On 6/11/07, snowcrash <[EMAIL PROTECTED]> wrote: > > hi, > > > Tcpwrappers hearkens back to a time before firewalls. > > true. but, even clamav makes it available as a build option (fairly > recently added, iirc?) -- just for clamav-milter, NOT clamd ... > > but you're correct. > > > But why is your second option not optimal? > > Simply 'one more thing' to take care of ... external to the apps involved. > > > clamd.conf is where you should tell clamd where > > to provide it's service. Likewise, the OS firewall is the place where > you > > should tell your OS who can access your services. > > if that were uniformly true, that would be great ... but, per my > example, SA & Exim take a different approach, allowing that > specification WITHIN the app's config space.
I guess we can agree to disagree, I would think that having one's "firewall" spread out over a dozen config files using a dozen different conventions would be considerably less than optimal. If your kernel supports a firewall, then you should use it. I don't think every app needs to strive to be an "emacs". I'm a K&&R kinda guy: an app should do one thing well. Controlling access by IP shouldn't be the app's job... authentication should be, though. So, for IP control, if I didn't have a native firewall then I would obviously prefer tcpwrappers over a config file. > For example, if you're running RHEL > > using a firewall (in my case, pf (freebsd/openbsd) or ipfw (osx), not > that it matters ...) it's certainly clear. just looking to see if/how > its doable from 'within' clamav's clamd. > > thanks! You're welcome. I'm just sharing the benefit of my experiences. My opinion is worth exactly what you paid for it, ya know. ;) Ron _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
