Download - Baking Clam(AV)s For Fun & Profit
![Page 1: Baking Clam(AV)s For Fun & Profit](https://reader038.vdocuments.mx/reader038/viewer/2022100600/55646767d8b42ae57c8b47e0/html5/thumbnails/1.jpg)
Baking Clam(AV)s for Fun & Profit.
ClamAV in a network accessible configuration provides not only remote virus scanning, but also
the potential for DOS, etc.
![Page 2: Baking Clam(AV)s For Fun & Profit](https://reader038.vdocuments.mx/reader038/viewer/2022100600/55646767d8b42ae57c8b47e0/html5/thumbnails/2.jpg)
ClamAV-what it is.
Open Source SoftwareProvides Virus ScanningCurrently owned by Sourcefire
![Page 3: Baking Clam(AV)s For Fun & Profit](https://reader038.vdocuments.mx/reader038/viewer/2022100600/55646767d8b42ae57c8b47e0/html5/thumbnails/3.jpg)
ClamAV-Component Overview What it does.
clamscanStand alone cmd line scanner
freshclamSignature DB update tool
clamdScanning Server
clamdscancmd line scanner ( scanning client )
clamav-milteremail scanning plugin ( scanning client )
![Page 4: Baking Clam(AV)s For Fun & Profit](https://reader038.vdocuments.mx/reader038/viewer/2022100600/55646767d8b42ae57c8b47e0/html5/thumbnails/4.jpg)
The Problem - DesignIn theory
ConfigurationClamd can bind to an IP address
No Access ControlsNo AuthenticationNo connection loggingDiscussed on ClamAV-user mailing list
July 22-23 2011
![Page 5: Baking Clam(AV)s For Fun & Profit](https://reader038.vdocuments.mx/reader038/viewer/2022100600/55646767d8b42ae57c8b47e0/html5/thumbnails/5.jpg)
The Problem - ImplementationIn practice
Availability of Administrative Commands.VERSION
ReconRELOAD
Default Virus DB size is about 50MBContinuous reloads result in High CPU utilization.
SHUTDOWNGuess what that does?A DOS of a networked ClamAV installation.
![Page 6: Baking Clam(AV)s For Fun & Profit](https://reader038.vdocuments.mx/reader038/viewer/2022100600/55646767d8b42ae57c8b47e0/html5/thumbnails/6.jpg)
The Defense
ConfigurationBind to a LOCAL SocketBind to loopback interface
Access Controls - FIREWALLMonitoring
![Page 7: Baking Clam(AV)s For Fun & Profit](https://reader038.vdocuments.mx/reader038/viewer/2022100600/55646767d8b42ae57c8b47e0/html5/thumbnails/7.jpg)
Tools - Shameless Plug
Clambake 0.2 - Enumeration & ( Stress ) TestingCCEE - Adds connection logging to clamd for administrative commandsclamd.monitorGet them all and more for free at http://www.cmpublishers.com/oss
![Page 9: Baking Clam(AV)s For Fun & Profit](https://reader038.vdocuments.mx/reader038/viewer/2022100600/55646767d8b42ae57c8b47e0/html5/thumbnails/9.jpg)
Thanks
GodBSides ROCCLAMAV Dev Team & SourcefireFolks on Clamav-users ML