On Wed, 02 Dec 2009 18:34:16 +0100, Jochen Schulz wrote: > Camaleón:
>> >> In what way removing clamav you are closing a "potencial security >> >> hole"? :-? >> > >> > http://www.google.com/search?q=clamav+exploit >> >> Oh, sure. >> >> But you can then change the query by: >> >> http://www.google.com/search?q=postfix+exploit >> http://www.google.com/search?q=sendmail+exploit >> http://www.google.com/search?q=exim+exploit >> >> And then we have to shutdown the mail service at all :-) > > The OP specifically asked whether removing ClamAV from the mail server > would increase the security on the server. The answer is obviously yes. Well, I do not (personally) know any case where a linux server was "taken" by a ClamAV exploit. But I do know many cases where client workstations are being used as zombi machines to spread malware. (Assuming here we are talking about windows machines, as it was stated the end-users should be using some kind of antivirus at their end). E-mail is the first entry gate for these threats and should be protected. > IMO, the real question (which only the OP can answer) is: > > What's worse: the mail server being taken over by an attacker, or > several workstations at once? Dunno what could be "worse": a linux server running clamav or several client machines infected in any way. Greetings, -- Camaleón -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
