Developers Cisco made known through a nuncio the liberation la new corrective version of its free ClamAV 0.10 antivirus package2.4 in order to solve three vulnerabilities that could allow organizing the elimination or movement of arbitrary files in the system.
For those unaware of ClamAV you should know that this is an open source antivirus and multiplatform (It has versions for Windows, GNU / Linux, BSD, Solaris, Mac OS X and other Unix-like operating systems).
ClamAV provides a number of antivirus tools specifically designed for email scanning. ClamAV's architecture is scalable and flexible thanks to a multi-threaded process.
It has a powerful monitor integrated with the command line and tools to update the databases automatically.
The primary goal of ClamAV is the achievement of a set of tools that identify and block malware from email. One of the fundamental points in this type of software is the fast location and inclusion in the tool of new viruses found and scanned.
This is achieved thanks to the collaboration of the thousands of users who use ClamAv and sites like Virustotal.com that provide the scanned viruses.
What's new in ClamAV 0.102.4?
In this new version of ClamAV 0.102.4 developers presented the solution to three serious failures that were detected.
The first of them cataloged as CVE-2020-3350, allows an unprivileged local attacker to perform arbitrary file removal or movement on the system. This is a serious flaw, since for example, it can allow the attacker to delete the / etc / passwd directory without the necessary permissions.
The vulnerability is caused by a race condition that occurs when scanning malicious files and allows a user with shell access on the system to spoof the target directory to scan with a symbolic link pointing to a different path.
For example, an attacker can create a directory and upload a file with a test virus signature, naming this file "passwd".
After starting the virus scan program, but before deleting the problem file, you can replace the "exploit" directory with a symbolic link which points to the directory "/ etc", which will make the antivirus delete the / etc / passwd file. The vulnerability only appears when using clamscan, clamdscan and clamonacc with the option "–move" or "–remove".
The other vulnerabilities that were fixed CVE-2020-3327, CVE-2020-3481, allow the denial of service through the transfer of specially designed files, the processing of which will lead to the collapse of the scanning process in the modules for analyzing files in ARJ and EGG format.
If you want to know more about it you can check the following link.
How to install ClamAV on Linux?
For those who are interested in being able to install this antivirus on their system, they can do it in a fairly simple way and that is ClamAV is found within the repositories of most Linux distributions.
In the case of Ubuntu and its derivatives, you can install it from the terminal or from the system software center.
To be able to install from the terminal they should only open one on their system (you can do it with the shortcut Ctrl + Alt + T) and in it they only have to type the following command:
sudo apt-get install clamav
For the case of those who are Arch Linux users and derivatives:
sudo pacman-S clamav
While for those who use Fedora and derivatives
sudo dnf install clamav
OpenSUSE
sudo zypper install clamav
And ready with it, they will have this antivirus installed on their system. Now as in all antivirus, ClamAV also has its database which downloads and takes to make comparisons in a "definitions" file. This file is a list that informs the scanner about questionable items.
Every so often it is important to be able to update this file, which we can update from the terminal, to do this simply execute:
sudo freshclam