<p>Automatic updates are the only rational approach for most businesses in today’s world of 24/7 Internet connectivity, malware and 0-day vulnerabilities.</p>
<p>If you happen to be a Fortune 500 company you can pay a guy to stay on security vulnerability announcements full-time. He can download/test/integrate and run all your regression tests ( you did write regression tests for everything, right?) But if you’re not, you can’t.</p>
<p>So, I’ve been a bit behind on monitoring the SANS Internet Storm Center blog, and apparently while I was on vacation, a <a href="http://isc.sans.org/diary.php?date=2005-07-26">ClamAV vulnerability</a> was reported. A maliciously crafted e-mail can cause a remote execution to run as the user who runs <a href="http://www.clamav.net/">ClamAV</a>, probably postfix in my case. An appropriately determined cracker could screw with my mail system. Versions 0.86.1 and lower are <a href="http://www.osvdb.org/displayvuln.php?osvdb_id=18259">affected</a>.</p>
<p>So, I hop on my server, and check to make sure clamav is a package I was wise enough to install from a repository:<br />
yum list clamav
Gathering header information file(s) from server(s)
Server: Dag RPM Repository for older Red Hat Linux
Server: Red Hat Linux 9 - i386 - os
Server: Red Hat Linux 9 - i386 - updates
Finding updated packages
Downloading needed headers
Looking in Available Packages:
Name Arch Version Repo
——————————————————————————–<p>Installed Packages:<br />Name Arch Version Repo
——————————————————————————–
clamav i386 0.86.2-1.0.rh9.rf db<p>Yep, I’m getting clamav from <a href="http://dag.wieers.com/home-made/apt/">Dag</a> Next time I’m in Belgium, Dag’s getting a beer.</p> <p>Now, doublecheck that I have the current version running:<br />
rpm -q clamav
clamav-0.86.2-1.0.rh9.rf
<p>Yep, it was installed while I was on vacation. Good deal.</p>