* Jim Preston wrote: > On Apr 27, 2010, at 3:23 PM, Sarocet wrote: > >> The ClamAV team didn't design the AV to stop on getting a special >> signature. >> That signature could exist due to a bug that you decided not to fix >> (by not >> updating/patching). >> It was a clever use of a bug to disable the daemon. >> > > No, it is not a bug, it is by design, not to "shutdown" mail but to > prevent clamd from loading malformed databases.
Input validation, nothing wrong with that concept.
Maybe I missed that with all the fur flying around in here lately.
Link or thread / poster with more data would be appreciated.
:-)
If you got to have a "flag day", you got to, nobody likes it, but its better
afterwards.
On the other hand,
If the ClamAV Team is going to use a kill sig feature to shove users up the
upgrade path as a standard practice, thats just not right.
{ Again, ClamAV Team, correct me if I have that wrong. )
When a user come here and says
My ancient clamd just fell over, whats up with that?
We have two choices.
1. Your need to upgrade.
2. FLAME them hairless, insult them, etc.
Which is the better choice?
This thread is a perfect example, and Steve Basford made the right choice.
--
Sincerely,
Nathan Gibbs
Systems Administrator
Christ Media
http://www.cmpublishers.com
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
