STEVE: Okay. So in the last couple weeks a bunch of stuff has happened. First of all, probably maybe most important, there's a huge problem has been found in the ClamAV system.
LEO: Oh, dear. That's not good.
STEVE: It's open source, as you know, very popular open source antivirus. The problem is that because it's open source, the bad guys have the same access to it as the good guys have. So there are proof-of-concept exploits out such that, if you've got ClamAV filtering your email for malware, viruses, spam, whatever, you can send somebody using the current release of ClamAV a deliberate malformed piece of email. The email scanner has a buffer overflow in it.
LEO: Oh, interesting.
STEVE: Which means that - and, for example, ClamAV is often run on email servers, where it'll be, like, scanning all the mail coming into a corporate facility, to the corporate server. So spam - and as far as we know it's not in the wild yet. Updates are available. So I wanted to make sure that anyone who thinks maybe even their corporation, if they think their corporation IT guys are using ClamAV, make sure they have updated to the latest because - and it's not the signatures they need to update. That's probably happening all the time. It's the code itself has a problem such that just it receiving spam can take over the server.
LEO: That's wild. That is wild.
STEVE: Yeah. So anyway, so...
LEO: So people would - spammers would send out this message to everybody, hoping that they're going to snag somebody who's running the ClamAV...
STEVE: Exactly. Anybody who has not updated, who's running the pre-most recent update, would be vulnerable. And their own AV, I mean, when you think about it, the last place you want a buffer overrun or a similar sort of exploit is in your AV, which you've added to make your system more secure. In the process you've made it much more vulnerable.
LEO: And by the way, it's not just ClamAV. I've heard these kinds of similar buffer overruns with...
STEVE: Yes. I don't mean to be picking...
LEO: Almost all antiviruses seem to have this problem, or have had this problem at one point or another.
STEVE: Well, remember my favorite quote from the RSA show is "Information wants to be free, and code wants to be wrong."
LEO: The other thing you should pay attention to is that ClamAV is used as the engine for many other third-party solutions, so you might want to check and see what the AV engine is in your solution and update as needed.