> > The ClamAV team have commanded old versions of its product to stop > working. > > I would not describe what they did that way. > > Older versions of clamd were going to crash on signatures that newer > versions would accept, and the devs have been prevented for at least 6 > months from using that type of signature. They have posted since then > for > people to upgrade. > > When they did was publish this type of signature (has to do with > length, > greater than about 900bytes), where the signature itself is an error > message, so when the program dumped the signature the error would be > displayed. > > That's all, not a kill switch as such, but using a known bug to deliver > a > message, rather than have it just bomb out with a hex dump when they > tried > to use a larger signature.
They could prevent these old systems from being updated at all. It was really simple and nobody would get hurt. Giampaolo _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
