 |
 | CVE-2023-20032 |  |
|
inf0rmix
|
|
As far as I can see,
the clamav version included in clamwin has a serious vulnerability regarding hfs dumps. see CVE-2023-20032 for details. |
|||||||||||
|
|||||||||||||
 |
| |
|
inf0rmix
|
|
I cannot post complete message, I get error 403 (maybe modsec) on posting
|
|||||||||||
|
|||||||||||||
|
| |
|
GuitarBob
|
|
Tell Clam Av about this problem. The scan code used by ClamWin comes from Clam AV, and they will have to correct their security problems.
As for not being able to post, you might be using a phrase that ClamWin will not allow--to prevent spammers. Also, sometimes if I make a long post, the forum will not allow it. Regards, |
|||||||||||
|
|||||||||||||
|
| |
|
Lipper
|
|
Hello GuitarBob and inf0rmix, there was a blog post about it a few weeks ago at Clam AV.
https://blog.clamav.net/2023/02/clamav-01038-01052-and-101-patch.html Peace, Lipper |
|||||||||||
|
|||||||||||||
|
| |
|
GuitarBob
|
|
Hello Lipper: it's good to hear from you. I told Alch/Sherypa about this and referenced the blog page. Sherpya can't do much about it. Alch has to give us a new ClamWin version, but he doesn't appear to want to. He hasn't answered any of my emails.
Regards, |
|||||||||||
|
|||||||||||||
|
| Update required | |
|
inf0rmix
|
|
I know the blogpost and CVE.
So the version delivered with clamwin should be affected. Is there any update planned or how to exchange the version used by clamwin manually ? |
|||||||||||
|
|||||||||||||
|
| |
|
GuitarBob
|
|
I don't think you can do anything manually. Alch has to integrate any new Clam AV code into the Windows C++ port prepared by Sherpya. If you think you are up to it, contact Alch. We are entirely dependent upon him, and I guess that is what he likes. He seems to have lost interest in ClamWin.
Regards, |
|||||||||||
|
|||||||||||||
|
| |
|
inf0rmix
|
|
As far as I can see, clamwin users default clamscan.exe, so exchange should not be a problem when the arguments still fit with the newest version.
Currently the full setup of clamwin must be marked as vulnerable until clamscan.exe is exchanged with a newer version 103.8 or higher. |
|||||||||||
|
|||||||||||||
|
| |
|
GuitarBob
|
|
You might do some searching on these forums or on the web to see about integrating the Windows version of Clam AV with ClamWin. There may be a way. The Clam AV Windows version does not work with the ClamWin GUI, to my knowledge, but developer Sherpya has a simple GUI on his website that might. See https://github.com/sherpya/ClamAV-GUI on the web.
Clam Av never considered a GUI because it was/is designed for Linux email servers, who have no need for GUI, real-time scanning, heuristics and other things needed by real Windows users. Regards, |
|||||||||||
|
|||||||||||||
|
 | CVE-2023-20032 | |
|
||
|
|
|
Powered by phpBB © phpBB Group
Design by phpBBStyles.com | Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.
Design by phpBBStyles.com | Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.