Clam av warning

Chat about anything related to Linux Mint
TomT3rd
Level 1
Level 1
Posts: 3
Joined: Fri Mar 04, 2016 6:48 pm

Clam av warning

Post by TomT3rd » Sun Feb 04, 2018 7:28 pm

This recently from Gentoo security for those who use an anti virus. Multiple vulnerabilities have been discovered in ClamAV. Please review the CVE identifiers referenced below for details. Found in 099.3 --
ClamAV: Multiple vulnerabilities — GLSA 201801-19

I do not use it but in case your new to Linux, personally I use sophos.

User avatar
jimallyn
Level 17
Level 17
Posts: 7467
Joined: Thu Jun 05, 2014 7:34 pm
Location: Wenatchee, WA USA

Re: Clam av warning

Post by jimallyn » Sun Feb 04, 2018 7:43 pm

Most of us here don't use an antivirus in Mint, considering it to be a security risk, and not a security enhancement.
Image

“If the government were coming for your TVs and cars, then you'd be upset. But, as it is, they're only coming for your sons.” - Daniel Berrigan

Cosmo.
Level 22
Level 22
Posts: 16677
Joined: Sat Dec 06, 2014 7:34 am

Re: Clam av warning

Post by Cosmo. » Mon Feb 05, 2018 7:21 am

I already posted in the last week about those vulnerabilities. A perfect proof, how such software is able to reduce security. Using another AV does not help in general, because all major AVs had security problems in the past. The only secure AV is No AV.

User avatar
karlchen
Level 18
Level 18
Posts: 8318
Joined: Sat Dec 31, 2011 7:21 am
Location: Germany

Re: Clam av warning

Post by karlchen » Mon Feb 05, 2018 8:38 am

Hello, TomT3rd.

The bugfixed version of clamav has arrived in the Ubuntu repositories, too. :)

Code: Select all

$ apt-cache policy clamav
clamav:
  Installed: (none)
  Candidate: 0.99.3+addedllvm-0ubuntu0.16.04.1
  Version table:
     0.99.3+addedllvm-0ubuntu0.16.04.1 500
        500 http://archive.ubuntu.com/ubuntu xenial-updates/main i386 Packages
        500 http://security.ubuntu.com/ubuntu xenial-security/main i386 Packages
     0.99+dfsg-1ubuntu1 500
        500 http://archive.ubuntu.com/ubuntu xenial/main i386 Packages
The corresponding changelog available for clamav 0.99.3+addedllvm-0ubuntu0.16.04.1 reads
clamav (0.99.3+addedllvm-0ubuntu0.16.04.1) xenial-security; urgency=medium

* Updated to 0.99.3 to fix multiple security issues
- CVE-2017-12374, CVE-2017-12375, CVE-2017-12376, CVE-2017-12377,
CVE-2017-12378, CVE-2017-12379, CVE-2017-12380
* Removed patches no longer required
- debian/patches/CVE-2017-6418.patch
- debian/patches/CVE-2017-6420.patch
- debian/patches/CVE-2017-6420-2.patch
* debian/libclamav7.symbols,debian/rules: bumped cl_retflevel, add check.
* debian/patches/bb11549-fix-temp-file-cleanup-issue.patch: fix temp file
cleanup issue.

-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 29 Jan 2018 10:21:19 -0500
I assume that this piece of information may be more helpful "for those who use an anti virus" than the stereotype statement that "the only secure AV is no AV".

Analogy:
Every few weeks all the major web browsers like Chrome and Firefox receive security fixes, because new vulnerabilities have been detected and closed. Should our conclusion be that the only secure browser is no browser and we all stop using internet webpages? :wink:

P.S.:
Is there a specific reason for starting your thread in the LMDE 2 subforum? - I do not see any such reason. - Thread moved to "Chat about Linux Mint", which covers all Mint editions, Debian based and Ubuntu based.

Regards,
Karl
Image
Old bugs good, new bugs bad! Updates are evil: might fix old bugs and introduce no new ones.

User avatar
Pjotr
Level 19
Level 19
Posts: 9665
Joined: Mon Mar 07, 2011 10:18 am
Location: The Netherlands (Holland)
Contact:

Re: Clam av warning

Post by Pjotr » Mon Feb 05, 2018 9:56 am

karlchen wrote: Analogy:
Every few weeks all the major web browsers like Chrome and Firefox receive security fixes, because new vulnerabilities have been detected and closed. Should our conclusion be that the only secure browser is no browser and we all stop using internet webpages? :wink:
Wrong analogy.

