adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
94de45d856b7d4ea32456bbdc7531af67bfbcaa1
metasploit-gs/documentation/modules/auxiliary/scanner/misc/clamav_control.md
T
wchen-r7 a1b1b31f98 Update clamav_control.md
2016-06-22 15:49:23 -05:00

91 lines
2.2 KiB
Markdown
Raw Blame History

ClamAV is an open source antivirus engine for detecting trojans, viruses, malare, and other
malicious threats.
clamav_control takes advantage of a possible misconfiguration in the ClamAV service on release
0.99.2 if the service is tied to a socket, and allows you fingerprint the version, and being
able to shut down the service.
## Vulnerable Application
To install ClamAV from Ubuntu:
```
$ sudo apt-get install clamav clamav-daemon
$ sudo freshclam
```
You might also need to add the following to /etc/clamav/clamd.conf:
```
# TCP port address.
# Default: no
TCPSocket 3310
# TCP address.
# By default we bind to INADDR_ANY, probably not wise.
# Enable the following to provide some degree of protection
# from the outside world.
# Default: no
TCPAddr 0.0.0.0
# Maximum length the queue of pending connections may grow to.
# Default: 15
MaxConnectionQueueLength 30
# Clamd uses FTP-like protocol to receive data from remote clients.
# If you are using clamav-milter to balance load between remote clamd daemons
# on firewall servers you may need to tune the options below.
# Close the connection when the data size limit is exceeded.
# The value should match your MTA's limit for a maximum attachment size.
# Default: 10M
StreamMaxLength 55M
# Limit port range.
# Default: 1024
#StreamMinPort 30000
# Default: 2048
#StreamMaxPort 32000
# Maximum number of threads running at the same time.
# Default: 10
MaxThreads 50
# Waiting for data from a client socket will timeout after this time (seconds).
# Value of 0 disables the timeout.
# Default: 120
ReadTimeout 300
# Waiting for a new job will timeout after this time (seconds).
# Default: 30
#IdleTimeout 60
# Maximum depth directories are scanned at.
# Default: 15
#MaxDirectoryRecursion 20
```
And finally, start the service:
```
$ sudo /etc/init.d/clamav-daemon start
```
## Options
clamav_control comes with two actions:
**VERSION**
This is the default action, and shows you the ClamAV version. Output example:
```
msf auxiliary(clamav_control) > run
[+] 192.168.1.203:3310 - ClamAV 0.98.7/21772/Wed Jun 22 12:54:15 2016
```
**SHUTDOWN**
This action allows you to shutdown ClamAV. You can also use the VERSION action again to verify
whether is service is down or not.
Reference in New Issue View Git Blame Copy Permalink