On Mon, Jun 21, 2004 at 06:20:14PM -0400, Tomasz Kojm wrote: > > > - link against libclamav > > > - directly use the virus databases > > > - include our code in your software (obvious ;-)) > > could he write a shim that is LGPL'd that links to libclamav? > Well, I don't know. This is a question to a lawyer.
1) The shim should be GPL'd, especially if it will be linked with GPL code.
2) The GPL'd shim should only use published API calls (such that any 3rd party could have written it - 3rd parties do this frequently for other commercial products)
3) The non-GPL product must publish the API calls that the GPL shim uses, such that any 3rd party could write their own GPL'd shim or similar.
4) The GPL'd shim should be released and distributed separately, with source code. The GPL'd shim should be made freely available on a ftp and web site (even if the product that it is designed for is not). Use sourceforge.net or similar to disassociate yourself from it.
5) The product should not rely only on GPL products. Either a persuasive case needs to be made as part of the marketting strategy, that the product is only an infrastructure product - incomplete on its own, or it must come with a non-GPL product, but with the option to use a GPL product instead. (i.e. you can't sell the solution as complete, if it isn't complete)
The above five bits of advice are from a non-lawyer, who has tried to be aware of the issues from a legal standpoint. Many companies choose to do less than the above. They get away with it. Do so at your own risk.
All those things would be OK in our case (except for (4) as written. The shim would be released separately with source code, but not on sourceforge.net - that just makes life hard for our users). For (5), 'out of the box', the commercial product simply doesn't use a virus scanner to check for infected emails. You could decide to buy Sophos, avast!, Panda (and soon several others) to use as virus scanners, or you could use ClamAV. So, the product wouldn't rely in any way on the use of the GPL software, it'd work quite happily without it, just with a slightly restricted featureset unless you purchase a commercial product instead.
But, in any case, it looks like we'll be using clamd for technical reasons anyway, so all this might be irrelevant for us, but possibly still relevant for others. (Can we persuade the developers of ClamAV to release the DLL under the LGPL instead, life would be much simpler then, and still keep the spirit of the thing? :) )
Paul VPOP3 - Internet Email Server/Gateway [EMAIL PROTECTED] http://www.pscs.co.uk/
-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com
_______________________________________________
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users
