Re: Addressing the recent zlib issue

To: debian-security@lists.debian.org
Subject: Re: Addressing the recent zlib issue
From: Florian Weimer <fw@deneb.enyo.de>
Date: Tue, 12 Jul 2005 18:40:55 +0200
Message-id: <[🔎] 874qb00yg8.fsf@deneb.enyo.de>
In-reply-to: <[🔎] 20050712162631.GA10210@sirena.org.uk> (Mark Brown's message of "Tue, 12 Jul 2005 19:26:31 +0300")
References: <[🔎] 87pstqzrqo.fsf@deneb.enyo.de> <[🔎] 87slyk10e2.fsf@deneb.enyo.de> <[🔎] 20050712162631.GA10210@sirena.org.uk>

* Mark Brown:

>> If you've got a reasonable complete copy of the Debian package pool
>> and you are willing to run Clamav across it, please respond to this
>> message.
>
> Oh, I was actually just working on some other approaches to checking for
> people doing this sort of stuff and right now I've got access to a very
> nice mirror - I think I may just give it a go.

I'd be especially interested in a test run against dpkg*.deb (across
many architectures).  You need to supply the --deb parameter,
otherwise it won't work, and you should use the CAN-2005-2096.db
signature database.

Running clamscan across the whole package pool will take some time,
though.  Decompressing and scanning are both quite CPU-intensive
operations.  Unfortunately, we have to check all architectures
individually because spurious buildd configuration changes might
trigger static linking of zlib.

Reply to:

Follow-Ups:
- Re: Addressing the recent zlib issue
  - From: Mark Brown <broonie@sirena.org.uk>

References:
- Addressing the recent zlib issue
  - From: Florian Weimer <fw@deneb.enyo.de>
- Re: Addressing the recent zlib issue
  - From: Florian Weimer <fw@deneb.enyo.de>
- Re: Addressing the recent zlib issue
  - From: Mark Brown <broonie@sirena.org.uk>

Prev by Date: unsubscribe
Next by Date: Re: New squid packages 2.4.6-2woody9 restarts very often.
Previous by thread: Re: Addressing the recent zlib issue
Next by thread: Re: Addressing the recent zlib issue
Index(es):
- Date
- Thread