clamav security risk

Discussion in 'General' started by Fruchtzwerg, Aug 8, 2006.

  1. Fruchtzwerg

    Fruchtzwerg New Member

  2. Ben

    Ben ISPConfig Developer ISPConfig Developer

    This update will be included in the next update of ISPConfig I guess.

    Anyway you can download the newest clamav (0.88.4), in to any temorary dir, also put clamassassin-1.2.3.tar.gz file in that dir (you can get that from the zip of ispconfig).
    There you store the attached file, its rudimentary cut from the file that's compiling the ISPConfigs apps.
    Just chmod u+x it and run it afterwards, that should do.

    Note: Not testet but it worked the last time for me without any problems... eventually you just backup /home/admispconfig/ispconfig/tools/clamav
     

    Attached Files:

    Last edited: Aug 8, 2006
  3. todvard

    todvard ISPConfig Developer ISPConfig Developer

    Be careful, in some circumstances this script can remove the ispconfig folder from /root directory!

    UPDATE: Tested, Proved.
    The problem is that the last tar will try to create clamav.tar.gz in a directory (../binaries) which probably does not exist if you have created your temporary directory out of ISPConfig install sources. This means that the script will end with error and will call the "error" function and that function will delete /root/ispconfig and /root/ispconfig_tmp directories.
     
    Last edited: Aug 8, 2006
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    I'am just uploading ISPConfig 2.2.6 with updated ClamAV and apache / mod_ssl to sourceforge :)
     

Share This Page