ClamAV CVE-2023-20032 CVSS 9.8

ClamAV updates are handled by Debian Upstream - and usually they arrive quite fast if there's a security vulnerability - I'd expect a fixed version to be soon available in the debian-security repository.

In the meantime the following might help as a partial mitigation:
It is based on the clamav-blogpost mentioning that the issue is with HFS+ and DMG files:

* modify the postfix config to reject files with '.dmg' and '.hfs' and '.img' as name:
add
Code: 
header_checks = regexp:/etc/postfix/header_checks
to main.cf.in - see https://pmg.proxmox.com/pmg-docs/pmg-admin-guide.html#pmgconfig_template_engine

and create /etc/postfix/header_checks with the following contents:
Code: 
/name=[^>]*\.(dmg|hfs|img)/   REJECT

the mitigation is only partial because it only matches on the filename, which is provided by the mail-client - so an attacker could very well spoof it.
 
  • Like
Reactions: ginger and bougatoyta
>clamav Version 0.103.8+dfsg-0+deb11u1 is now in Debian bullseye proposed-updates

This is great, but how do I install it?
 
Sysxpp said:
This is great, but how do I install it?
Click to expand...
you need to add the proposed-updates repository to /etc/apt/sources.list.d/proposed-updates.list

Code: 
deb http://deb.debian.org/debian/ bullseye-proposed-updates main contrib non-free

then you can update and dist-upgrade and should get the updated version.

I hope this helps!
 
as with any other update of clamAV in PMG I'd suggest to keep the local version - it will get replaced by the templateing system once per day/on reboot anyways.
 
I'd recommend to simply uninstall the clamav package you downloaded from clamav net - it seems it is not made to replace the upstream debian packages (which PMG is using)

Code: 
dpkg -l |grep clama
ii  clamav                                                  0.103.8+dfsg-0+deb11u1         amd64        anti-virus utility for Unix - command-line interface
ii  clamav-base                                             0.103.8+dfsg-0+deb11u1         all          anti-virus utility for Unix - base package
ii  clamav-daemon                                           0.103.8+dfsg-0+deb11u1         amd64        anti-virus utility for Unix - scanner daemon
ii  clamav-freshclam                                        0.103.8+dfsg-0+deb11u1         amd64        anti-virus utility for Unix - virus database update utility
ii  libclamav9:amd64                                        0.103.8+dfsg-0+deb11u1         amd64        anti-virus utility for Unix - library

these versions should work

I hope this helps!
 
Ok, apt-get remove clamav solved the mystery errors, but now it says this:
Is there a manual way to update? Not sure why it put me on "cool-down".
wait.PNG
 
Sysxpp said:
Is there a manual way to update? Not sure why it put me on "cool-down".
Click to expand...
You've run into the rate-limit clamav uses for downloads - just wait - freshclam automatically checks if there's an update available and downloads it

also make sure you have 'Incremental updates' enabled in GUI->Configuration->Virus Detector->ClamAV
 
Thank you for your response - you're the best around! :)
I found and deleted freshclam.dat at /var/lib/clamav/.
Still no luck, it says that I'm blocked by the CDN. (incremental updates enabled)
Is there a way or procedure to update manually? I mean - get the files, put them in /tmp/ and update using those files?


ClamAV update process started at Tue Feb 21 18:43:41 2023 daily database available for update (local version: 26735, remote version: 26819) WARNING: downloadPatch: Can't download daily-26736.cdiff from https://database.clamav.net/daily-26736.cdiff WARNING: Incremental update failed, trying to download daily.cvd WARNING: Can't download daily.cvd from https://database.clamav.net/daily.cvd WARNING: FreshClam received error code 403 from the ClamAV Content Delivery Network (CDN). ... WARNING: You are on cool-down until after: 2023-02-22 18:43:43 ERROR: Database update process failed: Forbidden; Blocked by CDN ERROR: Update failed. TASK ERROR: command '/usr/bin/freshclam --stdout' failed: exit code 17
 
Last edited:
Sysxpp said:
Is there a way or procedure to update manually? I mean - get the files, put them in /tmp/ and update using those files?
Click to expand...
as said - I'd just wait until you're past the cool-down period - if you have enabled incremental updates I suppose the newest signatures will be downloaded then.
 
I was able to solve the problem with updates, it was not because of the technical issues, but because we were unable to build a successful society. So sad, so many lives lost, so many years wasted. I guess, some people and/or some places are just doomed. :'(
 
You must log in or register to reply here.
Top Bottom