Yes, installing an application, any application, increases your attack surface. Web browsers are indispensable for browsing the web, so we take the "risk" of installing them. We accept their attack surface as the price we have to pay for using the web.

But in desktop Linux, AV is good for nothing at all. It promises extra security, but in fact it only decreases security. So why would anyone want to have AV in desktop Linux in the first place (überhaupt)?
Tip: 10 things to do after installing Linux Mint 18.3 Sylvia
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.

Cosmo.
Level 22
Level 22
Posts: 16677
Joined: Sat Dec 06, 2014 7:34 am

Re: Clam av warning

Post by Cosmo. » Mon Feb 05, 2018 10:49 am

karlchen wrote:the stereotype statement that "the only secure AV is no AV".
I know a person and I know, that you know it also, who wrote regarding flash in the past "after the patch is before the patch". What is less stereotype with this sentence?

Security holes in AVs are not something, what happens only every leap-year. And AVs bring also other problems like stealing user data (discussed at the time when this had happened in the forum [1]). I clearly stay with my not at least stereotype statement. Alone the fact, that those things get used at all demonstrate, that such a statement cannot often enough get repeated. If we assume - and I do it -, that nobody installs an AV because he wants to get into the trouble, but because he - wrongly - believes, that he does something good, than it is absolutely obvious, that such a statement is urgently required. (Besides that you can also call other things "stereotype", e. g. the request for some system specs, if a user posts a question without giving any such information. In this sense a "stereotype" statement does not at least exclude, that it is necessary.)
karlchen wrote: Analogy:
Why are you not consequent, if you use such analogies? Than you would quickly get to the point, that also a kernel should never get used. Quite obviously this would end with the point, where you do not use a computer at all.

Fact is, that there is software, which is unavoidable - besides the kernel a browser is for 99.999... % of all users such a software. And there is software, which a user should avoid. I leave it to you to imagination, which I mean.

[1] Examples: avast and McAfee (last paragraph)

User avatar
chrisuk
Level 5
Level 5
Posts: 529
Joined: Thu Jun 12, 2008 6:16 am

Re: Clam av warning

Post by chrisuk » Mon Feb 05, 2018 11:18 am

I like being in the minority, ;) so...

OK, AV software isn't needed on a Linux desktop (You could argue that it doesn't hurt to check before transferring files to a Windows box, especially if that box belongs to a child), but how would you describe Anti-Malware? Is it a program that just looks for malware and quarantines/deletes it? Or is Anti-Malware any program that attempts to make your system less likely to be hacked? (Which, incidentally, means nothing now with Meltdown and Spectre).

Is Firejail Anti-Malware? What about Apparmour? It's theoretically possible that both provide an attack vector that doesn't exist without installing and running them. So, are they different to other Anti-Malware programs? Or are they the next type of software that some will say isn't needed?

BTW, see Ubuntu Security Notices... There's not much you/we have installed that isn't/wasn't vulnerable at some time.
Chris

Manjaro MATE - MX Linux - LMDE MATE

User avatar
Pjotr
Level 19
Level 19
Posts: 9665
Joined: Mon Mar 07, 2011 10:18 am
Location: The Netherlands (Holland)
Contact:

Re: Clam av warning

Post by Pjotr » Mon Feb 05, 2018 11:34 am

chrisuk wrote:I like being in the minority, ;) so...

OK, AV software isn't needed on a Linux desktop (You could argue that it doesn't hurt to check before transferring files to a Windows box, especially if that box belongs to a child), but how would you describe Anti-Malware? Is it a program that just looks for malware and quarantines/deletes it? Or is Anti-Malware any program that attempts to make your system less likely to be hacked? (Which, incidentally, means nothing now with Meltdown and Spectre).

Is Firejail Anti-Malware? What about Apparmour? It's theoretically possible that both provide an attack vector that doesn't exist without installing and running them. So, are they different to other Anti-Malware programs? Or are they the next type of software that some will say isn't needed?

BTW, see Ubuntu Security Notices... There's not much you/we have installed that isn't/wasn't vulnerable at some time.
Apples and oranges.... Better not compare them. :wink:

Anti-malware is much too broad a term. Clearly, there are certain applications like sandboxing applications, that do provide a useful extra security bonus as net result (after deducting the inevitable risk caused by increase of attack surface connected to installing any application).
Tip: 10 things to do after installing Linux Mint 18.3 Sylvia
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.

User avatar
BigEasy
Level 6
Level 6
Posts: 1095
Joined: Mon Nov 24, 2014 9:17 am
Location: Chrząszczyżewoszyce, powiat Łękołody

Re: Clam av warning

Post by BigEasy » Mon Feb 05, 2018 11:44 am

TomT3rd wrote:Multiple vulnerabilities have been discovered in ClamAV.
Congradilation! Those who have ClamAV installed, also have numbers of installed vulnerable programs =N+1. I personally prefer only N.
Windows assumes I'm stupid but Linux demands proof of it

User avatar
Marziano
Level 5
Level 5
Posts: 518
Joined: Thu Jan 04, 2018 1:00 pm
Location: /here

Re: Clam av warning

Post by Marziano » Mon Feb 05, 2018 11:49 am

Pjotr wrote: Clearly, there are certain applications like sandboxing applications, that do provide a useful extra security bonus as net result (after deducting the inevitable risk caused by increase of attack surface connected to installing any application).
Couldn't the same argument apply to the AVs as well that they might "provide a useful extra security bonus as net result"?
In the Grand Scheme of Things, everything on Earth is nothing but an annoying Bug.

User avatar
karlchen
Level 18
Level 18
Posts: 8318
Joined: Sat Dec 31, 2011 7:21 am
Location: Germany

Re: Clam av warning

Post by karlchen » Mon Feb 05, 2018 12:01 pm

TomT3rd had pointed out that a Gentoo security notice has alerted users that several security breaches had been detected in Clamav, which have been fixed in Clamav version 0.99.3.
So the message was to those who use Clamav, check whether the bugfixed version is available on Linux Mint as well. If it is update asap. - It is available in the official repos by the way.
This is the short essence of the whole thread.

The question whether any of the mainstream antivirus products are of much use on Linux was of no relevance in this thread. This question has been discussed in too many threads already. No need to restart the same old cruisade over and over again, just because the trigger word "clamav" has been spotted.
Image
Old bugs good, new bugs bad! Updates are evil: might fix old bugs and introduce no new ones.

User avatar
Pjotr
Level 19
Level 19
Posts: 9665
Joined: Mon Mar 07, 2011 10:18 am
Location: The Netherlands (Holland)
Contact:

Re: Clam av warning

Post by Pjotr » Mon Feb 05, 2018 12:32 pm

Marziano wrote:
Pjotr wrote: Clearly, there are certain applications like sandboxing applications, that do provide a useful extra security bonus as net result (after deducting the inevitable risk caused by increase of attack surface connected to installing any application).
Couldn't the same argument apply to the AVs as well that they might "provide a useful extra security bonus as net result"?
No. Because AV doesn't provide any additional security for desktop Linux at all. Only, and I repeat only a decrease of security.

@karlchen: this old discussion will be repeated again and again, that's inevitable.... In my opinion, that's no problem. As long as it helps Linux beginners to make the right choices. :)
Tip: 10 things to do after installing Linux Mint 18.3 Sylvia
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.

User avatar
Marziano
Level 5
Level 5
Posts: 518
Joined: Thu Jan 04, 2018 1:00 pm
Location: /here

Re: Clam av warning

Post by Marziano » Mon Feb 05, 2018 1:05 pm

Pjotr wrote: No. Because AV doesn't provide any additional security for desktop Linux at all. Only, and I repeat only a decrease of security.
I guess then the idea of having an AV as an extra layer of security is in the bone marrow after years of having used Windows :|
In the Grand Scheme of Things, everything on Earth is nothing but an annoying Bug.

User avatar
Moem
Level 13
Level 13
Posts: 4847
Joined: Tue Nov 17, 2015 9:14 am
Location: The Netherlands
Contact:

Re: Clam av warning

Post by Moem » Mon Feb 05, 2018 2:02 pm

Marziano wrote:I guess then the idea of having an AV as an extra layer of security is in the bone marrow after years of having used Windows :|
That's absolutely right. And there are many, many former Windows users who find it difficult to let go of that idea. There is a good reason why this thread has been sticky for years: viewtopic.php?f=90&t=31723
Maybe it should be updated and reposted as a new sticky thread. :idea:
Image

If your issue is solved, kindly indicate that by editing the first post in the topic, and adding [SOLVED] to the title. Thanks!

