Roger Marquis
2008-Nov-11 08:11 UTC
ports/128749: [vuxml] VBA parser vulnerability in ClamAV
> As was recently reported in the BugTraq list, VBA parser in ClamAV is > contains the off-by-one overflow and can lead to the arbitrary code > execution within the clamd process. > > VBA component seem to be unconditionally included to the libclamav > and OLE2 scanning is "on" by-default.FWIW, clamav-0.94.1 does not compile under 5.X without CONFIGURE_ARGS+--disable-gethostbyname_r. When compiled this way it does not run (exits after initialization with no error logging). Though 5.X is no longer officially supported there are many sites still running it which could benefit from a patch, assuming it would be trivial to create such a patch. Roger Marquis
Michael Scheidell
2008-Nov-12 17:27 UTC
ports/128749: [vuxml] VBA parser vulnerability in ClamAV
> FWIW, clamav-0.94.1 does not compile under 5.X without CONFIGURE_ARGS+> --disable-gethostbyname_r. When compiled this way it does not run (exits > after initialization with no error logging).One more patch needed: sed -i '' -e "s/enable-gethostbyname/disable-gethostbyname/; /^PTHREAD_LIBS/s/lthr/lpthread/" Makefile (replace lthr with lpthread which has proven unstable in clamav anyway) I have several legacy 5.5 systems running this way. Note: unofficial, not supported by me, SECNAP, Freebsd, the RNC, the DNC, or the free masons. YMMV -- Michael Scheidell, CTO>|SECNAP Network SecurityWinner 2008 Network Products Guide Hot Companies FreeBSD SpamAssassin Ports maintainer _________________________________________________________________________ This email has been scanned and certified safe by SpammerTrap(r). For Information please see http://www.spammertrap.com _________________________________________________________________________