On Tuesday 10 August 2004 12:23 pm, Damian Menscher wrote:
> Ok, this is turning into a scary beast. But we already have several
> mailing lists (clamav-users, for example) which can obviously handle a
> bit of a load. Might be interesting to concoct a specially-formatted
> message that the milter (or clamd itself) could recognize as a database
> update, and automatically append to its list of signatures.
this is actually a pretty decent idea. I think it would be best to, rather
than have clamd try to detect it, have a special address on the machine that
processes the message via a program. Most MTAs I'm aware of (at least on the
unix side) can do this, I know qmail can for sure.
> I'd imagine a format something like:
[snip email message for the update]
> Doing something like this would push a lot of the distribution load onto
> sourceforge (which seems to get messages out to this list in about 1/2
> hour).
for something like this I wouldn't use sourceforge's mail servers :P They're
already bogged down as it is, us adding load to them like this would be bad,
and the notifications would eventually get slower, and slower, and slower...
having a dedicated list server for this purpose would be the best.
> The gpg-signature prevents spoofing. And the sequence numbers
> keep everyone current. The major problems I see are getting clamd to
> recognize a message targeted for it, and the obvious problems of DoS
> attacks (someone sending spoofed messages that would suck CPU time
> decoding the gpg signature).
yes, that's an unfortunate problem with this idea, however, if you used, as I
stated, a special address that uses program delivery, you'd have to hack the
listserver to get everyone's 'subscription' address to be able to do this.
> Anyway, just another wild-n-crazy idea to throw out there. I'm guessing
> we're better off with the current method for now, but this might be an
> interesting possibility for the future.
it definitely is interesting.
> [I haven't given up on DNS updates yet, but it's hard to come up with a
> clean way to distribute >256 bytes of data that way, which means even
> single rules don't always fit.]
I wouldn't distribute the rule in DNS, however, a timestamp of sorts in dns
isn't a bad idea.
-Jeremy
--
Jeremy Kitchen ++ Systems Administrator ++ Inter7 Internet Technologies, Inc.
[EMAIL PROTECTED] ++ www.inter7.com ++ 866.528.3530 ++ 847.492.0470 int'l
kitchen @ #qmail #gentoo on EFnet ++ scriptkitchen.com/qmail
-------------------------------------------------------
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift.
http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
_______________________________________________
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users
