On 2008/10/03 05:57 PM James Kosin wrote: > Colin Alston wrote: >> I've had enough now, and I want all you ClamAV people to listen up. >> > > Hay, maybe the packagers could write a script or something to indicate a > problem with the current configuration when it is being installed. Then > users could take the appropriate action ASAP instead of finding out or > having to check the logs on an hourly basis for problems.
You're (by you I mean everyone agreeing here with how ClamAV fails) assuming users install packages. That's old fashioned. Most people distribute updates with Puppet and such tools automatically. With a largely complex system (which a good mail system can very easily be) the amount of man hours required to audit change logs of every single update with the frequency of updates required for tools specific to security (which ClamAV certainly is) is simply not feasible. You're asking on top of the distribution maintainers for end users to sit and audit each change. On Ubuntu for example there can be as many as 30 to 50 updates a week. While many (well, all) package management tools *do* have configuration upgraders, they can only do so well at trying to negotiate a merge between custom configurations and your own. This doesn't work well at all in automation. ClamAV isn't the only thing sys-admins have to look after. _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
