CVE-2023-40477 affects the unrar library packaged with ClamAV. Various sources score the vulnerability differently from High to Critical. ClamAV have released an update to mitigate this vulnerability - announcement.

This is the 3rd or fourth critical vulnerability in the ClamAV package that ClearOS is now exposed to. It affects the File Scanner, Mail Antivirus and Gateway Antivirus apps. As always, I have updated the ClearOS package ready for them to incorporate into their build system and distribute through their repos. I really hope, for everyone's sake, that they do update the package.

Michael Proper wrote:
Alan - Looking forward to seeing if someone in the ClearOS Server community will be able to help you. If you have a paid version of ClearOS Server you are welcome to open a ClearCARE Support ticket.

What is the point of raising a ticket? Most O/S level tickets have gone unanswered since last August despite the contracted 4h or 24h response on Platinum and Gold subscriptions respectively.

Re: when I try to access web interface (:81) i get a error

Everything is running fine except the SSL-certificate for https:// is made for another subdomain which is not active.
I can access his site on his ordinary domain or IP with https but have to accept the (wrong) certificate which only Firefox is allowing.
BR
Sven

Everything is running fine except the SSL-certificate for https:// is made for another subdomain which is not active.
I can access his site on his ordinary domain or IP with https but have to accept the (wrong) certificate which only Firefox is allowing.
BR
Sven

I used Firefox on your working www. domain, accepted the faulty certificate and came to the login page, so it should work.

Did you reply in the wrong thread ?
I think either your SSL-certificate or subdomain is wrongly configured, depending on what you want to acheive. They are not consistent so you get an error for missing site or invalid cert depending on subdomain.

Michael Proper wrote:

ZonderMet,

Nice to see a community member help another community member, and your response is solid on the technology side. It's not accurate on the direction or support term.

ClearCenter will provide support for paid customers and will enable community members to support other non-supported/paid community members just like here in your response to Jessica.

Thank you for your understanding and continued support as we too have given much over the years to bring ClearOS Server to the World. We just see a bigger picture of where the future is going and need to redirect non-paid resources for the time being.

Much love!

Hi Micheal,
Good to see you are still alive.
I am one of those paying customers. I am still managing five or so paid systems. No one has any recent (security) update. Emails concerning the Subscription Renewal aren't being answered. When I needed support in spring, all I got was a reply from Nick one and a half months later.
Just check the latest posts on the forum. Not a sign of any active support. You yourself said you where going to enlighten us in the near future. That was more than half a year ago.

It's easy for you to say "We just see a bigger picture of where the future is going and need to redirect non-paid resources for the time being. " But you are not sharing where the future is going according to you.
It's like expecting people to pay upfront for a tank of gas, when the last couple of times there was no gas, and no supply truck in sight.


I am guessing ClearOS was caught with their pants down when Red Hat announced that CentOS had no future anymore. Or maybe it was already at the horizon and this kickstarted the collaps.
Looking back, I should have figured out it might have been a sign that I lost touch with Dave, Colin and Tyler (R.) for instance. It was looking so positive in 2018.

So please, if you have some actual news, even if it means you guys are going to pull the plug, bring that news instead repeating everything is fine, when it so clearly isn't.

A lot of love back, and really hoping this is not your main line of work and the Cellular thing is going more smoothly

M. Proper wrote

I would bet you work directly or indirectly for a competitive (clipped)

Neither - I am retired and work for nobody. In addition have have no financial interest or shares in any company that may be a competitor of yours.

Just disappointed to see a company act the way Clear does currently. Accepting money for a service and not providing that service. Not providing software security updates to firewall software you recommend for SOHO use and in an age of increasing violations. Just calling a spade a spade.

How about you do something positive like provide updates, pay your bills on time to stop the disruption to your users and actually give of clear details of what will actually replace ClearOS 7 (if such exists). "Keep the faith" - let's have actions, not words.

This could be a taste of what is to come. AWS shut down the Clearcenter servers yesterday (which includes the forums so take note of this post manually, don't bookmark it). Presumably the bill was eventually paid but not everything has come back up. If it happens permanently, things you could do to help yourself:

1 - move out of the way /etc/yum/pluginconf.d/clearcenter-marketplace.conf
2 - install ntp as this overrides the timesync app, or edit /etc/clearos/date.conf and put in your favourite time server, perhaps using a more local one like 0.uk.pool.ntp.org for me.
3 - The clearsdn.com domain will go down, try adding a line to a file you create (with any name you want) in /etc/dnsmasq.d/ with:Then restart dnsmasq. I didn't get to fully test it yesterday, but it may sort out the unresponsive webconfig. Don't do it unless you have done 1) and 2). If that does not work, you'll have to hunt down the the FQDN which you need to redirect to 127.0.0.0 (not a typo, don't use 172.0.0.1).
4 - If you need a Free DDNS name, you'll have to find a provider then either install their own DDNS updater or use ddclient to update it.

Don't be surprised if ClearOS disappears permanantly and the last person to leave switches off the lights :-)

ClearOS upper management couldn't care less about ClearOS users. No apologies by them for the disruptions to the site and powererdbyclear dns. No valid reason given for zero updates. The only support person for these forums for the last many months let go. Paid customers not receiving the updates and support they have paid for.

ClearOS users should urgently be making alternative arrangements if not already doing so. The outlook doesn't look good for ClearOS. Piss poor company that promotes a firewall solution having no support and using outdated and insecure software; and for paid customers taking money, then not providing the support.