-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Christopher X. Candreva wrote: > On Sat, 30 Dec 2006, Sander Holthaus wrote: > > >> A malformed database points to: >> >> - - serious system malfunction - - security breach - - security >> breach / system malfunction between you and (or at) the database >> provider > > > In my experience, it means a database maintainer who made a simple > mistake in one line. Than that would be a database maintainer who does not check his own database after modification? > >> There is no point in using a malformed database and could even >> spell disaster. (Imagine it starts generating FP's en masse, >> which could be a side effect of a corrupted database). > > Having clam die spells disaster. If you've set your system to > tempfail on clam failure, you can't receive mail until it is fixed. > If you accept mail unscanned, you could infect your users, start > spreading viruses, and have a big clean-up job. > > How exactly is this better then a possibe false-positive, if a > corrupted sig happens to match some valid piece of mail ? A tempfail is not a disaster in most scenarios. You may not be able to receive mail until it is fixed, but you still get the mail after it is fixed. And a corrupt database is something that needs to be fixed anyway. Plus, if a database is corrupt, you have no guarentee that it is complete, so you might accept mail that IS infected.
As for the false positive. When it comes to email, an occassional FP isn't a disaster (sender gets notified, though normal people usually don't understand bounces), but I'm sure people do more than just scanning mail with clamav. In those scenarios, FP's could be much more problematic/destructive. Kind Regards, Sander Holthaus -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (MingW32) iD8DBQFFlop+Vf373DysOTURAp6TAKDvQNyWo5VvRdiSa7z3KcMBUfFdugCfb2IU lYxcthxmnbscLEkoHk5TEKY= =PY80 -----END PGP SIGNATURE----- _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
