> -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Andy Fiddaman > Sent: Thursday, November 04, 2004 6:49 AM > > > > On Wed, 3 Nov 2004, Jason Haar wrote: > > ; Hi there > ; > ; I think the TCP option needs some more explicit documentation, as I have > ; begun seeing RPMs of clamav where the Socket option is > *disabled* and the > ; TCP option is *enabled* as the defaults. > ; > ; As far as I'm aware, that is *not* a good idea. Not only are there now > ; network security issues you should attend to, but the TCP > option IS ALWAYS > ; SLOWER THAN THE SOCKET MODE (please tell me if I am wrong). > From what I can > ; gather, clamdscan has to pipe the entire file/directory to > clamd over TCP - > ; whereas it only has to tell clamd where the file/dir is over Sockets. > > What we're talking about here in just the control connection > between clamdscan > and clamd. There is actually no functional difference between > the two modes; > clamdscan can instruct clamd to scan a named file/directory OR > ask it to open a > TCP port over which to accept a file with both control socket options. > > There is a slight speed difference in communicating over a unix > domain socket > rather than inet domain but, for the amount of data that's actually > communicated over this, it's extremely slight and insignificant > against the > greater overhead of actually doing the scan. > > However, I agree with you from the security point - I'd rather that no > TCP ports were opened by default by installing the RPM. >
I agree... having clamd listening over TCP *with no restriction over the network* is vulnerable to DoS attack as _any_ client could inject a lot of scanning on the server. Even more if it is a home user PC that connects directly to the internet... - SamSam _______________________________________________ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
