On Wed, 3 Nov 2004, Jason Haar wrote: ; Hi there ; ; I think the TCP option needs some more explicit documentation, as I have ; begun seeing RPMs of clamav where the Socket option is *disabled* and the ; TCP option is *enabled* as the defaults. ; ; As far as I'm aware, that is *not* a good idea. Not only are there now ; network security issues you should attend to, but the TCP option IS ALWAYS ; SLOWER THAN THE SOCKET MODE (please tell me if I am wrong). From what I can ; gather, clamdscan has to pipe the entire file/directory to clamd over TCP - ; whereas it only has to tell clamd where the file/dir is over Sockets.
What we're talking about here in just the control connection between clamdscan and clamd. There is actually no functional difference between the two modes; clamdscan can instruct clamd to scan a named file/directory OR ask it to open a TCP port over which to accept a file with both control socket options. There is a slight speed difference in communicating over a unix domain socket rather than inet domain but, for the amount of data that's actually communicated over this, it's extremely slight and insignificant against the greater overhead of actually doing the scan. However, I agree with you from the security point - I'd rather that no TCP ports were opened by default by installing the RPM. A. _______________________________________________ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
