On Sun, 10 Jul 2005, FJ wrote:
Yes, I do understand that, as you say, running Freshclam without support for digital signatures is my responsibility. My main concern is what kind of issues could arise from doing so? Would an invalid or poisoned file simply "crash" Clamav or could the mechanism be used to launch a wider attack against a system?
Nobody knows if it's possible to "0wn" a system via a poisoned file. If we knew that were possible, it would be trivial to fix the code to patch the vulnerability.
What *is* known is that a poisoned database could simply miss all viruses, allowing you to get infected. Even worse, it could identify _everything_ as a virus, causing you to quarantine (or delete) all sorts of important stuff (system files, incoming email, etc) depending on your setup.
So yes, there's a huge amount of trust placed in the database maintainers, and we have to hope they don't go bonkers on us. (Anyone remember that spam RBL site that decided to announce they were going to stop running by blacklisting the entire internet?)
Damian Menscher -- -=#| Physics Grad Student & SysAdmin @ U Illinois Urbana-Champaign |#=- -=#| 488 LLP, 1110 W. Green St, Urbana, IL 61801 Ofc:(217)333-0038 |#=- -=#| 4602 Beckman, VMIL/MS, Imaging Technology Group:(217)244-3074 |#=- -=#| <[EMAIL PROTECTED]> www.uiuc.edu/~menscher/ Fax:(217)333-9819 |#=- -=#| The above opinions are not necessarily those of my employers. |#=- _______________________________________________ http://lurker.clamav.net/list/clamav-users.html
