CLAMAV 0.95 to be disabled
Appreciate that this is an SA list, but it tends to share a userbase with ClamAV. Apologies if mentioned, but potentially these could mean carnage to users of Clam who have not updated in a while: http://lurker.clamav.net/message/20100407.141109.2a7c287b.en.html Dear ClamAV users, this is a reminder that starting from 15 April 2010 our CVD will contain a special signature which disables all clamd installations older than 0.95 - that is to say older than 1 year. We would like to keep on supporting all old versions of our engine, but unfortunately this is no longer possible without causing a disservice to people running a recent release of ClamAV. For more information please refer to the original announcement: http://lists.clamav.net/lurker/message/20091006.143601.d27bbd20.en.html Hope that this spares someone some blushes next week :-)
Re: CLAMAV 0.95 to be disabled
On Fri, 2010-04-09 at 08:47 +0100, corpus.defero wrote: Appreciate that this is an SA list, but it tends to share a userbase with ClamAV. Apologies if mentioned, but potentially these could mean carnage to users of Clam who have not updated in a while: http://lurker.clamav.net/message/20100407.141109.2a7c287b.en.html Dear ClamAV users, this is a reminder that starting from 15 April 2010 our CVD will contain a special signature which disables all clamd installations older than 0.95 - that is to say older than 1 year. We would like to keep on supporting all old versions of our engine, but unfortunately this is no longer possible without causing a disservice to people running a recent release of ClamAV. For more information please refer to the original announcement: http://lists.clamav.net/lurker/message/20091006.143601.d27bbd20.en.html Hope that this spares someone some blushes next week :-) To follow that up - another good reason to update (not sure if this is just a Ubuntu issue or has implications in Debian + others) === Ubuntu Security Notice USN-926-1 April 08, 2010 clamav vulnerabilities CVE-2010-0098 === A security issue affects the following Ubuntu releases: Ubuntu 8.10 Ubuntu 9.04 Ubuntu 9.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.10: libclamav6 0.95.3+dfsg-1ubuntu0.09.04~intrepid3 Ubuntu 9.04: libclamav6 0.95.3+dfsg-1ubuntu0.09.04.1 Ubuntu 9.10: libclamav6 0.95.3+dfsg-1ubuntu0.09.10.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that ClamAV did not properly verify its input when processing CAB files. A remote attacker could send a specially crafted CAB file to evade malware detection. (CVE-2010-0098) It was discovered that ClamAV did not properly verify its input when processing CAB files. A remote attacker could send a specially crafted CAB file and cause a denial of service via application crash. Updated packages for Ubuntu 8.10: Source archives:
Re: CLAMAV 0.95 to be disabled
Realize this is OT, and that even the instigation is OT :) But I'm hoping someone here just KNOWS 'rpm'. and can help... (Or can point me to the best forum for a quick answer) While attempting to use rpm on RH9 to update to a newer set of clamav packages, the rpm process locked up, and I had to kill it, and now rpm does not seem to be working at all I'm currently trying 'rpm --rebuilddb' but it's just sitting there, and I've got a feeling it has locked-up too - C
Re: CLAMAV 0.95 to be disabled
On 4/9/10 9:45 AM, Charles Gregory cgreg...@hwcn.org wrote: Realize this is OT, and that even the instigation is OT :) But I'm hoping someone here just KNOWS 'rpm'. and can help... (Or can point me to the best forum for a quick answer) While attempting to use rpm on RH9 to update to a newer set of clamav packages, the rpm process locked up, and I had to kill it, and now rpm does not seem to be working at all I'm currently trying 'rpm --rebuilddb' but it's just sitting there, and I've got a feeling it has locked-up too You've got to delete the __db.* files in /varlib/rpm before you run --rebuilddb -- Daniel J McDonald, CCIE # 2495, CISSP # 78281
Re: CLAMAV 0.95 to be disabled
OT - RPM On Fri, 9 Apr 2010, Daniel McDonald wrote: I'm currently trying 'rpm --rebuilddb' but it's just sitting there, and I've got a feeling it has locked-up too You've got to delete the __db.* files in /varlib/rpm before you run --rebuilddb I'm trying that now, but don't have much hope. None of the db files were modified since 2007. So I suspect the corruption is in one of the other files :( - C
Re: [sa] Re: CLAMAV 0.95 to be disabled
On Fri, 9 Apr 2010, Daniel McDonald wrote: You've got to delete the __db.* files in /varlib/rpm before you run --rebuilddb That worked. Thanks! (wiping brow with relief) - C