from that image.

We have successfully upgraded clamav.  It is an awesome product.

Nowadays, it is good to be extra cautious.

Again, thanks for your support.

Thanks,

Jaspal  Sandhu
Roberthalf

On Thu, Feb 17, 2022 at 11:52 AM Micah Snyder (micasnyd) via clamav-users <
clamav-users@lists.clamav.net> wrote:

> Please don't hijack a thread to report a bug or request an improvement. A
> new thread for new discussion topic is always great.
>
> Please also be careful in your phrasing. ClamAV's docker support was 99%
> the work of a kind-hearted community member. Mocking the current design
> isn't helpful. I do see what you're talking about. I'm sure there is room
> for improvement.
>
> If you know there is a bug, please report the issue
> https://github.com/Cisco-Talos/clamav/issues/new/choose
> 
> If you have a proposed solution for the issue, it's still good to make the
> issue and submit your solution in a pull-request.
>
> Regards,
> Micah
>
> Micah Snyder
> ClamAV Development
> Talos
> Cisco Systems, Inc.
> --
> *From:* Marc 
> *Sent:* Sunday, February 13, 2022 5:02 AM
> *To:* ClamAV users ML 
> *Cc:* Micah Snyder (micasnyd) ; Sandhu, Jaspal (HQP) <
> jaspal.san...@roberthalf.com>
> *Subject:* RE: CLAMAV: Docker Tag 0.104.2 has 9 Medium Vulnerabilities
> for Busy Box
>
> > My team is new to maintaining images on Docker Hub. We hadn't yet
> > identified the best practices for how to publish an image for the same
> > ClamAV version with a new base image. After a little investigation, I
> > settled on this on this scheme.
> >
> I can see ;)
>
> This is of course crap.
>
> # Wait forever (or until canceled)
> exec tail -f "/dev/null"
>
> The goal of the entrypoint.sh exec is that if it terminates the OC can
> take proper action, eg restart the task. In your case clamd can crash and
> no action will be taken, because the OC monitors a useless tail?
>
>
>
> ___
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV 0.103.5 and 0.104.2 security patch release; 0.102 past EOL

2022-01-13 Thread Jaspal Singh Sandhu via clamav-users 
Awesome

On Thu, Jan 13, 2022 at 10:31 AM Micah Snyder (micasnyd) 
wrote:

