ClamAV is temporarily disabled on mail01

public inbox for development@lists.ipfire.org
 help / color / mirror / Atom feed

From: "Peter Müller" <peter.mueller@ipfire.org>
To: development@lists.ipfire.org
Subject: ClamAV is temporarily disabled on mail01
Date: Fri, 17 Feb 2023 13:53:38 +0000	[thread overview]
Message-ID: <cd854e2f-c5b6-7609-51c3-fc0e3509013a@ipfire.org> (raw)

[-- Attachment #1: Type: text/plain, Size: 1148 bytes --]

Hello folks,

this Wednesday, the ClamAV development team published updates to all
supported version branches, fixing two potential remote code execution
vulnerabilities [1]. Both can be triggered by an unauthenticated attacker,
such as by sending a malicious file to an infrastructure which will
scan it by ClamAV.

This affects IPFire's primary mail server (mail01) as well. At the time
of writing, Debain has yet to publish security updates for their ClamAV
packages.

Therefore, I just disabled ClamAV in our infrastructure to thwart potential
exploitation attempts. Given that our spam filter configuration contains
various other countermeasures against malspam, this step should be okay as
a temporary measure, until we can safely run ClamAV again.

I will take this as an opportunity to finally switch to an allowlist for
e-mail attachments, which is a more robust to assorted malspam techniques
I had in the back of my head for quite some time.

Please get in touch with me if there are any concerns, comments or questions.

Thanks, and best regards,
Peter Müller

[1] https://blog.clamav.net/2023/02/clamav-01038-01052-and-101-patch.html

                 reply	other threads:[~2023-02-17 13:53 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=cd854e2f-c5b6-7609-51c3-fc0e3509013a@ipfire.org \
    --to=peter.mueller@ipfire.org \
    --cc=development@lists.ipfire.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox