9e5aaab242
- A vulnerability in ClamAV's chm-parser allowed remote attackers to cause a denial of service (application crash) via a malformed CHM file (CVE-2008-1389). - A vulnerability in libclamav would allow attackers to cause a denial of service via vectors related to an out-of-memory condition (CVE-2008-3912). - Multiple memory leaks were found in ClamAV that could possibly allow attackers to cause a denial of service via excessive memory consumption (CVE-2008-3913). - A number of unspecified vulnerabilities in ClamAV were reported that have an unknown impact and attack vectors related to file descriptor leaks (CVE-2008-3914). various OpenBSD patches rolled in upstream. thanks to sturm@ for looking over systrace.filter (needed for the test of sendmsg() in configure to enable FD passing).
30 lines
1011 B
Plaintext
30 lines
1011 B
Plaintext
--- etc/clamd.conf.orig Tue Sep 2 12:59:05 2008
|
|
+++ etc/clamd.conf Fri Sep 5 02:32:34 2008
|
|
@@ -11,7 +11,7 @@ Example
|
|
# LogFile must be writable for the user running daemon.
|
|
# A full path is required.
|
|
# Default: disabled
|
|
-#LogFile /tmp/clamd.log
|
|
+#LogFile /var/log/clamd.log
|
|
|
|
# By default the log file is locked for writing - the lock protects against
|
|
# running clamd multiple times (if want to run another clamd, please
|
|
@@ -62,7 +62,7 @@ Example
|
|
|
|
# Path to the database directory.
|
|
# Default: hardcoded (depends on installation options)
|
|
-#DatabaseDirectory /var/lib/clamav
|
|
+#DatabaseDirectory /var/db/clamav
|
|
|
|
# The daemon works in a local OR a network mode. Due to security reasons we
|
|
# recommend the local mode.
|
|
@@ -147,7 +147,7 @@ LocalSocket /tmp/clamd.socket
|
|
|
|
# Run as another user (clamd must be started by root for this option to work)
|
|
# Default: don't drop privileges
|
|
-#User clamav
|
|
+#User _clamav
|
|
|
|
# Initialize supplementary group access (clamd must be started by root).
|
|
# Default: no
|