Your message dated Sat, 17 Feb 2007 12:09:55 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#401873: fixed in clamav 0.84-2.sarge.13
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: clamav
Version: 0.88.6-1
Tags: security
Severity: grave
As reported in http://www.quantenblog.net/security/virus-scanner-bypass
ClamAV passed an EICAR test file if the following conditions are met:
1. the EICAR file is encoded in Base64 including characters not in the
standard alphabet (e.g. whitespaces) and
2. the part containing the EICAR file is nested within one or several
levels of multipart/mixed content.
--- End Message ---
--- Begin Message ---
Source: clamav
Source-Version: 0.84-2.sarge.13
We believe that the bug you reported is fixed in the latest version of
clamav, which is due to be installed in the Debian FTP archive:
clamav-base_0.84-2.sarge.13_all.deb
to pool/main/c/clamav/clamav-base_0.84-2.sarge.13_all.deb
clamav-daemon_0.84-2.sarge.13_i386.deb
to pool/main/c/clamav/clamav-daemon_0.84-2.sarge.13_i386.deb
clamav-docs_0.84-2.sarge.13_all.deb
to pool/main/c/clamav/clamav-docs_0.84-2.sarge.13_all.deb
clamav-freshclam_0.84-2.sarge.13_i386.deb
to pool/main/c/clamav/clamav-freshclam_0.84-2.sarge.13_i386.deb
clamav-milter_0.84-2.sarge.13_i386.deb
to pool/main/c/clamav/clamav-milter_0.84-2.sarge.13_i386.deb
clamav-testfiles_0.84-2.sarge.13_all.deb
to pool/main/c/clamav/clamav-testfiles_0.84-2.sarge.13_all.deb
clamav_0.84-2.sarge.13.diff.gz
to pool/main/c/clamav/clamav_0.84-2.sarge.13.diff.gz
clamav_0.84-2.sarge.13.dsc
to pool/main/c/clamav/clamav_0.84-2.sarge.13.dsc
clamav_0.84-2.sarge.13_i386.deb
to pool/main/c/clamav/clamav_0.84-2.sarge.13_i386.deb
libclamav-dev_0.84-2.sarge.13_i386.deb
to pool/main/c/clamav/libclamav-dev_0.84-2.sarge.13_i386.deb
libclamav1_0.84-2.sarge.13_i386.deb
to pool/main/c/clamav/libclamav1_0.84-2.sarge.13_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Stephen Gran <[EMAIL PROTECTED]> (supplier of updated clamav package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Mon, 11 Dec 2006 22:34:11 +0000
Source: clamav
Binary: clamav libclamav-dev clamav-milter clamav-base clamav-freshclam
clamav-testfiles clamav-daemon libclamav1 clamav-docs
Architecture: source all i386
Version: 0.84-2.sarge.13
Distribution: stable-security
Urgency: low
Maintainer: Stephen Gran <[EMAIL PROTECTED]>
Changed-By: Stephen Gran <[EMAIL PROTECTED]>
Description:
clamav - antivirus scanner for Unix
clamav-base - base package for clamav, an anti-virus utility for Unix
clamav-daemon - antivirus scanner daemon
clamav-docs - documentation package for clamav, an anti-virus utility for Unix
clamav-freshclam - downloads clamav virus databases from the Internet
clamav-milter - antivirus scanner for sendmail
clamav-testfiles - use these files to test that your Antivirus program works
libclamav-dev - clam Antivirus library development files
libclamav1 - virus scanner library
Closes: 401873 401874
Changes:
clamav (0.84-2.sarge.13) stable-security; urgency=low
.
* libclamav/message.c: Unusual MIME Encoding Content Filter Bypass
[ CVE-2006-6406 ] (closes: #401873)
* clamscan/clamscan.c
clamscan/manager.c
clamscan/options.c
clamav-milter/clamav-milter.c
shared/cfgparser.c
clamd/server-th.c
libclamav/scanners.c
libclamav/mbox.c
libclamav/clamav.h
etc/clamd.conf: nested multipart DoS
[ CVE-2006-XXXX ] (closes: 401874)
Files:
a99fd16ec6cd3597495d66c43d86b085 874 utils optional clamav_0.84-2.sarge.13.dsc
96f6c6b906aeeb954ab2c87551d2c603 180118 utils optional
clamav_0.84-2.sarge.13.diff.gz
724ad22ce36c7ead6c7f4712bb5f0ff3 155278 utils optional
clamav-base_0.84-2.sarge.13_all.deb
83e7462649f84e9de615de7fb6eb2b54 124236 utils optional
clamav-testfiles_0.84-2.sarge.13_all.deb
e78c2d70bd21ab4825f7bd094b7cf28f 694788 utils optional
clamav-docs_0.84-2.sarge.13_all.deb
4f53bc2e71a80762da1e82bff4117126 255048 libs optional
libclamav1_0.84-2.sarge.13_i386.deb
c460a3ba33fcee90c9f3c91685938b32 65324 utils optional
clamav_0.84-2.sarge.13_i386.deb
ce8929f2ddc2228cec2a2fea5550d38a 40370 utils optional
clamav-daemon_0.84-2.sarge.13_i386.deb
e2fa7b2fe19f04a66770bc606c39e919 2171606 utils optional
clamav-freshclam_0.84-2.sarge.13_i386.deb
81b6c522ebc4461b4b3dd5da0401fe68 38078 utils extra
clamav-milter_0.84-2.sarge.13_i386.deb
2a6ee4c7a6e0b3532160d02e10643d57 159904 libdevel optional
libclamav-dev_0.84-2.sarge.13_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFFfd+fSYIMHOpZA44RAiPeAJ9T/uBwEKKIHbG1C/hczpvvAOzmVQCgnFdg
2WYVPk8EJWmTBZGp9S4Vz3c=
=ey4d
-----END PGP SIGNATURE-----
--- End Message ---
