|
| 1 | +ClamAV is an open source antivirus engine for detecting trojans, viruses, malare, and other |
| 2 | +malicious threats. |
| 3 | + |
| 4 | +clamav_control takes advantage of a possible misconfiguration in the ClamAV service on release |
| 5 | +0.99.2 if the service is tied to a socket, and allows you fingerprint the version, and being |
| 6 | +able to shut down the service. |
| 7 | + |
| 8 | +## Vulnerable Application |
| 9 | + |
| 10 | +To install ClamAV from Ubuntu: |
| 11 | + |
| 12 | +``` |
| 13 | +$ sudo apt-get install clamav clamav-daemon |
| 14 | +$ sudo freshclam |
| 15 | +``` |
| 16 | + |
| 17 | +You might also need to add the following to /etc/clamav/clamd.conf: |
| 18 | + |
| 19 | +``` |
| 20 | +# TCP port address. |
| 21 | +# Default: no |
| 22 | +TCPSocket 3310 |
| 23 | +
|
| 24 | +# TCP address. |
| 25 | +# By default we bind to INADDR_ANY, probably not wise. |
| 26 | +# Enable the following to provide some degree of protection |
| 27 | +# from the outside world. |
| 28 | +# Default: no |
| 29 | +TCPAddr 0.0.0.0 |
| 30 | +
|
| 31 | +# Maximum length the queue of pending connections may grow to. |
| 32 | +# Default: 15 |
| 33 | +MaxConnectionQueueLength 30 |
| 34 | +
|
| 35 | +# Clamd uses FTP-like protocol to receive data from remote clients. |
| 36 | +# If you are using clamav-milter to balance load between remote clamd daemons |
| 37 | +# on firewall servers you may need to tune the options below. |
| 38 | +
|
| 39 | +# Close the connection when the data size limit is exceeded. |
| 40 | +# The value should match your MTA's limit for a maximum attachment size. |
| 41 | +# Default: 10M |
| 42 | +StreamMaxLength 55M |
| 43 | +
|
| 44 | +# Limit port range. |
| 45 | +# Default: 1024 |
| 46 | +#StreamMinPort 30000 |
| 47 | +# Default: 2048 |
| 48 | +#StreamMaxPort 32000 |
| 49 | +
|
| 50 | +# Maximum number of threads running at the same time. |
| 51 | +# Default: 10 |
| 52 | +MaxThreads 50 |
| 53 | +
|
| 54 | +# Waiting for data from a client socket will timeout after this time (seconds). |
| 55 | +# Value of 0 disables the timeout. |
| 56 | +# Default: 120 |
| 57 | +ReadTimeout 300 |
| 58 | +
|
| 59 | +# Waiting for a new job will timeout after this time (seconds). |
| 60 | +# Default: 30 |
| 61 | +#IdleTimeout 60 |
| 62 | +
|
| 63 | +# Maximum depth directories are scanned at. |
| 64 | +# Default: 15 |
| 65 | +#MaxDirectoryRecursion 20 |
| 66 | +``` |
| 67 | + |
| 68 | +And finally, start the service: |
| 69 | + |
| 70 | +``` |
| 71 | +$ sudo /etc/init.d/clamav-daemon start |
| 72 | +``` |
| 73 | + |
| 74 | +## Options |
| 75 | + |
| 76 | +clamav_control comes with two actions: |
| 77 | + |
| 78 | +**VERSION** |
| 79 | + |
| 80 | +This is the default action, and shows you the ClamAV version. Output example: |
| 81 | + |
| 82 | +``` |
| 83 | +msf auxiliary(clamav_control) > run |
| 84 | +
|
| 85 | +[+] 192.168.1.203:3310 - ClamAV 0.98.7/21772/Wed Jun 22 12:54:15 2016 |
| 86 | +``` |
| 87 | + |
| 88 | +**SHUTDOWN** |
| 89 | + |
| 90 | +This action allows you to shutdown ClamAV. You can also use the VERSION action again to verify |
| 91 | +whether is service is down or not. |
0 commit comments