Re: CLAMAV 0.95 to be disabled

[corpus.defero]

On Fri, 2010-04-09 at 08:47 +0100, corpus.defero wrote:
 Appreciate that this is an SA list, but it tends to share a userbase
 with ClamAV. Apologies if mentioned, but potentially these could mean
 carnage to users of Clam who have not updated in a while:
 
 http://lurker.clamav.net/message/20100407.141109.2a7c287b.en.html
 
 Dear ClamAV users, 
 
 this is a reminder that starting from 15 April 2010 our CVD will contain
 a special signature which disables all clamd installations older than 
 0.95 - that is to say older than 1 year. 
 
 We would like to keep on supporting all old versions of our engine, but 
 unfortunately this is no longer possible without causing a disservice to
 people running a recent release of ClamAV. 
 
 For more information please refer to the original announcement: 
 
 http://lists.clamav.net/lurker/message/20091006.143601.d27bbd20.en.html 
 
 
 Hope that this spares someone some blushes next week :-)
 
To follow that up - another good reason to update (not sure if this is
just a Ubuntu issue or has implications in Debian + others)

===
Ubuntu Security Notice USN-926-1 April 08, 2010
clamav vulnerabilities
CVE-2010-0098
===

A security issue affects the following Ubuntu releases:

Ubuntu 8.10
Ubuntu 9.04
Ubuntu 9.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.10:
  libclamav6  0.95.3+dfsg-1ubuntu0.09.04~intrepid3

Ubuntu 9.04:
  libclamav6  0.95.3+dfsg-1ubuntu0.09.04.1

Ubuntu 9.10:
  libclamav6  0.95.3+dfsg-1ubuntu0.09.10.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

It was discovered that ClamAV did not properly verify its input when
processing CAB files. A remote attacker could send a specially crafted
CAB file to evade malware detection. (CVE-2010-0098)

It was discovered that ClamAV did not properly verify its input when
processing CAB files. A remote attacker could send a specially crafted
CAB file and cause a denial of service via application crash.


Updated packages for Ubuntu 8.10:

  Source archives:

Re: CLAMAV 0.95 to be disabled

[Charles Gregory]

Realize this is OT, and that even the instigation is OT :)
But I'm hoping someone here just KNOWS 'rpm'. and can help...
(Or can point me to the best forum for a quick answer)

While attempting to use rpm on RH9 to update to a newer set of clamav 
packages, the rpm process locked up, and I had to kill it, and now rpm 
does not seem to be working at all


I'm currently trying 'rpm --rebuilddb' but it's just sitting there, and 
I've got a feeling it has locked-up too


- C

Re: CLAMAV 0.95 to be disabled

[Daniel McDonald]

On 4/9/10 9:45 AM, Charles Gregory cgreg...@hwcn.org wrote:

 
 Realize this is OT, and that even the instigation is OT :)
 But I'm hoping someone here just KNOWS 'rpm'. and can help...
 (Or can point me to the best forum for a quick answer)
 
 While attempting to use rpm on RH9 to update to a newer set of clamav
 packages, the rpm process locked up, and I had to kill it, and now rpm
 does not seem to be working at all
 
 I'm currently trying 'rpm --rebuilddb' but it's just sitting there, and
 I've got a feeling it has locked-up too

You've got to delete the __db.* files in /varlib/rpm before you run
--rebuilddb

-- 
Daniel J McDonald, CCIE # 2495, CISSP # 78281

Re: CLAMAV 0.95 to be disabled

[Charles Gregory]

OT - RPM

On Fri, 9 Apr 2010, Daniel McDonald wrote:

I'm currently trying 'rpm --rebuilddb' but it's just sitting there, and
I've got a feeling it has locked-up too

You've got to delete the __db.* files in /varlib/rpm before you run
--rebuilddb


I'm trying that now, but don't have much hope. None of the db files
were modified since 2007. So I suspect the corruption is in one of the 
other files :(


- C

Re: [sa] Re: CLAMAV 0.95 to be disabled

[Charles Gregory]

On Fri, 9 Apr 2010, Daniel McDonald wrote:

You've got to delete the __db.* files in /varlib/rpm before you run
--rebuilddb


That worked. Thanks! (wiping brow with relief)

- C