MailCleaner OpenSource Edition Forum

http://www.gentoo.org/security/en/glsa/ ... 709-14.xml

I'm assuming this vulnerability also applies to the ClamAV installation of MailCleaner even though it's not running on gentoo.

What is the method of updating ClamAV to 0.91.2 while still running MailCleaner 2007012801 revision? We're not ready to move to the August pre-release version yet.

(I'm a Windows person, not very well versed in Linux, so actual command line syntax to accomplish what is needed, would be most thankfully accepted.)

Here's what I tried on my test system. First, I found and looked at /usr/mailcleaner/install/install_clamav.sh which is probably what was used to install ClamAV in the first place. So hopefully this is a pretty safe compatible process, but I can't guarantee not breaking something! Disclaimer out of the way, here's what I did...

First, it looks like the newer version of ClamAV needs the "optional" but highly recommended GNU MP. It wouldn't "make" without it, so getting and installing that is first:



That installs the GNU MP library (libgmp) into /usr/local/lib where the ClamAV install will find it. Now get and install ClamAV itself, using the same configuration parameters as the install_clamav.sh file:



Now the final command will do the actual updating, so probably should go to the Mailcleaner GUI interface, status screen, and stop the Engine. Then you can do the final



and start the engine up again.

I think that worked but haven't figured out where to check to make sure what version is running. I do see it still finding viruses in the occational E-Mail, so I know it's working, just no confirmation in the log files of the actual version being used.

Hope this helps! I don't know if this will affect the pre-release or upcoming update; hopefully my steps will be compatible.

Let me know if you have any problems or find anything I've missed!

Outstanding-- THANKS!!! Everything went smoothly, and assuming that brought the actual in-use binaries up to current, I'm in your debt for helping me get this server back to "safe" again.

Anytime I see "remote code execution" or similar, I take it very seriously.

Yes, when I saw a remote code execution bug was part of what was fixed, it looked like something that needs to be fixed asap. Hopefully Oliver will be able to comment on whether what I did here is likely to be compatible with Mailcleaner or if I did an awful thing!

I keep promising myself to become competent in Linux/Unix (honestly, I am genuinely interested) but my day job as an admin of a large Windows Server farm has me so busy, I just plain don't have the energy at the end of the day. The servers run great, but the clueless user base wears me out!!!

How's your installation running? After nearly a year of flawless operation, I suddenly found several thousand messages stuck in the Filtering queue today. Apparently 14 hours ago, it jammed up and didn't let a single message through. This happened 16 hours after installing GNU MP and updating ClamAV. I shut off all spam/virus filtering, restarted the Filtering queue and Engine, and waited until all mail moved from Filtering (stage2) to Outbound (stage4) queue, then re-enabled spam/antivirus. New inbound mail appears to be flowing through the 3 queues normally now.

I noticed on perf graphs that at the same time the Filtering (stage2) queue started backing up, memory utilization immediately dropped from ~1700 MB to ~1200 MB, and CPU utilization flatlined at a perfectly steady 25% while the load average see-sawed steadily between 0 and 1, at 20 minute intervals (3x per hour). Hmmm.

Now that the server appears to be running normal again, memory has returned to its normal steady level of ~1700 MB utilization, and CPU & load average is back to normal.

I'm hoping this is pure coincidence.... but am curious to know if you (or anyone else who did this upgade) has seen any similar problems since then.

Hi,
these vulnerabilities do not affect MailCleaner as it only affect code relative to the sendmail milter or to the full mail scanning engine.
As MailCleaner does not use the sendmail milter and only pass attachements to the clamav engine, you are not vulnerable.

We've already done what was suggested by n0lqu above. Anytime I see a "remote code execution" threat, we act on it as quickly as possible.

Is updating to 0.91.2 using n0lqu's instructions OK, or will that cause something to "break" in MailCleaner? Will it cause any problems now, or with the pending update?

We have experienced no ill effects from the ClamAV update.

Been working just fine since the anomoly. I'm working under the assumption it was coincidence.

