Re: [clamav-users] Injection Vulnerability in 0.99.2

Interesting, Some favorite ClamAV bugs from 2011 have been "rediscovered". :-) Also, from a pen tester's view, the important point is that, this attack surface does exist. User-side network hardening issues & misunderstanding of clamd configuration options may be irrelevant. Specifically,

Re: [clamav-users] Injection Vulnerability in 0.99.2

That's because you've gotten to the heart of the matter. There's no real bug or code related vulnerability here; it's a user-side network hardening issuing combined with a misunderstanding of clamd configuration options that allows for this attack surface to exist. As Steve has already pointed

Re: [clamav-users] Injection Vulnerability in 0.99.2

Hi, The fact that using clamd over TCP has insecurities has come up before. If using clamd, it is recommended to use the local socket option rather than a TCP socket. # The daemon can work in local mode, network mode or both. # Due to security reasons we recommend the local mode. Until it is

Re: [clamav-users] Injection Vulnerability in 0.99.2

The URL was corrupted in the e-mail I received. See if this works: And quoting the info found there: > Test ID: 1.3.6.1.4.1.25623.1.0.105762 > Category: General > Title:ClamAV `Service Commands`

[clamav-users] Injection Vulnerability in 0.99.2

Hi, We¹ve been using ClamAV 0.99.2 for some time. Our security team has recently done a scan and reported that this version of ClamAV has the injection vulnerability cited here: http://www.securityspace.com/smysecure/catid.html?id=1.3.6.1.4.1.25623.1.0. 105762 I checked and 0.99.2 is the latest