Koozali.org formerly Contribs.org

[Announce]: Clam update to 0.92.1

Offline Knuddi

  • *
  • 532
    • http://www.smeoptimizer.com
[Announce]: Clam update to 0.92.1
« on: February 11, 2008, 10:24:35 PM »
Lots of bug fixes in this release. The package has been uploaded. Lets how many remaining server we have out there after this release has been active for some days. Have more migrated to SME 7 now (You should if you can)?

Enjoy,
Jesper


Changelog:

Mon Feb 11 19:32:02 CET 2008
----------------------------
  * libclamav/mew.c: fix possible heap corruption (bb#806)
    Found by Elliot, broken module disabled via daily.cvd published on Feb 2
  * libclamav/pe.c: fix possible integer overflow (CVE-2008-0318)
    Found by Silvio Cesare working with the VeriSign iDefense VCP;
    broken module disabled via daily.cvd published on Jan 11, 2008
  * libclamav/cab.c: improve handling of stored files (bb#771)
  * libclamav/unarj.c: improve bounds checking (bb#811)
  * libclamav/scanners.c: respect recursion limits in cli_scanembpe() (bb#771)
  * libclamav/vba_extract.c: fix extraction of embedded files (bb#760)
  * libclamav/others.[ch]: add cli_ctime() (uses ctime_r() if available or
    falls back to mutex protected ctime())
  * clamd, clamav-milter, shared: use cli_ctime() instead of the
    thread-unsafe ctime()
  * libclamav/nsis/nulsft.c: use mutex for cli_nsis_unpack() (bb#812)
  * libclamunrar: Use static CRC table - bb#64
  * libclamav/matcher-bm.c: on Solaris/Intel bm_shift could be improperly
    allocated (bb#773)
  * freshclam/manager.c: advertise itself as HTTP/1.0 client
  * libclamav/cab.[ch]: rewrite file/folder handling code (bb#730)
  * shared/output.c: fix handling of special characters in mprintf/logg (bb#360)
  * shared/misc.c: add error reporting to daemonize() (bb#729)
  * configure: if available use dscl on Mac OS X (bb#753)
  * libclamunrar/unrar.c: disable 'Unknown RAR pack method' error message due
    to false alerts with some SFX archives (bb#399)
  * configure: don't link with nsl if not needed (bb#754)
  * shared/misc.c, clamd, clamscan, freshclam: respect custom dbdir settings
    in print_version() (bb#699)
  * libclamunrar_iface/unrar_iface.h: add missing #pragma pack direct.  (bb#769)
  * libclamav/entconv.c: don't make tmp_move negative (exper. code, bb #772).
  * shared/misc.c: don't pass --rsrc flag to ditto (bb#380)
  * libclamav: fix printing of size_t and off_t vars (bb#444)
  * clamav-milter: Use new cli_rndnum API
  * libclamav/others.c: improve cli_rndnum() and cli_gentempfd()
  * libclamav/cvd.c: fix error path descriptor leak; gzdopen() may not close fd
  * shared/misc.c: cvd_unpack: cli_untgz() no longer closes fd
  * clamav-milter: Fix error handling in Session Mode
  * clamav-milter: Correct nul termination in ping response from clamd
  * libclamunrar_iface/unrar_iface.[ch]: minor cleanups

Re: [Announce]: Clam update to 0.92.1
« Reply #1 on: February 12, 2008, 01:25:14 AM »
Thank you!!

Offline Knuddi

  • *
  • 532
    • http://www.smeoptimizer.com
Re: [Announce]: Clam update to 0.92.1
« Reply #2 on: February 14, 2008, 09:18:36 AM »
This time only 581 servers have updated to the new version compared to 647 for last release in December. Some people are moving towards SME 7 :-)

Re: [Announce]: Clam update to 0.92.1
« Reply #3 on: February 14, 2008, 10:50:30 AM »
Thank you Knuddi! There are still a few vs6.00 around apparently, and whilst it would be best to have them upgrading to 7 (they really should ASAP), your work make them a little safer for the users.
- chris
If it does not work out of the box, please fill in a Bug Report @ Bugzilla (http://bugs.contribs.org)  - check: http://wiki.contribs.org/Bugzilla_Help .  Thanks.

Offline raem

  • *
  • 3,972
Re: [Announce]: Clam update to 0.92.1
« Reply #4 on: February 15, 2008, 12:34:02 AM »
Knuddi & chris

Quote
...whilst it would be best to have them upgrading to 7 (they really should ASAP), your work make them a little safer for the users.

Knuddi my next comments in no way degrade from your work, which I have thanked you for in the past.

While Chris' comment has some validity ie "make them a little safer", it's really a case of trying to plug up one "hole" when there are many "holes" in need of plugging.

Knuddi, by continuing to release antivirus support for sme6, you are promoting people to keep using the severely out of date OS, which does for sure have security issues. There have been no updates released for many packages used in sme6 for over 20 months (sme7.0 was release 1st July 2006), so from your statistics there are at least 581 insecure sme6 servers out there, and probably quite a few more if they could all be counted.

It would probably be best if you discontinued releasing AV updates for sme6.x and then people might be forced to upgrade (due to lack of support), end result being 581 or more very secure servers running sme7.3 with automatic AV updates included for free, and many more much better features & functionality as well.

...

Offline Knuddi

  • *
  • 532
    • http://www.smeoptimizer.com
Re: [Announce]: Clam update to 0.92.1
« Reply #5 on: February 15, 2008, 09:39:13 AM »
I completely understand your viewpoint and do also to some extend agree. I just do not think that many of these 581 servers would migrate much faster should I no longer deliver updates. I think many of these are home servers that just sit there and have done so for long. They might very well not even have been updated with all the updates that came from contribs.org after final release of SME 6.x. So YES I also think that most of these are very insecure and YES they ought to upgrade. The only think we all can be happy for is that SME from the start is a pretty secure distribution with a very good choice of exposed services.

But having said all that then as long as I have SME 6.x servers in my own network (which will not be so long anymore) I will continue to bring this out. I have only 2 left now, the rest migrated to SME 7.3.

Re: [Announce]: Clam update to 0.92.1
« Reply #6 on: March 04, 2008, 06:55:20 AM »
Thanks Kuddi.

I have a version 6 server in a very remote place and this was (once again) a great help