Koozali.org: home of the SME Server

[Announce]: Clam AV updated to 0.92

Offline Knuddi

  • *
  • 540
  • +0/-0
    • http://www.scanmailx.com
[Announce]: Clam AV updated to 0.92
« on: December 18, 2007, 10:11:56 PM »
Clam AV has been updated to 0.92 - Release announcement from ClamAV team:

This release provides various bugfixes, optimisations and improvements
to the scanning engine. The new features include support for ARJ and
SFX-ARJ archives, AutoIt, basic SPF parser in clamav-milter (to reduce
phishing false-positives), faster scanning and others (see ChangeLog).
To get a consistent behaviour of the anti-phishing module on all platforms,
libclamav now includes the regex library from OpenBSD.

and the following security issues resolved:

CVE-2007-6335 - MEW PE File Integer Overflow

CVE-2007-6336 - Off-by-one error in LZX_READ_HUFFSYM()

CVE-2007-6337 - bzlib issue

Packages available from:
http://sme.swerts-knudsen.com/downloads/AntiVirus/

http://distro.ibiblio.org/pub/linux/distributions/smeserver/contribs/swerts-knudsen/AntiVirus/clamav-es-0.92-es01.i386.rpm
http://distro.ibiblio.org/pub/linux/distributions/smeserver/contribs/swerts-knudsen/AntiVirus/clamav-es-libs-0.92-es01.i386.rpm

But most of you have signed up for updates and have properly already been updated. I can see 600+ installation already -> SME 6.x is still not dead :-)

Enjoy,
Jesper Knudsen

Offline Normando

  • *
  • 841
  • +2/-1
    • Unixlan
Re: [Announce]: Clam AV updated to 0.92
« Reply #1 on: December 19, 2007, 01:45:25 AM »
Jesper. I want to say thank you! Yes, a lot of sme6 run over the world.

Offline Confucius

  • *****
  • 235
  • +0/-0
Re: [Announce]: Clam AV updated to 0.92
« Reply #2 on: December 19, 2007, 09:41:21 AM »
Jesper,

Happy you didn't end the support for SME6 yet. Still in upgrading process here and was delighted to see that SME6 is made a little more secure again (for the time being here).

Thnx pal..

Harro

Offline NickR

  • *
  • 283
  • +0/-0
    • http://www.witzendcs.co.uk/
Re: [Announce]: Clam AV updated to 0.92
« Reply #3 on: December 19, 2007, 06:04:24 PM »
I'm sure that Jesper would also appreciate some of those 600+ users donating a few $'s as a show of appreciation.  I have just donated $250 for the 10 servers I run.  How about you?
--
Nick......

Offline raem

  • *
  • 3,972
  • +4/-0
Re: [Announce]: Clam AV updated to 0.92
« Reply #4 on: December 19, 2007, 07:03:29 PM »
To all sme6 users

I don't understand why you are still using sme 6.x.

sme7.0 was a final (stable) release nearly 18 months ago (mid 2006), and there have been 2 major point releases since then, and significant code improvements, with the third one about to happen (7.3).
All main contribs that were available for sme6 appear to be available for sme7, or in quite a few cases the need for contribs has been replaced by new features in sme7.x.

You are obviously using these servers for email as you want the virus scanning system, so these servers are connected to the Internet. You are obviously interested in virus screening but you don't seem so interested in server security. No one is releasing updates for sme 6.x base code anymore, so all current installations are likely to be insecure.

What are you all waiting for in order to update to sme7.2. It's good, it works, and it's better than sme6.x ever was.
...

Offline Knuddi

  • *
  • 540
  • +0/-0
    • http://www.scanmailx.com
Re: [Announce]: Clam AV updated to 0.92
« Reply #5 on: December 19, 2007, 08:55:46 PM »
SME 7x is clearly better in many aspects and I have also upgraded my home server already. My problem or reason for sticking to SME6 at some location is simply distance. I have a box in South Brazil, one in Moscow and one in Silicon Valley and I am located in DK. Secondly all these systems are heavily customized for fit a 4 site company. All my boxes are not exposed to the world directly (all run as servers) but are protected by SmoothWall firewalls where only Denmark has other ports than OpenVPN is open (Mail, Web, and FTP).

They work, they are never down, they are safe and ..... I have no good reason to take the battle and upgrade as long as I keep making ClamAV and should I not bother than any longer I can place a SME7 as delegate server.

Offline raem

  • *
  • 3,972
  • +4/-0
Re: [Announce]: Clam AV updated to 0.92
« Reply #6 on: December 19, 2007, 09:39:45 PM »
To all

Even behind another firewall, as soon as you forward ports to your sme 6.x server, then you have exposed sme6.x's security weaknesses to the Internet.

The only currently safe sme6.x server would be one that is behind a firewall with all ports closed & external services disabled, in private server mode.
...

Offline Knuddi

  • *
  • 540
  • +0/-0
    • http://www.scanmailx.com
Re: [Announce]: Clam AV updated to 0.92
« Reply #7 on: December 22, 2007, 08:17:54 AM »
Ray,

To your comfort then I can see less servers upgrading this time which I guess is a sign of upgrades to SME7 (no one would move another platform...).

clamav-es-0.91.2 had 1008 installations from September and clamav-es-0.92 has until now only 647

NickR thanks for your donation.

Merry Christmas to all of you out there.

/Jesper

Offline raem

  • *
  • 3,972
  • +4/-0
Re: [Announce]: Clam AV updated to 0.92
« Reply #8 on: December 22, 2007, 10:25:16 AM »
Jesper

I guess it is awkward with remote servers to maintain in different countries, but that really means you (& other sme6 users) really need to have an upgrade policy/procedure in place, rather than keep insecure sme6's running "just because it's easy to do so".

You have done a lot of good work for sme6 users, which included myself previously, thanks.

A Happy Christmas & New year to you to.
...

Offline Knuddi

  • *
  • 540
  • +0/-0
    • http://www.scanmailx.com
Re: [Announce]: Clam AV updated to 0.92
« Reply #9 on: January 05, 2008, 08:00:31 AM »
Some will notice that there is a es02 version out now. This version enabled the new RAR inferface which was the big news in 0.92 - I had it disabled at first to figure out what it did. Should according to ClamAV team gives higher performance and fewer false negative for RAR archives.

Enjoy,
Jesper