Clam av warning

[TomT3rd]

This recently from Gentoo security for those who use an anti virus. Multiple vulnerabilities have been discovered in ClamAV. Please review the CVE identifiers referenced below for details. Found in 099.3 --
ClamAV: Multiple vulnerabilities — GLSA 201801-19

I do not use it but in case your new to Linux, personally I use sophos.

[jimallyn]

Most of us here don't use an antivirus in Mint, considering it to be a security risk, and not a security enhancement.

[Cosmo.]

I already posted in the last week about those vulnerabilities. A perfect proof, how such software is able to reduce security. Using another AV does not help in general, because all major AVs had security problems in the past. The only secure AV is No AV.

[karlchen]

Hello, TomT3rd.

The bugfixed version of clamav has arrived in the Ubuntu repositories, too.

Code: Select all

$ apt-cache policy clamav
clamav:
  Installed: (none)
  Candidate: 0.99.3+addedllvm-0ubuntu0.16.04.1
  Version table:
     0.99.3+addedllvm-0ubuntu0.16.04.1 500
        500 http://archive.ubuntu.com/ubuntu xenial-updates/main i386 Packages
        500 http://security.ubuntu.com/ubuntu xenial-security/main i386 Packages
     0.99+dfsg-1ubuntu1 500
        500 http://archive.ubuntu.com/ubuntu xenial/main i386 Packages

The corresponding changelog available for clamav 0.99.3+addedllvm-0ubuntu0.16.04.1 reads

clamav (0.99.3+addedllvm-0ubuntu0.16.04.1) xenial-security; urgency=medium

* Updated to 0.99.3 to fix multiple security issues
- CVE-2017-12374, CVE-2017-12375, CVE-2017-12376, CVE-2017-12377,
CVE-2017-12378, CVE-2017-12379, CVE-2017-12380
* Removed patches no longer required
- debian/patches/CVE-2017-6418.patch
- debian/patches/CVE-2017-6420.patch
- debian/patches/CVE-2017-6420-2.patch
* debian/libclamav7.symbols,debian/rules: bumped cl_retflevel, add check.
* debian/patches/bb11549-fix-temp-file-cleanup-issue.patch: fix temp file
cleanup issue.

-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 29 Jan 2018 10:21:19 -0500

I assume that this piece of information may be more helpful "for those who use an anti virus" than the stereotype statement that "the only secure AV is no AV".

Analogy:
Every few weeks all the major web browsers like Chrome and Firefox receive security fixes, because new vulnerabilities have been detected and closed. Should our conclusion be that the only secure browser is no browser and we all stop using internet webpages?

P.S.:
Is there a specific reason for starting your thread in the LMDE 2 subforum? - I do not see any such reason. - Thread moved to "Chat about Linux Mint", which covers all Mint editions, Debian based and Ubuntu based.

Regards,
Karl

[Pjotr]

Analogy:
Every few weeks all the major web browsers like Chrome and Firefox receive security fixes, because new vulnerabilities have been detected and closed. Should our conclusion be that the only secure browser is no browser and we all stop using internet webpages?

Wrong analogy.

Yes, installing an application, any application, increases your attack surface. Web browsers are indispensable for browsing the web, so we take the "risk" of installing them. We accept their attack surface as the price we have to pay for using the web.

But in desktop Linux, AV is good for nothing at all. It promises extra security, but in fact it only decreases security. So why would anyone want to have AV in desktop Linux in the first place (überhaupt)?

[Cosmo.]

the stereotype statement that "the only secure AV is no AV".

I know a person and I know, that you know it also, who wrote regarding flash in the past "after the patch is before the patch". What is less stereotype with this sentence?

Security holes in AVs are not something, what happens only every leap-year. And AVs bring also other problems like stealing user data (discussed at the time when this had happened in the forum [1]). I clearly stay with my not at least stereotype statement. Alone the fact, that those things get used at all demonstrate, that such a statement cannot often enough get repeated. If we assume - and I do it -, that nobody installs an AV because he wants to get into the trouble, but because he - wrongly - believes, that he does something good, than it is absolutely obvious, that such a statement is urgently required. (Besides that you can also call other things "stereotype", e. g. the request for some system specs, if a user posts a question without giving any such information. In this sense a "stereotype" statement does not at least exclude, that it is necessary.)

Analogy:

Why are you not consequent, if you use such analogies? Than you would quickly get to the point, that also a kernel should never get used. Quite obviously this would end with the point, where you do not use a computer at all.

Fact is, that there is software, which is unavoidable - besides the kernel a browser is for 99.999... % of all users such a software. And there is software, which a user should avoid. I leave it to you to imagination, which I mean.

[1] Examples: avast and McAfee (last paragraph)

[chrisuk]

I like being in the minority, so...

OK, AV software isn't needed on a Linux desktop (You could argue that it doesn't hurt to check before transferring files to a Windows box, especially if that box belongs to a child), but how would you describe Anti-Malware? Is it a program that just looks for malware and quarantines/deletes it? Or is Anti-Malware any program that attempts to make your system less likely to be hacked? (Which, incidentally, means nothing now with Meltdown and Spectre).

Is Firejail Anti-Malware? What about Apparmour? It's theoretically possible that both provide an attack vector that doesn't exist without installing and running them. So, are they different to other Anti-Malware programs? Or are they the next type of software that some will say isn't needed?

BTW, see Ubuntu Security Notices... There's not much you/we have installed that isn't/wasn't vulnerable at some time.

