--On 15 November 2007 10:07:22 +0100 Jan-Pieter Cornet <[EMAIL PROTECTED]> wrote:
> > If we do stop using clamav, it'll be because of the surprises we find > after the next upgrade, or the upgrade after that. As I explained above, > please keep the default scanner reliable (in terms of FPs). Hmm... Well, I'd agree that the default scanner should not produce significant false positives. However, the chances of producing a false positive don't lie entirely within the software. They lie in the behaviour of the software in your environment (mainly the type of traffic through your server). Since environments differ, there's a trade-off here between providing good protection for a variety of users and limiting the damage done by false positives. Oh, and usability is an issue, too. Now, I'd expect a manager of an ISP's mail service to be able to spend half an hour or so checking the configuration before deploying an upgrade. That time will be recovered if a single support incident is avoided, so it's a useful investment. I would not expect surprises in the configuration deployed (whether it's the default or not) to result in abandonment of the software - especially if that the documentation in the configuration file makes it reasonably clear what can be expected. If the documentation is sufficiently faulty, that might be a reason to abandon the software. However, given that this is open source, you might think along these lines: "Heck, that was bad, but I can fix it. Imagine how bad this would be if the problem happened in closed software!" Can't happen? I remember a commercial AV product screwing up Macs by removing heuristically detected "trojans" that turned out to be part of the OS! Given that there were no actual trojans in the wild at all, we stopped paying our license fees for that product. Oh, but wait. What's going on here? You upgrade ClamAV and your configuration changes? That shouldn't happen at all. Are you using an installer tool that overwrites your deployed configuration? Surely not! -- Ian Eiloart IT Services, University of Sussex x3148 _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
