At 14:42 17-04-2008, Eric Rostetter wrote: >I don't know the history of this expliot, etc. So I can't comment on >whether the fix should stay or not. It would depend on the default >settings for sendmail, how long the fix has been in sendmail, how widely >available the patched sendmail is today, etc.
Do you know which version of sendmail can be used with the milter? If the exploit is prior to that, then the fix may not be applicable. At 14:54 17-04-2008, Eric Rostetter wrote: >Well, we disagree on that point. It is a security tool, and as such >has an even greater burden to try to be as secure as possible. Even If you are using the milter as a security tool, you would have to do more filtering than what's currently implemented to prevent problems downstream. Regards, -sm _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
