Results 1 to 2 of 2

Thread: [SOLVED] Update Zimbra Builds to Clamav-0.91.2...

  1. #1
    Join Date
    Jul 2006
    New York, NY
    Rep Power

    Exclamation [SOLVED] Update Zimbra Builds to Clamav-0.91.2...

    Over the weekend my development Zimbra server got hack and started sending out packets over port 6667, which apparently is used by trojans to send and receive commands, fortunately its firewalled and on a separate network so all it did was flood the switch it was attached to. Annoying yes, Super-critical, not in this situation.

    So after an extensive review of all open ports and possible ways into the box, and as far we can tell there was no root access granted, we have come to several conclusions, but the only ones that really seems probable are DoS attacks based on an outdated clamav-0.91.1.

    I would advise all Zimbra Admins to upgrade to clamav-0.91.2 as soon as possible as it requires a short amount of downtime but a huge increase in security.

    ClamAV Multiple Vulnerabilities - Advisories - Secunia (Highly Critical)
    ClamAV RAR Archive Processing Denial of Service Vulnerability - Advisories - Secunia (Moderately Critical)

    Tue Aug 21 00:57:03 CEST 2007
      V 0.91.2
      * Bugfixes and changes since 0.91.1:
        - libclamav/rtf.c: fix possible NULL dereference (bb#611)
        - libclamav/ole2_extract.c: properly initialise hdr.max_block_no (bb#603)
        - libclamav/htmlnorm.c: fix possible NULL dereference (bb#582),
          thanks to Stefanos Stamatis
        - libclamav/htmlnorm.c: fix call to tolower() (bb#580)
        - libclamav/filetypes.c: some embedded PEs were not being detected
        - clamav-milter: Fix compilation error on NetBSD2.0
        - clamav-milter: Black-hole-mode no longer needs to be run as root
        - libclamav/pdf.c: Bug 618, --block-max not always honoured
        - libclamav/phishcheck.c, regex_list.c, phish_whitelist.c: make debug
          output look better (patch from Sven)
        - libclamav/phishcheck.c: Don't report phishing on broken urls containing
          '>' in the hostname. (bb #619)
        - libclamav, sigtool: add support for PUA databases (.hdu, .mdu, .ndu),
          requested by Christoph
        - clamscan: add --detect-pua
        - clamd, clamd.conf: add DetectPUA
        - freshclam/mirman.c: properly handle mirror access times (bb#606, only
          outdated installations - three versions behind the latest one were
          affected by this problem),
          Reported by David F. Skoll <dfs*>
        - clamav-milter:      Bug 614
        - libclamav/pdf.c:    Bug 608
        - clamav-milter:      SPF checking no longer experimental
        - libclamav/phishcheck.c: workaround Solaris problem with regexec() [bb #598]
        - libclamav/matcher-ac.c: fix matching of patterns with prefixes and some
          other issues spotted by Glen <daineng*>
        - clamav-milter/clamav-milter.c: Better use of res_init()
        - clamav-milter/clamav-milter.c: HP-UX doesn't have EX_CONFIG, reported
          by clam *
    This can be accomplished by following the instructions here: Updating ClamavWiki
    Obviously substitute for the correct version numbers used in the wiki.

    Next Step:

    The closet thing I can find for a more permanent solution to this problem, is listed here in bugzilla.
    Bug 15137 - Breakout RPM packages for ClamAV, SpamAssassin and Others to allow out of cycle updates

    I'll file another bug that will hopefully make it into ZCS 4.5.8. Bugzilla - 20568
    Last edited by glitch23; 09-24-2007 at 10:51 AM.
    Because we all can't be geniuses, I'll go first.

  2. #2
    Join Date
    Oct 2005
    Thatcher, AZ
    Rep Power


    We're currently investigating this issue, and will have an update soon.

    Thanks for the heads up

Similar Threads

  1. [SOLVED] Spam Being Sent Thru Server - Help Needed!
    By msf004 in forum Administrators
    Replies: 22
    Last Post: 03-14-2008, 11:11 PM
  2. Replies: 12
    Last Post: 02-23-2008, 11:16 PM
  3. svn version still won't start
    By kinaole in forum Developers
    Replies: 0
    Last Post: 10-04-2006, 06:47 AM
  4. Replies: 16
    Last Post: 09-07-2006, 06:39 AM
  5. FC3 Install and no zimbra ?
    By aws in forum Installation
    Replies: 10
    Last Post: 10-09-2005, 04:19 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts