The Way of The Yum [repost]

bill_mcgonigle — Wed, 12 Oct 2005 21:35:00 -0400

<p>Automatic updates are the only rational approach for most businesses in today’s world of 24/7 Internet connectivity, malware and 0-day vulnerabilities.</p>
<p>If you happen to be a Fortune 500 company you can pay a guy to stay on security vulnerability announcements full-time.  He can download/test/integrate and run all your regression tests ( you did write regression tests for everything, right?)  But if you’re not, you can’t.</p>
<p>So, I’ve been a bit behind on monitoring the SANS Internet Storm Center blog, and apparently while I was on vacation, a <a href="http://isc.sans.org/diary.php?date=2005-07-26">ClamAV vulnerability</a> was reported.  A maliciously crafted e-mail can cause a remote execution to run as the user who runs <a href="http://www.clamav.net/">ClamAV</a>, probably postfix in my case.   An appropriately determined cracker could screw with my mail system.  Versions 0.86.1 and lower are <a href="http://www.osvdb.org/displayvuln.php?osvdb_id=18259">affected</a>.</p>
<p>So, I hop on my server, and check to make sure clamav is a package I was wise enough to install from a repository:<br />

yum list clamav Gathering header information file(s) from server(s) Server: Dag RPM Repository for older Red Hat Linux Server: Red Hat Linux 9 - i386 - os Server: Red Hat Linux 9 - i386 - updates Finding updated packages Downloading needed headers Looking in Available Packages: Name Arch Version Repo ——————————————————————————–

Installed Packages:
Name Arch Version Repo
——————————————————————————–
clamav i386 0.86.2-1.0.rh9.rf db

Yep, I’m getting clamav from Dag Next time I’m in Belgium, Dag’s getting a beer.

Now, doublecheck that I have the current version running:
rpm -q clamav clamav-0.86.2-1.0.rh9.rf

Yep, it was installed while I was on vacation. Good deal.

The BFC Computing Weblog: The Way of The Yum [repost]

The Way of The Yum [repost]