> Package: clamav-daemon > Version: 0.94.dfsg.2-1lenny2 > Severity: normal > > Apparently the ClamAV software contains a remote detonator so the clamav > team can disable the software through an update sequence. This can knock any > mailserver (for example) offline running the version they deem fit to > disable. > > Please remove this code in at least the debian package, or replace it by one > that does not run updates but not simply bomb out the daemon. >
[...] This ain't as easy: Upstream can at any time (and this is what they did this time as well) choose to release "broken" signature files that can't be parsed by clamav-daemon. What sysadmins could do, of course, is simply disabling freshclam. Best, Michael
pgpMzRQpzEuyV.pgp
Description: PGP signature
