Skip to content

The Way of The Yum [repost]

<p>Automatic updates are the only rational approach for most businesses in today’s world of 24/7 Internet connectivity, malware and 0-day vulnerabilities.</p>
<p>If you happen to be a Fortune 500 company you can pay a guy to stay on security vulnerability announcements full-time.  He can download/test/integrate and run all your regression tests ( you did write regression tests for everything, right?)  But if you’re not, you can’t.</p>
<p>So, I’ve been a bit behind on monitoring the SANS Internet Storm Center blog, and apparently while I was on vacation, a <a href="">ClamAV vulnerability</a> was reported.  A maliciously crafted e-mail can cause a remote execution to run as the user who runs <a href="">ClamAV</a>, probably postfix in my case.   An appropriately determined cracker could screw with my mail system.  Versions 0.86.1 and lower are <a href="">affected</a>.</p>
<p>So, I hop on my server, and check to make sure clamav is a package I was wise enough to install from a repository:<br />

yum list clamav
Gathering header information file(s) from server(s)
Server: Dag RPM Repository for older Red Hat Linux
Server: Red Hat Linux 9 - i386 - os
Server: Red Hat Linux 9 - i386 - updates
Finding updated packages
Downloading needed headers
Looking in Available Packages:
Name Arch Version Repo

<p>Installed Packages:<br />

Name Arch Version Repo
clamav i386 0.86.2-1.0.rh9.rf db

<p>Yep, I’m getting clamav from <a href="">Dag</a>  Next time I’m in Belgium, Dag’s getting a beer.</p>
<p>Now, doublecheck that I have the current version running:<br />

rpm -q clamav

<p>Yep, it was installed while I was on vacation.   Good deal.</p>