> Hi Jaspal,
>
> There was an issue with the release steps and the Docker image was missed
> yesterday.
> It has been fixed and the 0.104.2 image is now up on Docker Hub.
>
> 0.104.2:
> https://registry.hub.docker.com/layers/clamav/clamav/0.104.2/images/sha256-7177e1771bd696f9ff5acb97221107ab7d8961b1ab3b370cd1e24bf66cf02fe1?context=explore
>
> 0.104.2_base:
> https://registry.hub.docker.com/layers/clamav/clamav/0.104.2_base/images/sha256-8aea3e0f684f50402bd10456045eb3a3ad2772ecda99739100da9345b068e25c?context=explore
>
> The 0.104 / 0.104_base and latest / latest_base tags also point to the
> same 0.104.2 and 0.104.2_base images.
>
> Thanks for pointing out the issue!  Please reach out again if there is
> anything else.
>
> Regards,
> Micah
>
> Micah Snyder
> ClamAV Development
> Talos
> Cisco Systems, Inc.
> --
> *From:* Jaspal Singh Sandhu 
> *Sent:* Thursday, January 13, 2022 9:13 AM
> *To:* ClamAV users ML 
> *Cc:* ClamAV Announcements ML ; ClamAV
> Development ; Micah Snyder (micasnyd) <
> micas...@cisco.com>
> *Subject:* Re: [clamav-users] ClamAV 0.103.5 and 0.104.2 security patch
> release; 0.102 past EOL
>
> Hi,
>
> We are using Docker Image for 1.104 version at Roberthalf  Is that image
> updated too with this patch?
> Thanks,
>
> Jaspal  Sandhu
>
>
> On Wed, Jan 12, 2022 at 12:13 PM Micah Snyder (micasnyd) via clamav-users <
> clamav-users@lists.clamav.net> wrote:
>
> Find this announcement online at:
> https://blog.clamav.net/2022/01/clamav-01035-and-01042-security-patch.html
>
>
> ClamAV versions 0.103.5 and 0.104.2 are now available for download on the 
> clamav.net
> Downloads page .
>
>
> We would also like to take this opportunity to remind users that versions
> 0.102 and 0.101 have reached their end-of-life period. *These versions
> exceeded our EOL dates on Jan. 3, 2022 and will soon be actively blocked
> from downloading signature database updates.*
>
>
> For additional details about ClamAV's end-of-life policy, please see our
> online documentation .
>
>
> 0.103.5
>
> ClamAV 0.103.5 is a critical patch release with the following fixes:
>
>-
>
>CVE-2022-20698
>: Fix
>for invalid pointer read that may cause a crash. This issue affects
>0.104.1, 0.103.4 and prior when ClamAV is compiled with libjson-c and the
>CL_SCAN_GENERAL_COLLECT_METADATA scan option (the clamscan --gen-json
>option) is enabled.
>
>Cisco would like to thank Laurent Delosieres of ManoMano for reporting
>this vulnerability.
>-
>
>Fixed ability to disable the file size limit with libclamav C API,
>like this:
>
>  cl_engine_set_num(engine, CL_ENGINE_MAX_FILESIZE, 0);
>
>This issue didn't affect ClamD or ClamScan which also can disable the
>limit by setting it to zero using MaxFileSize 0 in clamd.conf for
>ClamD, or clamscan --max-filesize=0 for ClamScan.
>
>Note: Internally, the max file size is still set to 2 GiB. Disabling
>the limit for a scan will fall back on the internal 2 GiB limitation.
>-
>
>Increased the maximum line length for ClamAV config files from 512
>bytes to 1,024 bytes to allow for longer config option strings.
>-
>
>SigTool: Fix insufficient buffer size for --list-sigs that caused a
>failure when listing a database containing one or more very long
>signatures. This fix was backported from 0.104.
>
> Special thanks to the following for code contributions and bug reports:
>
>- Laurent Delosieres
>
> 0.104.2
>
> ClamAV 0.104.2 is a critical patch release with the following fixes:
>
>-
>
>CVE-2022-20698
>: Fix
>for invalid pointer read that may cause a crash. Affects 0.104.1, 0.103.4
>and prior when ClamAV is compiled with libjson-c and the
>CL_SCAN_GENERAL_COLLECT_METADATA scan option (the clamscan --gen-json
>option) is enabled.
>
>Cisco would like to thank Laurent Delosieres of ManoMano for reporting
>this vulnerability.
>-
>
>Fixed ability to disable the file size limit with libclamav C API,
>like this:
>
>  cl_engine_set_num(engine, CL_ENGINE_MAX_FILESIZE, 0);
>
>This issue didn't impact ClamD or ClamScan which also can disable the
>limit by setting it to zero using MaxFileSize 0 in clamd.conf for
>ClamD, or clamscan --max-filesize=0 for ClamScan.
>
>Note: Internally, the max file size is still set to 2 GiB. Disabling
>the limit for a scan will fall back on the internal 2 GiB limitation.
>-
>
>Increased the maximum line length for ClamAV config files from 512
>bytes to 1,024 bytes to allow for longer config option strings.
>
> Special thanks to the following for code contributions and bug reports:
>
>- Laurent

Re: [clamav-users] ClamAV 0.103.5 and 0.104.2 security patch release; 0.102 past EOL

2022-01-13 Thread Jaspal Singh Sandhu via clamav-users 
Hi,

We are using Docker Image for 1.104 version at Roberthalf  Is that image
updated too with this patch?
Thanks,

Jaspal  Sandhu


On Wed, Jan 12, 2022 at 12:13 PM Micah Snyder (micasnyd) via clamav-users <
clamav-users@lists.clamav.net> wrote:

