|Main Archive Page > Month Archives > clamav-users archives|
On Wed, 21 Nov 2007 19:54:17 -0500
"David F. Skoll" <email@example.com> wrote:
> Tomasz Kojm wrote:
> > Just to make you feel better - ClamAV includes two special mechanisms
> > that in almost all cases allow us to remotely address such
> > vulnerabilities in 5 minutes eliminating the need for urgent update of
> > the entire package. These special features effectively limit wider usage
> > of any exploits against ClamAV.
> Could you elaborate please?
Sure, let's say someone publishes an exploit code against some XYZ module (unpacker, preprocessor, parser, etc.) of libclamav. Depending on the priority of the module we may decide to do one of the following:
We can stick the "protection" to certain vulnerable releases, eg. 0.90-0.91.1. In order to get out of the umbrella (and get XYZ reactivated or libclamav working as usual) a user of vulnerable version needs to update to new security release (if ready).
Take care, -- oo ..... Tomasz Kojm <firstname.lastname@example.org> (\/)\......... http://www.ClamAV.net/gpg/tkojm.gpg \..........._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Thu Nov 22 02:41:17 CET 2007 _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html