Vulnerability in ClamAV

some-admins said:
Is the "VirusEvent" Feature activated in the PMG?
clamd.conf | grep "VirusEvent" finds nothing.


Any suggestions or updates for this?

THX
Click to expand...
This part is not used by PMG - so I'm quite certain it is not hit by this CVE.

For CVE-2024-20290 (see https://blog.clamav.net/2023/11/clamav-130-122-105-released.html) - cisco (they are currently the company behind ClamAV) states that this only affects ClamAV running on windows:
Impacts of ClamAV DoS Vulnerability on Windows Platforms

This vulnerability, which has a High Security Impact Rating (SIR), affects only Windows-based platforms because those platforms run the ClamAV scanning process as a service that could enter a loop condition, which would consume available CPU resources and delay or prevent further scanning operations. See the Assessing Security Risk section of the Cisco Security Vulnerability Policy for information about vulnerability scoring and SIRs.
Click to expand...
via: https://sec.cloudapps.cisco.com/sec...CiscoSecurityAdvisory/cisco-sa-clamav-hDffu6t

so I don't think that PMG is affected by this
Furthermore I'd assume that disabling
Code: 
ScanOLE2
in the clamd.conf template (see https://pmg.proxmox.com/pmg-docs/pmg-admin-guide.html#pmgconfig_template_engine)
should prevent the issue to occur - so if you want to be extra careful you might consider disabling this until a fixed version is available in Debian.

I hope this explains it!
 
  • Like
Reactions: hd--, herzkerl and t.lamprecht
You must log in or register to reply here.
Top Bottom