Pending Publication [CPANEL-28735] ClamAV patch for non-recursive zip bombs

Trane Francks

Well-Known Member
Jun 19, 2012
100
10
18
Machida, Tokyo, Japan
cPanel Access Level
Root Administrator

cPanelMichael

Technical Support Community Manager
Staff member
Apr 11, 2011
47,749
2,205
363
cPanel Access Level
DataCenter Provider
Twitter
Hello :)

Internal case CPANEL-28735 is open to publish an updated ClamAV version with cPanel & WHM. I'll monitor this case and update this thread with more information as it becomes available. In the meantime, you can temporarily disable ClamAV by uninstalling it via the WHM >> Manage Plugins interface. Once it's uninstalled, you'll need to execute the following command to avoid the issue described on Pending Publication - [CPANEL-28012] Incomplete ClamAV Plugin Uninstall.

/scripts/buildeximconf

If you're concerned about .zip attachments overall, the following document includes information on how to add additional extensions (e.g. "zip") to the list of attachments filtered in the Exim system filter file:


If you're using cPanel & WHM on CloudLinux, see the blog post below for more information on how to address this issue:


Thank you.
 
Last edited:
  • Like
Reactions: cPAusaf

Trane Francks

Well-Known Member
Jun 19, 2012
100
10
18
Machida, Tokyo, Japan
cPanel Access Level
Root Administrator
Hi, Michael.

It is unnecessary to remove ClamAV. To mitigate the issue pending the new version being rolled out, users can disable scanning archives:

* Use your favourite editor to open /usr/local/cpanel/3rdparty/etc/clamd.conf;
* Find the "ScanArchive" option in the file and create an entry: ScanArchive no;
* Save the configuration file;
* Restart ClamAV - /scripts/restartsrv_clamd.

Once the new version is rolled out, users can visit the clamd.conf file again and undo their changes to enable scanning archives again.

I hope this helps,

trane