 |
 | Secunia: DoS possible @ new Version |  |
|
ackermann
|
|
There you can read the security message:
https://secunia.com/advisories/24187/ |
|||||||||||
|
|||||||||||||
 |
| |
|
alch
Site Admin
|
|
we are beta-testing clamwin 0.90 and will release it asap
|
|||||||||||
|
|||||||||||||
|
| Vulnerabilities | |
|
GuitarBob
|
|
I believe I counted about 6 publicized vulnerabilities in Kaspersky's product in 2006, so this isn't too bad. Some of this stuff isn't that likely to be exploited. I've always felt like ClamWin was chewing on those CAB files, however, like an old man without any teeth!
Regards, |
|||||||||||
|
|||||||||||||
|
| |
|
ackermann
|
|
The problem I see is that Clam(AV!) is a very popular server application that's used by many providers and email services. So I think that more bad guys are interested in hacking these popular server software than some kaspersky application that is used on home-pc's mostly.
Could be that I am wrong but it doesn't feel good to me that my only security software is on the spotlight of secunia.com |
|||||||||||
|
|||||||||||||
|
| Clam Vulnerability | |
|
GuitarBob
|
|
You're right. I'm just a personal computer user, so I sometimes forget that ClamAV is used by some pretty large email service providers. Even considering that, however, most of those exploits need a "specially crafted" file according to the notices I see. I don't believe that all malware writers are capable of crafting such files. We personal users can exclude CAB files and other extensions that might be vulnerable from ClamWin scans until we hear the problem has been fixed. Finally, all personal users should also be using a real-time commercial scanner--there are several good ones that are free, until ClamAV/ClamWin is no longer beta software. Hopefull that won't be too long. 90,000 signatures is getting out of the beta category, eh?
I wish those academics/experts/consultants that publicize security vulnerables would just keep their mouths shut--at least in public. There's no sense in telling malware writers what/how to do it--let them have to work like the rest of us. Regards, |
|||||||||||
|
|||||||||||||
|
| Re: Clam Vulnerability | |
|
ackermann
|
|
I'll never understand why such exploits are published on those sites as long as they ain't patched. In my opinion it would be good enough to tell 'em to the developer-team of the program. |
|||||||||||||
|
|||||||||||||||
|
| Patches | |
|
GuitarBob
|
|
You wrote:
"I'll never understand why such exploits are published on those sites as long as they ain't patched. In my opinion it would be good enough to tell 'em to the developer-team of the program." That would be the ethical thing to do, but I guess it shows the "abilities" of these security "consultants." In this case, they may have told Clam ahead of time, because they mentioned Version 0.90 fixed things. Regards, |
|||||||||||
|
|||||||||||||
|
 | Secunia: DoS possible @ new Version | |
|
||
|
|
|
Powered by phpBB © phpBB Group
Design by phpBBStyles.com | Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.
Design by phpBBStyles.com | Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.