Am hoping Olivier can re-visit this topic and confirm that doing what we did is not going to cause us problems in the future with the next upgrade.

please note that "wget http://freshmeat.net/redir/clamav/29355 ... 1.2.tar.gz" does not get clamav-0.91.2.tar.gz anymore but it gets the latest stable: clamav-0.93.1.tar.gz instead, does this pose a problem for mailcleaner ?
Eventually you can get clamav-0.91.2.tar.gz here: http://surfnet.dl.sourceforge.net/sourc ... 2.1.tar.gz

To check if ClamAV is updated successfully check /var/mailcleaner/log/clamav/clamd.log it should say: +++ Started at Sun Jun 29 01:33:58 2008
clamd daemon 0.93.1 (OS: linux-gnu, ARCH: i386, CPU: i686)

I followed the steps above to upgrade my system to ClamAV 93.3
Everything seems to be working fine so far.

A couple additional steps were needed in my process though.
I had to run "ldconfig" to rebuild the shared library cache with the new clamav libraries before the new version would run.
And I had to manually run freshclam to download a new AV database update before clamd would start as it didn't like the old format.

Regards,
Ron

Hi,

I am not able to upgrade Latest ClamAV® stable release is: 0.95. While complile i am getting the following error. Any one tried to install the latest version?. Please help!!!!

----------------------
mail4:/usr/mailcleaner/install/src/clamav-0.95# make
make all-recursive
make[1]: Entering directory `/usr/mailcleaner/install/src/clamav-0.95'
Making all in libltdl
make[2]: Entering directory `/usr/mailcleaner/install/src/clamav-0.95/libltdl'
make all-am
make[3]: Entering directory `/usr/mailcleaner/install/src/clamav-0.95/libltdl'
make[3]: Nothing to be done for `all-am'.
make[3]: Leaving directory `/usr/mailcleaner/install/src/clamav-0.95/libltdl'
make[2]: Leaving directory `/usr/mailcleaner/install/src/clamav-0.95/libltdl'
Making all in libclamav
make[2]: Entering directory `/usr/mailcleaner/install/src/clamav-0.95/libclamav'
make all-recursive
make[3]: Entering directory `/usr/mailcleaner/install/src/clamav-0.95/libclamav'
Making all in lzma
make[4]: Entering directory `/usr/mailcleaner/install/src/clamav-0.95/libclamav/lzma'
make[4]: Nothing to be done for `all'.
make[4]: Leaving directory `/usr/mailcleaner/install/src/clamav-0.95/libclamav/lzma'
Making all in .
make[4]: Entering directory `/usr/mailcleaner/install/src/clamav-0.95/libclamav'
/bin/sh ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I.. -I.. -I./nsis -I./lzma -I../libltdl -DWARN_DLOPEN_FAIL -I/usr/zlib/include -g -O2 -MT scanners.lo -MD -MP -MF .deps/scanners.Tpo -c -o scanners.lo scanners.c
libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -I.. -I./nsis -I./lzma -I../libltdl -DWARN_DLOPEN_FAIL -I/usr/zlib/include -g -O2 -MT scanners.lo -MD -MP -MF .deps/scanners.Tpo -c scanners.c -fPIC -DPIC -o .libs/scanners.o
scanners.c:40:24: netinet/in.h: Not a directory
[color=#FF0000]make[4]: *** [scanners.lo] Error 1
make[4]: Leaving directory `/usr/mailcleaner/install/src/clamav-0.95/libclamav'
make[3]: *** [all-recursive] Error 1
make[3]: Leaving directory `/usr/mailcleaner/install/src/clamav-0.95/libclamav'
make[2]: *** [all] Error 2
make[2]: Leaving directory `/usr/mailcleaner/install/src/clamav-0.95/libclamav'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/usr/mailcleaner/install/src/clamav-0.95'
make: *** [all] Error 2[/color]


Regards,
Mohan. U

Hi,

Anybody try this? Kindly help.

Regards,
Mohan. U

Hi olivier,

Can you help me on this?

Thanks,
Mohan. U