Clamav .99.2 vulnerabilities

Venomous21

• January 25, 2018 18:29

ClamAV" blog Few nasty remote code execution vulnerabilities, just came out today. ETA on when it will be updated in cpanel? If a user runs clamav from their cpanel at :2083, will it run as that user or as root?

• 

  lorio

  • January 26, 2018 13:20

  Isn't the main attack vector via email attachments? There is a report from a provider, where PDFs in emails are using CVE-2017-12376 to get a buffer overflow.

  0
• 

  cPanelMichael

  • January 26, 2018 16:42

  Hello, The inclusion of ClamAV 0.99.3 is currently tracked as part of internal case CPANEL-18300. I'll monitor this case and update this thread with more information on it's status as it becomes available. Thank you.

  0
• 

  Venomous21

  • January 31, 2018 01:43

  ETA? I have clamav disabled on our servers until this is fixed. Don't want to scan a malicious pdf by accident and trigger the buffer overflow. Anyway to perform a scan and exclude all *.pdf? Or could it still trigger the buffer overflow?

  0
• 

  cPanelMichael

  • January 31, 2018 15:21

  Hello, There's currently no specific time frame to offer, but I do see it's made it's way through testing and should be included with the next cPanel version 70 build. I'll update this thread again once the case is published. As far as excluding PDF files from the scan, you can exclude specific virus definitions using the instructions at: However, I don't believe that would achieve what you are seeking. There's a ClamAV mailing list thread on this topic at: Thank you.

  0
• 

  cPanelMichael

  • February 01, 2018 15:06

  Hello, To update, the new version of ClamAV was published as part of cPanel version 70.0.8: Fixed case CPANEL-18300: Update cpanel-clamav to 0.99.3-1.cp1170. cPanel version 70 is tentatively scheduled for publication to the Current build tier next week. Thank you.

  0
• 

  Venomous21

  • March 23, 2018 23:46

  Hello, I'm still waiting for version 70 to be pushed to Release. That having been said, .99.4 of clamav was released to address more critical security vulnerabilities including code execution. I don't feel comfortable using clamav until we are on the latest security patched release. They also released .100 but it's not a security update, more of a feature release. Should we expect to see .99.4 or .100 in version 70 soonish? Thanks

  0
• 

  cPanelMichael

  • March 26, 2018 12:37

  Should we expect to see .99.4 or .100 in version 70 soonish?

  
  Hello, Yes, internal case CPANEL-18950 was opened to include ClamAV version 0.99.4. It was published as part of cPanel & WHM version 70.0.24: Fixed case CPANEL-18950: Update cpanel-clamav to 0.99.4-1.cp1170. ClamAV version 0.100 is only available as a release candidate and thus has not yet been considered for publication with cPanel & WHM. Thank you.

  0

Please sign in to leave a comment.