The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

ClamAV 0.98.5 has been released!

Discussion in 'Security' started by popeye, Dec 1, 2014.

  1. popeye

    popeye Well-Known Member

    Joined:
    May 23, 2013
    Messages:
    313
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Texas
    cPanel Access Level:
    Root Administrator
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,807
    Likes Received:
    667
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    Yes, we monitor new releases of third-party applications that are integrated with cPanel/WHM. ClamAV version 0.98.5 is scheduled for cPanel version 11.46.2 at this time. There is currently no time frame available on when that build will be published. You can watch for case number 138457 in our change log:

    11.46 Change Log

    Thank you.
     
  3. whplus

    whplus Well-Known Member

    Joined:
    Dec 8, 2007
    Messages:
    66
    Likes Received:
    1
    Trophy Points:
    8
    Location:
    Behind your business
    The latest cpanel now is STABLE 11.46.2.4

    WARNING: Your ClamAV installation is OUTDATED!
    WARNING: Local version: 0.98.4 Recommended version: 0.98.6
     
  4. Venomous21

    Venomous21 Well-Known Member

    Joined:
    Jun 28, 2012
    Messages:
    70
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    I obviously run version .98.4 too. .98.5 came out 11/18/14....I missed the secunia advisory and it looks like cpanel did too....

    Security Advisory SA62542 - ClamAV "cli_scanpe()" Buffer Overflow Vulnerability - Secunia (rated highly critical and could allow execution of arbitrary code). CVE - CVE-2014-9050 (does not mention the arbitrary code execution -- obviously I hope the CVE article is correct and not the secunia one...).

    Either Secunia is A) wrong or needs to update their article or B) The CVE article is wrong....regardless, secunia doesn't drop highly critical ratings too often unless it's fairly important.

    Today, Clamav .98.6 came out and includes additional security issues...not all of them have been explicitly stated as to what the security implications are...

    Would you please update ClamAV to .98.6? Can't believe I've been running .98.4 with the possibility of this nasty vulnerability out for the past 2 months +...hope no malicious code was executed on my servers as a result of clamav scans....will not be using clamav further until you guys fully update it to the latest version...

    Would it behoove me to uninstall clamav from cpanel and just update it myself? Thinking this may be the best option moving forward. Is there anyway I can force update it e.g. yum update clamav?
     
  5. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,807
    Likes Received:
    667
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Anytime a new version is released (whether it's PHP, ClamAV, or any bundled software) we pay attention and take the steps to implement it when necessary. It's not always included right away because we have to put it through several tests to ensure it functions as expected. You can uninstall the instance of ClamAV provided by cPanel and use your own version, but keep in mind that cPanel-integrated features such as the "Virus Scanner" option may not function.

    Thank you.
     
  6. Venomous21

    Venomous21 Well-Known Member

    Joined:
    Jun 28, 2012
    Messages:
    70
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    I guess my follow-up question, is the secunia advisory flawed? I looked at clamav.net release for .98.5 which referenced the CVE-2014-9050 article, both of which did not mention .98.5 being a patch for the highly critical vulnerability allowing execution of arbitrary code with elevated privileges. I google'd and only found one more article (which appeared to be a copy of the Secunia article) referencing this highly critical vulnerability on versions before .98.5, which obviously includes .98.4 ...or at least one would think...

    Is it safe to continue to scan my system with clamav? Or would you wait until you can update it to .98.6?

    I can obviously uninstall it and install my own version (but will break cpanel features), the only thing that stops me is I'll have to do this manually on quite a few servers, whereas, cpanel updates it with new releases.

    My concern is someone could send an email with an attachment that exploits this vulnerability, it's scanned, and voila...arbitrary code execution happens on my server. Would incoming attachments be scanned with what privileges? as the user account? e.g. /home/~user?

    I occasionally run system wide scans as root which detect malicious files in some of the catch-all email accounts...concerned one of them could try to exploit this if it is indeed exploitable...I occasionally clear these accounts out but need to block emails coming to them altogether.
     
  7. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,807
    Likes Received:
    667
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    The newer version of ClamAV does include a patch for CVE-2014-9050:

    ClamAV® blog: ClamAV 0.98.5 has been released!

    You can monitor our change log for case number 138457 that implements the new version. There's currently no specific time frame available for it's release (I see it's been pushed to internal QA builds), and whether you want to disable it or not based on CVE-2014-9050 is really a decision you should make with your system administrator.

    Thank you.
     
  8. Venomous21

    Venomous21 Well-Known Member

    Joined:
    Jun 28, 2012
    Messages:
    70
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    Michael,

    Security Advisory SA62542 - ClamAV "cli_scanpe()" Buffer Overflow Vulnerability - Secunia

    That secunia advisory addresses a buffer overflow which could lead to arbitrary code execution on the server. CVE-2014-9050 simply mentions a D-o-S (granted it could be caused by arbitrary code execution of course...)....

    A D-o-S I can live with with clamav....arbitrary code execution possibly as root...I can not...since it could compromise the -entire- server.

    Is the secunia advisory wrong or do you think they over state the threat? I figured it would be in your best interest to investigate since lots of your users use clamav .98.4 including myself...

    I won't be using clamav .98.4 until you guys patch it...not sure why it requires a ton of testing to roll out a new version especially dealing potentially with a critical vulnerability...

    I would err on the side of pushing out their new clamav updates instead of possibly leaving servers vulnerable to exploits...but that's my opinion. Obviously test it first...but does it really require 2 months of testing? Clamav .98.5 came out in November...
     
  9. kernow

    kernow Well-Known Member

    Joined:
    Jul 23, 2004
    Messages:
    865
    Likes Received:
    9
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Anyone running MailScanner can click on the update button in the FE to auto install ClamAV - v0.98.6
     
  10. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,807
    Likes Received:
    667
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    To update, this is now handled through internal case number 158913. ClamAV version 0.98.6 is scheduled for inclusion in future builds, but there's no specific time frame we can provide at this time. You can uninstall ClamAV in the meantime to avoid using a version with the referenced vulnerability.

    Thank you.
     
  11. Venomous21

    Venomous21 Well-Known Member

    Joined:
    Jun 28, 2012
    Messages:
    70
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    Michael,

    Thank you for the reply. I will uninstall clamav from all web servers until the latest version is ready. Would it be possible to include an option to update WHM under third-party plugins to the lastest, untested release version? You click this update and it says "warning - this will update clamav to latest release version. please, note, these releases may have not yet been checked by cpanel. use with caution" Food for thought and would make updating a lot easier on a lot of web servers.
     
  12. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,807
    Likes Received:
    667
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    I'm not sure that's possible due to the nature of how we implement ClamAV and it's interaction with other aspects of cPanel. However, feel free to submit a feature request for it via:

    Submit A Feature Request

    Thank you.
     
  13. whplus

    whplus Well-Known Member

    Joined:
    Dec 8, 2007
    Messages:
    66
    Likes Received:
    1
    Trophy Points:
    8
    Location:
    Behind your business
  14. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,807
    Likes Received:
    667
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Manually installing that RPM is not supported, but the case has been included in build 11.47.9999.144 (Edge tier):

    Fixed case 158913: Update clamav to 0.98.6 from upstream.

    You should see this in cPanel version 11.48.1, which should make it's way to additional tiers in the near future.

    Thank you.
     
Loading...

Share This Page