On Aug 11, 2004, at 10:40 AM, Damian Menscher wrote:
On Wed, 11 Aug 2004, Lionel Bouton wrote:
Since some time I am thinking of a bittorrent approach too. Bittorrent
is quite efficient at distributing files and there are implementations
allowing multiple trackers to distribute the remaining server-side load.
Please take this as a question rather than a criticism of the approach:
My experience with bittorrent has been with downloading huge things, like Fedora. <snip>
I've never used bittorrent so I'm afraid I can't comment there.
With regard to all the other ideas: Please remember to keep this *simple*. Here's where I, IMHO, think we stand:
Opening a new port on a mailserver so updates can be pushed to it is a BAD idea. As a sysadmin, I would not allow such a thing on my production machines. It creates a huge security risk, since now you have one more opening to a remote root vulnerability.
Just a clarification of what I accidentally proposed earlier: it wouldn't be so much a mail server doing this, just a daemon and application modeled after mail. I think it's pretty clear thanks to SPAMmers all around the Internet that email protocols are broken, but the basic simplicity of the model behind SMTP could be applied to send out a subscription of encrypted and signed updates to people who sign up for it...it would be more like a whitelisted email system in *concept* only. I was proposing that only because the basics are already out there in framework in the form of email...but we don't want something that accepts random or additional info. Just updates for our Clam programs.
Yes, it could be another root vulnerability, and it would be a bigger target because AV kiddies are usually the kind that are more likely to attempt DOS attacks against servers if there's a central target to hit.
I'm really starting to like the idea of a mailing list that can have
dedicated (and random for each site) subscription addresses and pipe the
list straight into "sigtool --add". It means we'd have to find someone
to host the list, but that's probably no more difficult than finding
someone to host a mirror. Presumably there could even be multiple
"mirrors" sending the list, to improve speed (taking an idea from
spammers who use open relays to do the hard part).
One thing to add to the mailing list approach: there needs to be some
sort of "heartbeat" or "dead man's switch" -- a way to know that the
mailing list is functional, but there are no needed updates, rather than
that the mailing list has broken. I suppose this might be a use for
that latest-db-version.clamav.net idea.
Here's a second idea to combine with the first...use a freenet model. At least I think that's the name...
It's P2P and anonymous; and (my memory is foggy...can someone confirm the details?) it is kind of like a mesh "network within a network". It was originally meant as a totally free and distributed way for P2P transfers of information. Everyone shares information and it gets distributed on computers, and you as a client/server have no control or idea what is in your allocated "sharing space". Could be illegal material, could be shakespeare, you don't know (Freenet, that is).
If we had a meshed system of a "live network within a network" of updates with this model, it may be an interesting infrastructure not only for rapid updates, but impossible (improbable?) denial of service attacks, and the possibility of even tagging exe's for analysis later...they could just be swept up in the "grid" and analyzed when they reach the appropriate team members. The sigs could be updates and swept into the grid where they'd be distributed to sysadmins.
Again, probably impractical, but just enjoying the brainstorming that's going on on the list recently. :-) It would be more complicated that previous ideas, yes, but it may lay groundwork for future features or ideas, like maybe a way to monitor virus activity and send out statistics to users who wish to setup that ability for monitoring outbreaks in certain regions of the Internet.
-Bart
------------------------------------------------------- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
