Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Clamav .99.2 vulnerabilities

Discussion in 'Security' started by Venomous21, Jan 25, 2018.

Tags:
  1. Venomous21

    Venomous21 Well-Known Member

    Joined:
    Jun 28, 2012
    Messages:
    83
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    ClamAV® blog

    Few nasty remote code execution vulnerabilities, just came out today. ETA on when it will be updated in cpanel?

    If a user runs clamav from their cpanel at :2083, will it run as that user or as root?
     
  2. lorio

    lorio Well-Known Member

    Joined:
    Feb 25, 2004
    Messages:
    276
    Likes Received:
    9
    Trophy Points:
    168
    cPanel Access Level:
    Root Administrator
    Isn't the main attack vector via email attachments? There is a report from a provider, where PDFs in emails are using CVE-2017-12376 to get a buffer overflow.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    43,711
    Likes Received:
    1,794
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    The inclusion of ClamAV 0.99.3 is currently tracked as part of internal case CPANEL-18300. I'll monitor this case and update this thread with more information on it's status as it becomes available.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. Venomous21

    Venomous21 Well-Known Member

    Joined:
    Jun 28, 2012
    Messages:
    83
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    ETA? I have clamav disabled on our servers until this is fixed. Don't want to scan a malicious pdf by accident and trigger the buffer overflow. Anyway to perform a scan and exclude all *.pdf? Or could it still trigger the buffer overflow?
     
  5. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    43,711
    Likes Received:
    1,794
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    There's currently no specific time frame to offer, but I do see it's made it's way through testing and should be included with the next cPanel version 70 build. I'll update this thread again once the case is published.

    As far as excluding PDF files from the scan, you can exclude specific virus definitions using the instructions at:

    ClamAV exclude file extension?

    However, I don't believe that would achieve what you are seeking. There's a ClamAV mailing list thread on this topic at:

    [clamav-users] Whitelist based on sign *and* filename?

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    43,711
    Likes Received:
    1,794
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    To update, the new version of ClamAV was published as part of cPanel version 70.0.8:

    Fixed case CPANEL-18300: Update cpanel-clamav to 0.99.3-1.cp1170.

    cPanel version 70 is tentatively scheduled for publication to the Current build tier next week.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. Venomous21

    Venomous21 Well-Known Member

    Joined:
    Jun 28, 2012
    Messages:
    83
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    Hello,

    I'm still waiting for version 70 to be pushed to Release. That having been said, .99.4 of clamav was released to address more critical security vulnerabilities including code execution. I don't feel comfortable using clamav until we are on the latest security patched release. They also released .100 but it's not a security update, more of a feature release.

    Should we expect to see .99.4 or .100 in version 70 soonish?

    Thanks
     
  8. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    43,711
    Likes Received:
    1,794
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Yes, internal case CPANEL-18950 was opened to include ClamAV version 0.99.4. It was published as part of cPanel & WHM version 70.0.24:

    Fixed case CPANEL-18950: Update cpanel-clamav to 0.99.4-1.cp1170.

    ClamAV version 0.100 is only available as a release candidate and thus has not yet been considered for publication with cPanel & WHM.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice