New ClamAV out

[Randal, Phil]

Perhaps Julian can amend install-Clam-SA to force a build and reinstall
of Mail::ClamAV every time.

 

Little overhead, but worth it if this is going to cause us problems
again.

 

Cheers,

 

Phil

 

  _____  

From: mailscanner-bounces at lists.mailscanner.info
[mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Way to
the Web
Sent: Saturday, December 16, 2006 3:49 PM
To: MailScanner discussion
Subject: Re: New ClamAV out

 

On 12/12/06, Denis Beauchemin <Denis.Beauchemin at usherbrooke.ca
<mailto:Denis.Beauchemin at usherbrooke.ca> > wrote:

Denis Beauchemin a écrit :
> Release Name: 0.88.7
>
> Hello all,
>
> Our security guy pointed the following advisory for Clam 0.88.6 and
> prior versions: http://www.frsirt.com/english/advisories/2006/4948
<http://www.frsirt.com/english/advisories/2006/4948> 
> Clam AntiVirus MIME Attachments Handling Remote Denial of Service
> Vulnerability
>
> This comes from Clam 0.88.7:
> This version improves scanning of mail and tar files. 
>
> Changes:
> Mon Dec 11 02:47:03 CET 2006
> ----------------------------
>  * Bugfixes:
>    - libclamav/message.c: handle consecutive errors in base64 decoding
>    - libclamav/mbox.c: honour recursion limit when scanning email 
> messages
>    - clamscan: new option --mail-max-recursion
>    - clamd/clamav-milter: new option MailMaxRecursion
>    - libclamav/untar.c: honour archive limits
>
> Denis
>
Just wanted to let you know that there seems to be a problem with the
new ClamAV and ZIP files: I get a lot of:
Dec 12 12:37:52  <http://132.210.244.93> MailScanner warning: numerical
links are often malicious: 132.210.244.93 MailScanner[31880]:
ClamAVModule::INFECTED:: Oversized.Zip::
./kBCHaqdS004063/BIOMETISS_BIOREACTEUR_07-12-2006.zip

I had none yesterday and I have 20 since upgrading Clam this morning.

Denis

--
   _
  °v°   Denis Beauchemin, analyste
/(_)\  Université de Sherbrooke, S.T.I.
  ^ ^   T: 819.821.8000x62252 F: 819.821.8045




--
MailScanner mailing list
mailscanner at lists.mailscanner.info
<mailto:mailscanner at lists.mailscanner.info>  
http://lists.mailscanner.info/mailman/listinfo/mailscanner
<http://lists.mailscanner.info/mailman/listinfo/mailscanner> 

Before posting, read http://wiki.mailscanner.info/posting
<http://wiki.mailscanner.info/posting>  

Support MailScanner development - buy the book off the website!





If anyone is still seeing this problem, we found that it's fixed by
force reinstalling the clamav perl module. According to the clamav
developers: 

Due to the changes in libclamav, 0.88.7 is not binary compatible with
previous 
versions. To solve the issues you have to recompile all the software
which is 
linked against libclamav. 


-- 
Regards,
Sarah Trayser

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20061216/ccefee80/attachment.html