* ClamAV is temporarily disabled on mail01
@ 2023-02-17 13:53 Peter Müller
0 siblings, 0 replies; only message in thread
From: Peter Müller @ 2023-02-17 13:53 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 1148 bytes --]
Hello folks,
this Wednesday, the ClamAV development team published updates to all
supported version branches, fixing two potential remote code execution
vulnerabilities [1]. Both can be triggered by an unauthenticated attacker,
such as by sending a malicious file to an infrastructure which will
scan it by ClamAV.
This affects IPFire's primary mail server (mail01) as well. At the time
of writing, Debain has yet to publish security updates for their ClamAV
packages.
Therefore, I just disabled ClamAV in our infrastructure to thwart potential
exploitation attempts. Given that our spam filter configuration contains
various other countermeasures against malspam, this step should be okay as
a temporary measure, until we can safely run ClamAV again.
I will take this as an opportunity to finally switch to an allowlist for
e-mail attachments, which is a more robust to assorted malspam techniques
I had in the back of my head for quite some time.
Please get in touch with me if there are any concerns, comments or questions.
Thanks, and best regards,
Peter Müller
[1] https://blog.clamav.net/2023/02/clamav-01038-01052-and-101-patch.html
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2023-02-17 13:53 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-02-17 13:53 ClamAV is temporarily disabled on mail01 Peter Müller
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox