Hi i see there is a new release of ClamAV does cpanel update this automatically ?
ClamAV® blog: ClamAV 0.98.5 has been released!
ClamAV® blog: ClamAV 0.98.5 has been released!
Hello 
Yes, we monitor new releases of third-party applications that are integrated with cPanel/WHM. ClamAV version 0.98.5 is scheduled for cPanel version 11.46.2 at this time. There is currently no time frame available on when that build will be published. You can watch for case number 138457 in our change log:
11.46 Change Log
Thank you.
Yes, we monitor new releases of third-party applications that are integrated with cPanel/WHM. ClamAV version 0.98.5 is scheduled for cPanel version 11.46.2 at this time. There is currently no time frame available on when that build will be published. You can watch for case number 138457 in our change log:
11.46 Change Log
Thank you.
The latest cpanel now is STABLE 11.46.2.4
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.98.4 Recommended version: 0.98.6
I obviously run version .98.4 too. .98.5 came out 11/18/14....I missed the secunia advisory and it looks like cpanel did too....
Security Advisory SA62542 - ClamAV "cli_scanpe()" Buffer Overflow Vulnerability - Secunia (rated highly critical and could allow execution of arbitrary code). CVE - CVE-2014-9050 (does not mention the arbitrary code execution -- obviously I hope the CVE article is correct and not the secunia one...).
Either Secunia is A) wrong or needs to update their article or B) The CVE article is wrong....regardless, secunia doesn't drop highly critical ratings too often unless it's fairly important.
Today, Clamav .98.6 came out and includes additional security issues...not all of them have been explicitly stated as to what the security implications are...
Would you please update ClamAV to .98.6? Can't believe I've been running .98.4 with the possibility of this nasty vulnerability out for the past 2 months +...hope no malicious code was executed on my servers as a result of clamav scans....will not be using clamav further until you guys fully update it to the latest version...
Would it behoove me to uninstall clamav from cpanel and just update it myself? Thinking this may be the best option moving forward. Is there anyway I can force update it e.g. yum update clamav?
Security Advisory SA62542 - ClamAV "cli_scanpe()" Buffer Overflow Vulnerability - Secunia (rated highly critical and could allow execution of arbitrary code). CVE - CVE-2014-9050 (does not mention the arbitrary code execution -- obviously I hope the CVE article is correct and not the secunia one...).
Either Secunia is A) wrong or needs to update their article or B) The CVE article is wrong....regardless, secunia doesn't drop highly critical ratings too often unless it's fairly important.
Today, Clamav .98.6 came out and includes additional security issues...not all of them have been explicitly stated as to what the security implications are...
Would you please update ClamAV to .98.6? Can't believe I've been running .98.4 with the possibility of this nasty vulnerability out for the past 2 months +...hope no malicious code was executed on my servers as a result of clamav scans....will not be using clamav further until you guys fully update it to the latest version...
Would it behoove me to uninstall clamav from cpanel and just update it myself? Thinking this may be the best option moving forward. Is there anyway I can force update it e.g. yum update clamav?
Anytime a new version is released (whether it's PHP, ClamAV, or any bundled software) we pay attention and take the steps to implement it when necessary. It's not always included right away because we have to put it through several tests to ensure it functions as expected. You can uninstall the instance of ClamAV provided by cPanel and use your own version, but keep in mind that cPanel-integrated features such as the "Virus Scanner" option may not function.
Thank you.
Thank you.
I guess my follow-up question, is the secunia advisory flawed? I looked at clamav.net release for .98.5 which referenced the CVE-2014-9050 article, both of which did not mention .98.5 being a patch for the highly critical vulnerability allowing execution of arbitrary code with elevated privileges. I google'd and only found one more article (which appeared to be a copy of the Secunia article) referencing this highly critical vulnerability on versions before .98.5, which obviously includes .98.4 ...or at least one would think...
Is it safe to continue to scan my system with clamav? Or would you wait until you can update it to .98.6?
I can obviously uninstall it and install my own version (but will break cpanel features), the only thing that stops me is I'll have to do this manually on quite a few servers, whereas, cpanel updates it with new releases.
My concern is someone could send an email with an attachment that exploits this vulnerability, it's scanned, and voila...arbitrary code execution happens on my server. Would incoming attachments be scanned with what privileges? as the user account? e.g. /home/~user?
I occasionally run system wide scans as root which detect malicious files in some of the catch-all email accounts...concerned one of them could try to exploit this if it is indeed exploitable...I occasionally clear these accounts out but need to block emails coming to them altogether.
Is it safe to continue to scan my system with clamav? Or would you wait until you can update it to .98.6?
I can obviously uninstall it and install my own version (but will break cpanel features), the only thing that stops me is I'll have to do this manually on quite a few servers, whereas, cpanel updates it with new releases.
My concern is someone could send an email with an attachment that exploits this vulnerability, it's scanned, and voila...arbitrary code execution happens on my server. Would incoming attachments be scanned with what privileges? as the user account? e.g. /home/~user?
I occasionally run system wide scans as root which detect malicious files in some of the catch-all email accounts...concerned one of them could try to exploit this if it is indeed exploitable...I occasionally clear these accounts out but need to block emails coming to them altogether.
The newer version of ClamAV does include a patch for CVE-2014-9050:
ClamAV® blog: ClamAV 0.98.5 has been released!
You can monitor our change log for case number 138457 that implements the new version. There's currently no specific time frame available for it's release (I see it's been pushed to internal QA builds), and whether you want to disable it or not based on CVE-2014-9050 is really a decision you should make with your system administrator.
Thank you.
ClamAV® blog: ClamAV 0.98.5 has been released!
You can monitor our change log for case number 138457 that implements the new version. There's currently no specific time frame available for it's release (I see it's been pushed to internal QA builds), and whether you want to disable it or not based on CVE-2014-9050 is really a decision you should make with your system administrator.
Thank you.
Michael,
Security Advisory SA62542 - ClamAV "cli_scanpe()" Buffer Overflow Vulnerability - Secunia
That secunia advisory addresses a buffer overflow which could lead to arbitrary code execution on the server. CVE-2014-9050 simply mentions a D-o-S (granted it could be caused by arbitrary code execution of course...)....
A D-o-S I can live with with clamav....arbitrary code execution possibly as root...I can not...since it could compromise the -entire- server.
Is the secunia advisory wrong or do you think they over state the threat? I figured it would be in your best interest to investigate since lots of your users use clamav .98.4 including myself...
I won't be using clamav .98.4 until you guys patch it...not sure why it requires a ton of testing to roll out a new version especially dealing potentially with a critical vulnerability...
I would err on the side of pushing out their new clamav updates instead of possibly leaving servers vulnerable to exploits...but that's my opinion. Obviously test it first...but does it really require 2 months of testing? Clamav .98.5 came out in November...
Security Advisory SA62542 - ClamAV "cli_scanpe()" Buffer Overflow Vulnerability - Secunia
That secunia advisory addresses a buffer overflow which could lead to arbitrary code execution on the server. CVE-2014-9050 simply mentions a D-o-S (granted it could be caused by arbitrary code execution of course...)....
A D-o-S I can live with with clamav....arbitrary code execution possibly as root...I can not...since it could compromise the -entire- server.
Is the secunia advisory wrong or do you think they over state the threat? I figured it would be in your best interest to investigate since lots of your users use clamav .98.4 including myself...
I won't be using clamav .98.4 until you guys patch it...not sure why it requires a ton of testing to roll out a new version especially dealing potentially with a critical vulnerability...
I would err on the side of pushing out their new clamav updates instead of possibly leaving servers vulnerable to exploits...but that's my opinion. Obviously test it first...but does it really require 2 months of testing? Clamav .98.5 came out in November...
Anyone running MailScanner can click on the update button in the FE to auto install ClamAV - v0.98.6
To update, this is now handled through internal case number 158913. ClamAV version 0.98.6 is scheduled for inclusion in future builds, but there's no specific time frame we can provide at this time. You can uninstall ClamAV in the meantime to avoid using a version with the referenced vulnerability.
Thank you.
Thank you.
Michael,
Thank you for the reply. I will uninstall clamav from all web servers until the latest version is ready. Would it be possible to include an option to update WHM under third-party plugins to the lastest, untested release version? You click this update and it says "warning - this will update clamav to latest release version. please, note, these releases may have not yet been checked by cpanel. use with caution" Food for thought and would make updating a lot easier on a lot of web servers.
Thank you for the reply. I will uninstall clamav from all web servers until the latest version is ready. Would it be possible to include an option to update WHM under third-party plugins to the lastest, untested release version? You click this update and it says "warning - this will update clamav to latest release version. please, note, these releases may have not yet been checked by cpanel. use with caution" Food for thought and would make updating a lot easier on a lot of web servers.
I'm not sure that's possible due to the nature of how we implement ClamAV and it's interaction with other aspects of cPanel. However, feel free to submit a feature request for it via:
Submit A Feature Request
Thank you.
Submit A Feature Request
Thank you.
I see Clamav .98.6 rpm already on Downloads - cPanel Inc.
http://httpupdate.cpanel.net/RPM/11.40/centos/6/x86_64/cpanel-clamav-0.98.6-1.cp1140.x86_64.rpm
http://httpupdate.cpanel.net/RPM/11...l-clamav-virusdefs-0.98.6-1.cp1140.x86_64.rpm
Is it ok to upgrade clamav by using these rpm manually?
http://httpupdate.cpanel.net/RPM/11.40/centos/6/x86_64/cpanel-clamav-0.98.6-1.cp1140.x86_64.rpm
http://httpupdate.cpanel.net/RPM/11...l-clamav-virusdefs-0.98.6-1.cp1140.x86_64.rpm
Is it ok to upgrade clamav by using these rpm manually?
Manually installing that RPM is not supported, but the case has been included in build 11.47.9999.144 (Edge tier):
Fixed case 158913: Update clamav to 0.98.6 from upstream.
You should see this in cPanel version 11.48.1, which should make it's way to additional tiers in the near future.
Thank you.
Fixed case 158913: Update clamav to 0.98.6 from upstream.
You should see this in cPanel version 11.48.1, which should make it's way to additional tiers in the near future.
Thank you.
| Thread starter | Similar threads | Forum | Replies | Date |
|---|---|---|---|---|
| M | Does ClamAV scan incoming email? | Security | 1 | |
| W | SOLVED CPANEL-42410 - ClamAV CVE-2023-20032 & CVE-2023-20052, RCE with 9.8 CVSS | Security | 7 | |
| S | ClamAv high CPU load | Security | 7 | |
| N | SOLVED Clamav Error In Logs | Security | 5 | |
| A | 56 update failed - cpanel-clamav different from expected hash | Security | 16 |