ClamAV CVE-2023-20032 CVSS 9.8

ClamAV updates are handled by Debian Upstream - and usually they arrive quite fast if there's a security vulnerability - I'd expect a fixed version to be soon available in the debian-security repository.

In the meantime the following might help as a partial mitigation:
It is based on the clamav-blogpost mentioning that the issue is with HFS+ and DMG files:

* modify the postfix config to reject files with '.dmg' and '.hfs' and '.img' as name:
add
Code: 
header_checks = regexp:/etc/postfix/header_checks
to main.cf.in - see https://pmg.proxmox.com/pmg-docs/pmg-admin-guide.html#pmgconfig_template_engine

and create /etc/postfix/header_checks with the following contents:
Code: 
/name=[^>]*\.(dmg|hfs|img)/   REJECT

the mitigation is only partial because it only matches on the filename, which is provided by the mail-client - so an attacker could very well spoof it.
 
  • Like
Reactions: ginger and bougatoyta
>clamav Version 0.103.8+dfsg-0+deb11u1 is now in Debian bullseye proposed-updates

This is great, but how do I install it?
 
Sysxpp said:
This is great, but how do I install it?
Click to expand...
you need to add the proposed-updates repository to /etc/apt/sources.list.d/proposed-updates.list

Code: 
deb http://deb.debian.org/debian/ bullseye-proposed-updates main contrib non-free

then you can update and dist-upgrade and should get the updated version.

I hope this helps!
 
as with any other update of clamAV in PMG I'd suggest to keep the local version - it will get replaced by the templateing system once per day/on reboot anyways.
 
I'd recommend to simply uninstall the clamav package you downloaded from clamav net - it seems it is not made to replace the upstream debian packages (which PMG is using)

Code: 
dpkg -l |grep clama
ii  clamav                                                  0.103.8+dfsg-0+deb11u1         amd64        anti-virus utility for Unix - command-line interface
ii  clamav-base                                             0.103.8+dfsg-0+deb11u1         all          anti-virus utility for Unix - base package
ii  clamav-daemon                                           0.103.8+dfsg-0+deb11u1         amd64        anti-virus utility for Unix - scanner daemon
ii  clamav-freshclam                                        0.103.8+dfsg-0+deb11u1         amd64        anti-virus utility for Unix - virus database update utility
ii  libclamav9:amd64                                        0.103.8+dfsg-0+deb11u1         amd64        anti-virus utility for Unix - library

these versions should work

I hope this helps!
 
Ok, apt-get remove clamav solved the mystery errors, but now it says this:
Is there a manual way to update? Not sure why it put me on "cool-down".
wait.PNG
 
Sysxpp said:
Is there a manual way to update? Not sure why it put me on "cool-down".
Click to expand...
You've run into the rate-limit clamav uses for downloads - just wait - freshclam automatically checks if there's an update available and downloads it

also make sure you have 'Incremental updates' enabled in GUI->Configuration->Virus Detector->ClamAV
 
Thank you for your response - you're the best around! :)
I found and deleted freshclam.dat at /var/lib/clamav/.
Still no luck, it says that I'm blocked by the CDN. (incremental updates enabled)
Is there a way or procedure to update manually? I mean - get the files, put them in /tmp/ and update using those files?


ClamAV update process started at Tue Feb 21 18:43:41 2023 daily database available for update (local version: 26735, remote version: 26819) WARNING: downloadPatch: Can't download daily-26736.cdiff from https://database.clamav.net/daily-26736.cdiff WARNING: Incremental update failed, trying to download daily.cvd WARNING: Can't download daily.cvd from https://database.clamav.net/daily.cvd WARNING: FreshClam received error code 403 from the ClamAV Content Delivery Network (CDN). ... WARNING: You are on cool-down until after: 2023-02-22 18:43:43 ERROR: Database update process failed: Forbidden; Blocked by CDN ERROR: Update failed. TASK ERROR: command '/usr/bin/freshclam --stdout' failed: exit code 17
 
Last edited:
Sysxpp said:
Is there a way or procedure to update manually? I mean - get the files, put them in /tmp/ and update using those files?
Click to expand...
as said - I'd just wait until you're past the cool-down period - if you have enabled incremental updates I suppose the newest signatures will be downloaded then.
 
I was able to solve the problem with updates, it was not because of the technical issues, but because we were unable to build a successful society. So sad, so many lives lost, so many years wasted. I guess, some people and/or some places are just doomed. :'(
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back