Le Mar 20 jan 11:27:27 2004, Tomasz Kojm écrit: > > > PING/PONG is useless. It could have been better if the server had > > > send a banner at connection startup. > > > > Good point - that's much better for determining server state upon > > connection. This banner should also include the clamd version so that > > Because clamd doesn't use any authorization mechanism, banner is not a > good idea (for security reasons).
The banner may be a random or implementation dependant string if you don't want someone guess what it is. STREAM is worst against illegal use. It open a socket and a malicious used may send tons of STREAM to open all avaiable file descriptors. I'm not sure they are closed when the mail connection is closed in recent releases. > > > - server may close the stream connection when a virus is found > > > at start of data (not documented) > > > > Without saying 'stream: VIRUSNAME FOUND'? That's bad. > > No, it won't do that ! As far I guess "stream:" is the "file name". What if the file name containts ": " or if the virus string contraints "FOUND" ? A parser should check the begin and the end of the string to seek the virus name in the middle, its too much work for a so little thing. Something like this OK FOUND VIRUSNAME ERROR whatever should be more easy to parse. ------------------------------------------------------- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
