pkgsrc-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

security/clamav: freshclam patch to avoid leaking proxy ip address



Hi,

freshclam may leak the ip address of a proxy server configured with
"HTTPProxyServer" via DNS requests:

    # /opt/pkgsrc/bin/freshclam --verbose
    Current working dir is /opt/pkgsrc/var/clamav
    Max retries == 3
    ClamAV update process started at Wed May  7 12:45:31 2014
    Using IPv6 aware code
    Querying current.cvd.clamav.net
    TTL: 1383
    Software version from DNS: 0.98.1
    main.cvd version from DNS: 55
    Connecting via www-proxy.14v.de
    main.cld is up to date (version: 55, sigs: 2424225, f-level: 60, builder: 
neo)
    Connecting via www-proxy.14v.de
    Retrieving http://db.de.clamav.net/daily.cvd
    Trying to download http://db.de.clamav.net/daily.cvd (IP: 212.82.32.8)
    Downloading daily.cvd [100%]
    Loading signatures from daily.cvd
    Properly loaded 935474 signatures from new daily.cvd
    daily.cvd updated (version: 18937, sigs: 935468, f-level: 63, builder: neo)
=>  Querying daily.18937.76.1.0.D4522008.ping.clamav.net
    bytecode.cvd version from DNS: 236
    Connecting via www-proxy.14v.de
    Retrieving http://db.de.clamav.net/bytecode-236.cdiff
    Trying to download http://db.de.clamav.net/bytecode-236.cdiff (IP: 
212.82.32.8)
    Downloading bytecode-236.cdiff [100%]
    cdiff_apply: Parsed 6 lines and executed 6 commands
    Loading signatures from bytecode.cld
    Properly loaded 43 signatures from new bytecode.cld
    bytecode.cld updated (version: 236, sigs: 43, f-level: 63, builder: 
dgoddard)
=>  Querying bytecode.236.76.1.0.D4522008.ping.clamav.net
    Database updated (3359736 signatures) from db.de.clamav.net
    Clamd successfully notified about the update.

Here, proxy ip address is 212.82.32.8 = 0xD4522008. Apparently this is a
bug, it should instead be the hex ip address of the clamav mirror used.

Bug is filed upstream
(https://bugzilla.clamav.net/show_bug.cgi?id=10984) and scheduled to be
fixed in 0.98.5

I have attached a crude patch that entirely disables this type of mirror
stat collection (can't be done in freshclam.conf).

If you don't like your internal proxy addresses exposed, you might
want to put this patch into your $LOCALPATCHES directory.

Regards
Matthias Ferdinand
$NetBSD$

https://bugzilla.clamav.net/show_bug.cgi?id=10984 (requires login)

mirror_stats leak internal http proxy ip addresses via dns query;
scheduled to be fixed in 0.98.5

--- freshclam/manager.c.orig    2014-01-13 17:02:18.000000000 +0000
+++ freshclam/manager.c
@@ -2071,7 +2071,7 @@ updatedb (const char *dbname, const char
 
 
     if (cli_strbcasestr (hostname, ".clamav.net"))
-        mirror_stats = 1;
+        mirror_stats = 0;
 
     snprintf (cvdfile, sizeof (cvdfile), "%s.cvd", dbname);
     snprintf (cldfile, sizeof (cldfile), "%s.cld", dbname);


Home | Main Index | Thread Index | Old Index