On Sat, 4 Oct 2008, Eric Rostetter wrote: > > The principle of least surprise says.... > But it is a big surprise when the action that old line was supposed to take > is no longer taken...
But NOT as big a surprise as NO FILTERING AT ALL. That's the sticking point here. Unless we are all expected to tempfail mail when ClamAV aborts, and then deal with irate users who have been waiting all weekend to get their critical mail, then ClamAV should NOT abort unless it very literally cannot figure out what to do. And honestly, is it really that hard to have it interpret the *old* config items for a release or two? > So they had a valid line which said "BlockAllZips yes" and it is no longer > valid. So clamav continues to run, but doesn't block zips anymore. So which is worse? Letting through a *few* viruses because we don't block zips, or letting them *all* through because ClamAV has stopped completely? > .... Worse, if the command was "AllowAllZips yes" and now they are all > being blocked, the admin could really be in trouble. User's may be > depending on those zips, and if they are being (e.g.) thrown in the > bit bucket with no warning, then users could really be in trouble > because the admin couldn't be bothered to take the time to read the > docs and do a proper install. But in this case, mail would *perm* fail, and the senders would get DSN's complain. No *hidden* surprises. No mail going through unfiltered.... > Why do you think that software which is running and doing something other > than is expected/wanted is better than software which refuses to run when > there is a bad configuration given to it? I sure don't want my software > upgrade to change my policy without my knowing it... That last statement is the KEY one. I consider it a gross change of MY 'policy' if suddenly my mail is completely 100% unfiltered, and with NO 'watchdog' e-mail to let me know it is happening! Far more damaging than if ClamAV misses a 'detail' in its new config. Worst case, in MY scenario is that SOME mail gets through unfiltered or SOME mail gets bounced. In yours ALL mail is either unfiltered or bounced (or tempfailed, which is worse when tech support is not 24/7). - Charles _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