User avatar
BigEasy
Level 6
Level 6
Posts: 1095
Joined: Mon Nov 24, 2014 9:17 am
Location: Chrząszczyżewoszyce, powiat Łękołody

Re: Clam av warning

Post by BigEasy » Mon Feb 05, 2018 2:38 pm

Marziano wrote:I guess then the idea of having an AV as an extra layer of security is in the bone marrow after years of having used Windows :|
They having used Linux too but not yet realised it. Home roters working under the Linux. Kernels old as hell, last firmware update was long ago. And what? Go, install AV to router. It is not possible, so nobody cares.
Windows assumes I'm stupid but Linux demands proof of it

User avatar
Marziano
Level 5
Level 5
Posts: 518
Joined: Thu Jan 04, 2018 1:00 pm
Location: /here

Re: Clam av warning

Post by Marziano » Mon Feb 05, 2018 2:52 pm

BigEasy wrote:Kernels old as hell, last firmware update was long ago. And what? Go, install AV to router. It is not possible, so nobody cares.
Right, I guess not. I somehow find myself installing Clamav in all my installations but I never use it (not sharing files with Windows). Talking about force of the habit, bad habit.

PS. Home by the Sea, a beautiful one. It was long time ago, brought back a whole lot of memories. Thanks for the link :D
In the Grand Scheme of Things, everything on Earth is nothing but an annoying Bug.

User avatar
chrisuk
Level 5
Level 5
Posts: 529
Joined: Thu Jun 12, 2008 6:16 am

Re: Clam av warning

Post by chrisuk » Mon Feb 05, 2018 2:58 pm

BigEasy wrote:
Marziano wrote:I guess then the idea of having an AV as an extra layer of security is in the bone marrow after years of having used Windows :|
They having used Linux too but not yet realised it. Home roters working under the Linux. Kernels old as hell, last firmware update was long ago. And what? Go, install AV to router. It is not possible, so nobody cares.
This
Chris

Manjaro MATE - MX Linux - LMDE MATE

Cosmo.
Level 22
Level 22
Posts: 16677
Joined: Sat Dec 06, 2014 7:34 am

Re: Clam av warning

Post by Cosmo. » Mon Feb 05, 2018 4:45 pm

karlchen wrote:So the message was to those who use Clamav, check whether the bugfixed version is available on Linux Mint as well. If it is update asap. - It is available in the official repos by the way.
This is the short essence of the whole thread.
This would had been correct, if the OP would not had added the last sentence in his starting post. What he wanted to express with this is something, he must explain. But for me it reads like "I use Sophos and there are no security holes, so I am safe."
Just at this time in February 2018 this is correct. But there are more than a dozen vulnerabilities listed for Sophos in the last year. Believing, that this AV is somehow more secure can only do a person, who closes his eyes very strongly against the hard and cruel facts.

Regarding this thread: With this little sentence the essence of this post had been completely changed. It was this changed essence (and not the word clamav) which caused me to write the allegedly stereotypical statement. The "old cruisade" had actually been restarted (possibly not intentionally) by this last sentence

User avatar
Pjotr
Level 19
Level 19
Posts: 9665
Joined: Mon Mar 07, 2011 10:18 am
Location: The Netherlands (Holland)
Contact:

Re: Clam av warning

Post by Pjotr » Mon Feb 05, 2018 6:27 pm

This "crusade" is ongoing, for the foreseeable future.... Beginners don't read old threads on this forum, so they'll keep asking the same questions about antivirus.

Be prepared to answer them monthly or even weekly. That's how it is. Old Windows habits die hard. :mrgreen:
Tip: 10 things to do after installing Linux Mint 18.3 Sylvia
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.

User avatar
all41
Level 11
Level 11
Posts: 3869
Joined: Tue Dec 31, 2013 9:12 am
Location: Computer, Car, Cage

Re: Clam av warning

Post by all41 » Mon Feb 05, 2018 7:17 pm

Yes--Mint is missing out on such things as antivirus and malware program downloads from unknown sources, malware scans, definition updates, scan scheduling, false reports, scanning and cleaning with untrusted cleaner software, defragging, os updates holding open shutdown and reboot, and now even mandatory updates.
Proud to be a supporter and monthly contributor to Mint.

Post Reply

Return to “Chat about Linux Mint”