On Apr 27, 2010, at 3:23 PM, Sarocet wrote:
Nathan Gibbs wrote:
Here is what I absolutely do not like about this or agree with.
The very possibility of there being a kill sig. One specially
crafted sig
could kill the virus protection on every server & workstation in
our company.
Allowing the ClamAV Team to remotely nuke a level of our defenses
is not
acceptable. ( ClamAV Team, correct me if I've got this wrong. )
Obviously, we are betting the farm on solutions provided by these
guys.
However, the level of the farm's protection is my responsibility
not theirs.
With the public demo of a kill sig capability, I learn that they
CAN & WILL
mess with something that is my responsibility.
Tactically my "kingdom" could be invaded by the ClamAV Team at any
time, &
they have already invaded others.
That is a concept that I will never agree with.
The ClamAV team didn't design the AV to stop on getting a special
signature.
That signature could exist due to a bug that you decided not to fix
(by not
updating/patching).
It was a clever use of a bug to disable the daemon.
No, it is not a bug, it is by design, not to "shutdown" mail but to
prevent clamd from loading malformed databases. The definition of
malformed is one that does not conform to the particular version of
ClamAV installed.
You are right that the ClamAV team exploited this feature to notify
users that the format of the database was changing and giving a
descriptive message as to why the database failed to load.
Jim
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