> Find this announcement online at:
> https://blog.clamav.net/2022/01/clamav-01035-and-01042-security-patch.html
>
>
> ClamAV versions 0.103.5 and 0.104.2 are now available for download on the 
> clamav.net
> Downloads page .
>
>
> We would also like to take this opportunity to remind users that versions
> 0.102 and 0.101 have reached their end-of-life period. *These versions
> exceeded our EOL dates on Jan. 3, 2022 and will soon be actively blocked
> from downloading signature database updates.*
>
>
> For additional details about ClamAV's end-of-life policy, please see our
> online documentation .
>
>
> 0.103.5
>
> ClamAV 0.103.5 is a critical patch release with the following fixes:
>
>-
>
>CVE-2022-20698
>: Fix
>for invalid pointer read that may cause a crash. This issue affects
>0.104.1, 0.103.4 and prior when ClamAV is compiled with libjson-c and the
>CL_SCAN_GENERAL_COLLECT_METADATA scan option (the clamscan --gen-json
>option) is enabled.
>
>Cisco would like to thank Laurent Delosieres of ManoMano for reporting
>this vulnerability.
>-
>
>Fixed ability to disable the file size limit with libclamav C API,
>like this:
>
>  cl_engine_set_num(engine, CL_ENGINE_MAX_FILESIZE, 0);
>
>This issue didn't affect ClamD or ClamScan which also can disable the
>limit by setting it to zero using MaxFileSize 0 in clamd.conf for
>ClamD, or clamscan --max-filesize=0 for ClamScan.
>
>Note: Internally, the max file size is still set to 2 GiB. Disabling
>the limit for a scan will fall back on the internal 2 GiB limitation.
>-
>
>Increased the maximum line length for ClamAV config files from 512
>bytes to 1,024 bytes to allow for longer config option strings.
>-
>
>SigTool: Fix insufficient buffer size for --list-sigs that caused a
>failure when listing a database containing one or more very long
>signatures. This fix was backported from 0.104.
>
> Special thanks to the following for code contributions and bug reports:
>
>- Laurent Delosieres
>
> 0.104.2
>
> ClamAV 0.104.2 is a critical patch release with the following fixes:
>
>-
>
>CVE-2022-20698
>: Fix
>for invalid pointer read that may cause a crash. Affects 0.104.1, 0.103.4
>and prior when ClamAV is compiled with libjson-c and the
>CL_SCAN_GENERAL_COLLECT_METADATA scan option (the clamscan --gen-json
>option) is enabled.
>
>Cisco would like to thank Laurent Delosieres of ManoMano for reporting
>this vulnerability.
>-
>
>Fixed ability to disable the file size limit with libclamav C API,
>like this:
>
>  cl_engine_set_num(engine, CL_ENGINE_MAX_FILESIZE, 0);
>
>This issue didn't impact ClamD or ClamScan which also can disable the
>limit by setting it to zero using MaxFileSize 0 in clamd.conf for
>ClamD, or clamscan --max-filesize=0 for ClamScan.
>
>Note: Internally, the max file size is still set to 2 GiB. Disabling
>the limit for a scan will fall back on the internal 2 GiB limitation.
>-
>
>Increased the maximum line length for ClamAV config files from 512
>bytes to 1,024 bytes to allow for longer config option strings.
>
> Special thanks to the following for code contributions and bug reports:
>
>- Laurent Delosieres
>
>
>
> Micah Snyder
> ClamAV Development
> Talos
> Cisco Systems, Inc.
>
> ___
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Calm AV assistance

2021-11-05 Thread Jaspal Singh Sandhu via clamav-users 
Dont use Ec2.  You will be paying more Use Docker image and run on ECS with
network load balance.  Use clamdscan.  To scan files

Clamscan takes 20 seconds to load virus definition and it is slow

If you have to use Ec2 you can use docker image.   That works fine too

On Fri, Nov 5, 2021 at 7:09 AM G.W. Haywood via clamav-users <
clamav-users@lists.clamav.net> wrote:

> Hi there,
>
> On Fri, 5 Nov 2021, Michael Pifer via clamav-users wrote:
>
> > I am specifically looking for assistance in setting up and configuring
> Clam
> > AV in our AWS EC2 environment.
> >
> > We are specifically looking to create a scanning service using clam av
> that
> > can be called everywhere a file is uploaded.  Make sure that if a file is
> > flagged as having a virus that we delete the file and return a message to
> > the user that the file appears to be infected and was not successfully
> > uploaded.
> >
> > Any assistance would be greatly appreciated!
>
> ClamAV is really just a toolkit.  You can learn how to use it to scan
> data streams, files, directories and whole filesystems against a set
> of signatures and other stuff which is stored - more or less locally -
> by you in a sort of database.  You decide what to put in the database
> (and then you have to maintain it, there are tools in the ClamAV suite
> to help you to do that).  Other tools in the suite can help you to do
> something like what you want to do, but if we are to provide any help
> other than generalities and pointers to the documentation you need to
> give us sufficient detail about what you intend to do.  The online
> documentation is at
>
> https://docs.clamav.net/
>
> and if you download ClamAV from one of the archives at
>
> https://www.clamav.net/downloads
>
> you will also find documentation in the archive.
>
> Things like returning messages to users are the sorts of things that
> you have to do in your own software, which can use the ClamAV toolkit
> and perhaps collect information from ClamAV scan results which can be
> returned to your users.  These things are not part of ClamAV itself.
> The messages provided by ClamAV are at best rather terse, you would
> probably want to embellish them in your own software for consumption
> by your users.
>
> If ClamAV *does* flag a file, deleting it will not always be the best
> choice of the options available to you.
>
> If ClamAV does *not* flag a file, accepting that it is safe will not
> always be the best choice of the options available to you.  You should
> consider carefully the probabilities that ClamAV will detect the kinds
> of threats which concern you.
>
> --
>
> 73,
> Ged.
>
> ___
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
-- 
Thanks,

Jaspal  Sandhu

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml