Noel Jones wrote:
At 09:19 AM 12/30/2006, Christopher X. Candreva wrote:
How exactly is this better then a possibe false-positive, if a
corrupted sig
happens to match some valid piece of mail ?
The maintainers don't distribute corrupted signatures, so if the sig
database is corrupted something is seriously wrong, and you have no way
of knowing the effect of the error.
What if the corrupted database matches EVERYTHING? Is it better to
reject (or discard!) all mail as viruses? Is it better to just ignore
the corrupted database and happily scan with no or limited signatures?
No, the current behavior is the safe choice.
No - it is not. Best is to ignore the corrupt database and rename it
when it has been determined to be corrupt. Accepting all viruses is not
corruption - it is a very bad idea, but not corruption.
By dropping dead clamd leaves mail arriving unscanned entirely.
Especially since it drops dead silently. And an option is to tempfail
mail until the scanner is running again but now we're impacting work and
schedules and mail based revenue.
But because the default for corrupted databases is for clamd to go off
the grid we users are well advised to pre-scan the new databases before
implementing them. My understanding is this is handled by freshclam for
ClamAV databases but not for third-party databases.
dp
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
