[Mimedefang] Re: [PATCH] Mimedefang and clamd/clamav 0.90
Jan-Pieter Cornet
johnpc at xs4all.nl
Mon Feb 19 18:39:40 EST 2007
On Sun, Feb 18, 2007 at 09:10:39PM -0500, Pierre Forget wrote:
> I just looked at the post from Martin Blapp, and I am wondering about
> using clamav 0.90. I also looked at previous posts concerning 0.90.
>
> I am actually using Mimedefang 2.57 and clamav 0.88.4, and using only
> clamd called from Mimedefang site wide.
>
> Am I safe in installing 0.90? Do I need to install the patch?
You probably should upgrade to 0.90. You need to install Martin's
patch to mimedefang.pl if you care about correcly scanning certain
.zip files.
> Or would it be preferable to install Mimedefang 2.58?
>
> It's actually working flawlessly and nobody likes to break something
> that is working...
That depends on how you define flawlessly. See:
http://www.securityfocus.com/bid/22580
http://www.securityfocus.com/bid/22581
... and possibly look for other known bugs/exploits in ClamAV. Go
to www.securityfocus.com/bid, Select
Vendor = "Clam Anti-Virus"
title = "ClamAV"
version = "0.88.4" (or your installed version), and look at the
list of known security bugs.
I'm not familiar with the precise workings of the above flaws (in
0.88.7!) but I believe you're safe from the directory traversal bug as
long as you let mimedefang handle the un-mimeing part of the email. Or
put another way: make sure ClamAV does _not_ scan the original email,
only the (unpacked, extracted) attachments.
It's unlikely mimedefang can protect you against the Denial of Service
via .cab files.
--
Jan-Pieter Cornet <johnpc at xs4all.nl>
!! Disclamer: The addressee of this email is not the intended recipient. !!
!! This is only a test of the echelon and data retention systems. Please !!
!! archive this message indefinitely to allow verification of the logs. !!
More information about the MIMEDefang
mailing list