The BFC Computing Weblog

<p>Automatic updates are the only rational approach for most businesses in today’s world of 24/7 Internet connectivity, malware and 0-day vulnerabilities.</p>
          <p>If you happen to be a Fortune 500 company you can pay a guy to stay on security vulnerability announcements full-time.  He can download/test/integrate and run all your regression tests ( you did write regression tests for everything, right?)  But if you’re not, you can’t.</p>
          <p>So, I’ve been a bit behind on monitoring the SANS Internet Storm Center blog, and apparently while I was on vacation, a <a href="http://isc.sans.org/diary.php?date=2005-07-26">ClamAV vulnerability</a> was reported.  A maliciously crafted e-mail can cause a remote execution to run as the user who runs <a href="http://www.clamav.net/">ClamAV</a>, probably postfix in my case.   An appropriately determined cracker could screw with my mail system.  Versions 0.86.1 and lower are <a href="http://www.osvdb.org/displayvuln.php?osvdb_id=18259">affected</a>.</p>
          <p>So, I hop on my server, and check to make sure clamav is a package I was wise enough to install from a repository:<br />
          

yum list clamav
Gathering header information file(s) from server(s)
Server: Dag RPM Repository for older Red Hat Linux
Server: Red Hat Linux 9 - i386 - os
Server: Red Hat Linux 9 - i386 - updates
Finding updated packages
Downloading needed headers
Looking in Available Packages:
Name Arch Version Repo
——————————————————————————–

Installed Packages:
Name Arch Version Repo
——————————————————————————–
clamav i386 0.86.2-1.0.rh9.rf db

Yep, I’m getting clamav from Dag Next time I’m in Belgium, Dag’s getting a beer.

Now, doublecheck that I have the current version running:

rpm -q clamav
clamav-0.86.2-1.0.rh9.rf


Yep, it was installed while I was on vacation. Good deal.