On Thu, 11 Mar 2010 13:29:16 +0000 (GMT) "G.W. Haywood" <[email protected]> wrote:
> Hi there, > > On Thu, 11 Mar 2010 David F. Skoll wrote: > > > I noticed the announcement of the bytecode interpreter in the 0.96-rc1 > > announcement. > > ... > > Why do we need the bytecode interpreter? Can we disable it if we decide > > the cons outweigh the pros? > > I was about to write something along these lines when Mr. Skoll's post > arrived. The very idea of a bytecode interpreter in ClamAV gives me > the creeps. It sounds like a whole bunch of vulnerabilities waiting > to happen. Due to security reasons all bytecodes need to be digitally signed, so no 3rd parties will be able to inject any code into your installations. When it comes to vulnerabilities, they will not be that critical as vulnerabilities in the regular code since all bytecodes can be remotely fixed/removed. > I'd like to add my voice to those who want an easy way to > disable it - I can see nothing in the clamd.conf man page for 0.96-rc1 > which offers any solace. As Edwin already described, you just set the "Bytecode" option to "no" in freshclam.conf. > In the same man page there are a couple of small formatting errors in > the bold attributes for LocalSocketGroup and LocalSocketMode. Thanks, this will be fixed in the next release Regards, -- oo ..... Tomasz Kojm <[email protected]> (\/)\......... http://www.ClamAV.net/gpg/tkojm.gpg \..........._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Thu Mar 11 15:12:49 CET 2010 _______________________________________________ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net
