On 2009-03-01 23:32, Jose-Marcio Martins da Cruz wrote: > Some examples about clamav : > > * Solaris don't have ncurses library - so, clamdtop won't be built. This > isn't critical. But it's interesting to know that clamdtop won't be > built and the library wasn't found. And configure shall not stop if > ncurses wasn't found. > > * Summarizing all buggy libraries (libz, ...). > > * It's usually simple to dig a summary of things which weren't Ok, than > reading all config.log files. I know very few people who dig config.log > files.
The problem is that the output from ./configure is lost after you install ClamAV. On 2009-03-02 01:41, Dennis Peterson wrote: > but the objective of summaries is to > provide self-help for non-expert implementers. I like it because I do a lot > of > telephone and email technical support and these summaries and reports from > tools > like clamconf and postconf (Postfix) are excellent assets. And I don't see a > downside. Yes, I think this feature belongs to clamconf. It already reports your configuration, it could also report missing features, and their reasos; grouped by their severity: first features that are needed to take full advantage of the engine (like bzip2, and unrar support), and then features that are not essential for clamav to function (memory-pool, clamdtop, clamav-milter, etc.). On 2009-03-01 15:36, Jose-Marcio Martins da Cruz wrote: > * It could be interesting to add tcp_wrapper (or equivalent - not so > difficult to code it) support to clamd. > tcp_wrapper is only half of the solution, if you expose clamd to your LAN, and don't trust your LAN, then setting which hosts can access clamd won't protect you from attacks originating from the "trusted host". All it takes is for someone to send a SHUTDOWN command, tcp_wrappers won't help with that. Even if you remove the SHUTDOWN command, clamd is not meant to be exposed to malicious clients. If you need security, use a solution that really offers you that, including client authentication. For example you could set clamd to listen only to localhost, and set up a SSL tunnel to a LAN-visible port, that also validates client certificates. And if you don't trust applications running on the clamd host, then you can set it to use only the unix socket, and restrict permissions to the socket. Then set up a SSL tunnel, where one endpoint is a TCP port, the other the unix socket. Best regards, --Edwin _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
