Vulnerability in ClamAV

Is the "VirusEvent" Feature activated in the PMG?
clamd.conf | grep "VirusEvent" finds nothing.


Any suggestions or updates for this?

THX
This part is not used by PMG - so I'm quite certain it is not hit by this CVE.

For CVE-2024-20290 (see https://blog.clamav.net/2023/11/clamav-130-122-105-released.html) - cisco (they are currently the company behind ClamAV) states that this only affects ClamAV running on windows:
Impacts of ClamAV DoS Vulnerability on Windows Platforms

This vulnerability, which has a High Security Impact Rating (SIR), affects only Windows-based platforms because those platforms run the ClamAV scanning process as a service that could enter a loop condition, which would consume available CPU resources and delay or prevent further scanning operations. See the Assessing Security Risk section of the Cisco Security Vulnerability Policy for information about vulnerability scoring and SIRs.
via: https://sec.cloudapps.cisco.com/sec...CiscoSecurityAdvisory/cisco-sa-clamav-hDffu6t

so I don't think that PMG is affected by this
Furthermore I'd assume that disabling
Code:
ScanOLE2
in the clamd.conf template (see https://pmg.proxmox.com/pmg-docs/pmg-admin-guide.html#pmgconfig_template_engine)
should prevent the issue to occur - so if you want to be extra careful you might consider disabling this until a fixed version is available in Debian.

I hope this explains it!
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!