[Pjotr]

I like being in the minority, so...

OK, AV software isn't needed on a Linux desktop (You could argue that it doesn't hurt to check before transferring files to a Windows box, especially if that box belongs to a child), but how would you describe Anti-Malware? Is it a program that just looks for malware and quarantines/deletes it? Or is Anti-Malware any program that attempts to make your system less likely to be hacked? (Which, incidentally, means nothing now with Meltdown and Spectre).

Is Firejail Anti-Malware? What about Apparmour? It's theoretically possible that both provide an attack vector that doesn't exist without installing and running them. So, are they different to other Anti-Malware programs? Or are they the next type of software that some will say isn't needed?

BTW, see Ubuntu Security Notices... There's not much you/we have installed that isn't/wasn't vulnerable at some time.

Apples and oranges.... Better not compare them.

Anti-malware is much too broad a term. Clearly, there are certain applications like sandboxing applications, that do provide a useful extra security bonus as net result (after deducting the inevitable risk caused by increase of attack surface connected to installing any application).

[BigEasy]

Multiple vulnerabilities have been discovered in ClamAV.

Congradilation! Those who have ClamAV installed, also have numbers of installed vulnerable programs =N+1. I personally prefer only N.

[Sir Charles]

Clearly, there are certain applications like sandboxing applications, that do provide a useful extra security bonus as net result (after deducting the inevitable risk caused by increase of attack surface connected to installing any application).

Couldn't the same argument apply to the AVs as well that they might "provide a useful extra security bonus as net result"?

[karlchen]

TomT3rd had pointed out that a Gentoo security notice has alerted users that several security breaches had been detected in Clamav, which have been fixed in Clamav version 0.99.3.
So the message was to those who use Clamav, check whether the bugfixed version is available on Linux Mint as well. If it is update asap. - It is available in the official repos by the way.
This is the short essence of the whole thread.

The question whether any of the mainstream antivirus products are of much use on Linux was of no relevance in this thread. This question has been discussed in too many threads already. No need to restart the same old cruisade over and over again, just because the trigger word "clamav" has been spotted.

[Pjotr]

Clearly, there are certain applications like sandboxing applications, that do provide a useful extra security bonus as net result (after deducting the inevitable risk caused by increase of attack surface connected to installing any application).

Couldn't the same argument apply to the AVs as well that they might "provide a useful extra security bonus as net result"?

No. Because AV doesn't provide any additional security for desktop Linux at all. Only, and I repeat only a decrease of security.

@karlchen: this old discussion will be repeated again and again, that's inevitable.... In my opinion, that's no problem. As long as it helps Linux beginners to make the right choices.

[Sir Charles]

No. Because AV doesn't provide any additional security for desktop Linux at all. Only, and I repeat only a decrease of security.

I guess then the idea of having an AV as an extra layer of security is in the bone marrow after years of having used Windows

[Moem]

I guess then the idea of having an AV as an extra layer of security is in the bone marrow after years of having used Windows

That's absolutely right. And there are many, many former Windows users who find it difficult to let go of that idea. There is a good reason why this thread has been sticky for years: viewtopic.php?f=90&t=31723
Maybe it should be updated and reposted as a new sticky thread.

[BigEasy]

I guess then the idea of having an AV as an extra layer of security is in the bone marrow after years of having used Windows

They having used Linux too but not yet realised it. Home roters working under the Linux. Kernels old as hell, last firmware update was long ago. And what? Go, install AV to router. It is not possible, so nobody cares.

[Sir Charles]

Kernels old as hell, last firmware update was long ago. And what? Go, install AV to router. It is not possible, so nobody cares.

Right, I guess not. I somehow find myself installing Clamav in all my installations but I never use it (not sharing files with Windows). Talking about force of the habit, bad habit.

PS. Home by the Sea, a beautiful one. It was long time ago, brought back a whole lot of memories. Thanks for the link

[chrisuk]

I guess then the idea of having an AV as an extra layer of security is in the bone marrow after years of having used Windows

They having used Linux too but not yet realised it. Home roters working under the Linux. Kernels old as hell, last firmware update was long ago. And what? Go, install AV to router. It is not possible, so nobody cares.

This

[Cosmo.]

So the message was to those who use Clamav, check whether the bugfixed version is available on Linux Mint as well. If it is update asap. - It is available in the official repos by the way.
This is the short essence of the whole thread.

This would had been correct, if the OP would not had added the last sentence in his starting post. What he wanted to express with this is something, he must explain. But for me it reads like "I use Sophos and there are no security holes, so I am safe."
Just at this time in February 2018 this is correct. But there are more than a dozen vulnerabilities listed for Sophos in the last year. Believing, that this AV is somehow more secure can only do a person, who closes his eyes very strongly against the hard and cruel facts.

Regarding this thread: With this little sentence the essence of this post had been completely changed. It was this changed essence (and not the word clamav) which caused me to write the allegedly stereotypical statement. The "old cruisade" had actually been restarted (possibly not intentionally) by this last sentence

[Pjotr]

This "crusade" is ongoing, for the foreseeable future.... Beginners don't read old threads on this forum, so they'll keep asking the same questions about antivirus.

Be prepared to answer them monthly or even weekly. That's how it is. Old Windows habits die hard.

[all41]

Yes--Mint is missing out on such things as antivirus and malware program downloads from unknown sources, malware scans, definition updates, scan scheduling, false reports, scanning and cleaning with untrusted cleaner software, defragging, os updates holding open shutdown and reboot, and now even mandatory updates.