* Chuck Swiger wrote: > On May 14, 2010, at 11:42 AM, Nathan Gibbs wrote: >> >> In summary I refuse to waste my time and the ClamAV Team's time >> submitting a feature request that they will refuse to implement. > > While I have concerns and even complaints that I might make about ClamAV, > the ClamAV folks are remarkably responsive to bug reports that people file, > in terms of acknowledging requests in a timely fashion, asking for more > info if that would be helpful to them, and in terms of implementing fixes > or changes. >
I ( nicely ) disagree with you. My bias is based on my initial experience, which ended in a draw between myself & one of them, each of us insisting that the other guy's code should do the work. Time wasted, that went nowhere. :-) All I'm going to say, is that I'm not doing that again. :-) They have better stuff to do than argue with me, and vise versa. > Obviously, a well-thought out suggestion, or a bug report which includes a > patch, is more likely to get a positive response than something which isn't > clear or is something they disagree with. > Obviously :-) If I could code in c or c++, Id have the option of making a fool of myself and proving that I don't know what I'm doing. Currently I can make a fool of myself by suggesting and or backing "crazy" ideas on the mailing list. If it turns out to be a good idea, I'm told to shut up & post it in their bugzilla already. >> 1. Is moving updates over https a good idea? For the ClamAV update >> infrastructure at large, probably not. For a local mirror setup, it would >> be an interesting option. > > SSL is primarily valuable for preventing inspection of private > communication by third-parties and MiTM attacks like spoofing virus DB > info. Given that the ClamAV database updates are public, and are already > signed via sigtool mechanism, adding SSL doesn't seem to provide any > benefits...? > I feel that if your local update server is serving more than just clamav DB's, adding https functionality to freshclam brings another layer of security to the table. As a sysadmin, I should have the option of running my update server over https if I want to. Seriously, wget can do it, freshclam could too. As stated, if its considered a good idea on the mailing list, I'll do the write up in the bugzilla. Thanks -- Sincerely, Nathan Gibbs Christ Media (315) 548-7647 http://www.cmpublishers.com
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
