Vulnerability in ClamAV

[some-admins]

https://amitschendel.github.io/vulnerabilites/CVE-2024-20328/

Is the "VirusEvent" Feature activated in the PMG?
clamd.conf | grep "VirusEvent" finds nothing.


Any suggestions or updates for this?

THX

 

[Stoiko Ivanov]

Is the "VirusEvent" Feature activated in the PMG?
clamd.conf | grep "VirusEvent" finds nothing.


Any suggestions or updates for this?

THX

This part is not used by PMG - so I'm quite certain it is not hit by this CVE.

For CVE-2024-20290 (see https://blog.clamav.net/2023/11/clamav-130-122-105-released.html) - cisco (they are currently the company behind ClamAV) states that this only affects ClamAV running on windows:

Impacts of ClamAV DoS Vulnerability on Windows Platforms

This vulnerability, which has a High Security Impact Rating (SIR), affects only Windows-based platforms because those platforms run the ClamAV scanning process as a service that could enter a loop condition, which would consume available CPU resources and delay or prevent further scanning operations. See the Assessing Security Risk section of the Cisco Security Vulnerability Policy for information about vulnerability scoring and SIRs.

via: https://sec.cloudapps.cisco.com/sec...CiscoSecurityAdvisory/cisco-sa-clamav-hDffu6t

so I don't think that PMG is affected by this
Furthermore I'd assume that disabling

ScanOLE2

in the clamd.conf template (see https://pmg.proxmox.com/pmg-docs/pmg-admin-guide.html#pmgconfig_template_engine)
should prevent the issue to occur - so if you want to be extra careful you might consider disabling this until a fixed version is available in Debian.

I hope this explains it!