New ClamAV out
prandal at herefordshire.gov.uk
Sat Dec 16 20:11:22 CET 2006
Perhaps Julian can amend install-Clam-SA to force a build and reinstall
of Mail::ClamAV every time.
Little overhead, but worth it if this is going to cause us problems
From: mailscanner-bounces at lists.mailscanner.info
[mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Way to
Sent: Saturday, December 16, 2006 3:49 PM
To: MailScanner discussion
Subject: Re: New ClamAV out
On 12/12/06, Denis Beauchemin <Denis.Beauchemin at usherbrooke.ca
<mailto:Denis.Beauchemin at usherbrooke.ca> > wrote:
Denis Beauchemin a écrit :
> Release Name: 0.88.7
> Hello all,
> Our security guy pointed the following advisory for Clam 0.88.6 and
> prior versions: http://www.frsirt.com/english/advisories/2006/4948
> Clam AntiVirus MIME Attachments Handling Remote Denial of Service
> This comes from Clam 0.88.7:
> This version improves scanning of mail and tar files.
> Mon Dec 11 02:47:03 CET 2006
> * Bugfixes:
> - libclamav/message.c: handle consecutive errors in base64 decoding
> - libclamav/mbox.c: honour recursion limit when scanning email
> - clamscan: new option --mail-max-recursion
> - clamd/clamav-milter: new option MailMaxRecursion
> - libclamav/untar.c: honour archive limits
Just wanted to let you know that there seems to be a problem with the
new ClamAV and ZIP files: I get a lot of:
Dec 12 12:37:52 <http://188.8.131.52> MailScanner warning: numerical
links are often malicious: 184.108.40.206 MailScanner:
I had none yesterday and I have 20 since upgrading Clam this morning.
°v° Denis Beauchemin, analyste
/(_)\ Université de Sherbrooke, S.T.I.
^ ^ T: 819.821.8000x62252 F: 819.821.8045
MailScanner mailing list
mailscanner at lists.mailscanner.info
<mailto:mailscanner at lists.mailscanner.info>
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!
If anyone is still seeing this problem, we found that it's fixed by
force reinstalling the clamav perl module. According to the clamav
Due to the changes in libclamav, 0.88.7 is not binary compatible with
versions. To solve the issues you have to recompile all the software
linked against libclamav.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the MailScanner