Re: ClamAV concerns

Thu, 17 Apr 2008 21:36:27 -0700 

Hi Yanosz,

Jan Luehr wrote:

we're using ClamAV on our mail server for scanning incomming mail
server-side on Etch. However, looking back at ClamAV's history
(DSA-1320-1, DSA-1366-1, DSA-1435-1, DSA-1479, DSA-1549)  makes me
feel a little bit uneasy. To be honest, ClamAV had more remote
exploitable holes than all of other public reachable services
together. Therefore imho it's difficult to say, whether ClamAV
protects our network or puts our server at risk.



First off, one of the major benefits of ClamAV is that _if_ there is any 
vulnerability found in particular modules, then a machine that actively uses 
freshclam will very quickly close off the module that exploits such 
vulnerability until it can be more properly addressed.



Furthermore the security advisories don't seem to take the above behaviour 
into account and they are often misleading in themselves... I believe the 
same can be often said about other 'vulnerable' products, that is, they are 
not as vulnerable as they seem unless updates are not installed regularly.



What Do you think about this? Do you know reasons for ClamAV's
unusual high number of bugs? Would you abandon ClamAV for server side
mail scanning in favor of other scanners?



I would not abandon ClamAV.  At this time I don't know of any other AV 
scanner that competes well with ClamAV on a mail server that can potentially 
host any number of domains and mail boxes.   Too many products charge by the 
domain or by the number of mail boxes.... stick with ClamAV.  The support 
with ClamAV is outstanding from my experience and what I see on their 
mailling lists.



Keep smiling


;)

Kind Regards
AndrewM

Andrew McGlashan
Broadband Solutions now including VoIP

Current Land Line No: 03 9912 0504
Mobile: 04 2574 1827 Fax: 03 9012 2178

National No: 1300 85 3804

Affinity Vision Australia Pty Ltd
http://www.affinityvision.com.au
http://adsl2choice.net.au


In Case of Emergency --  http://www.affinityvision.com.au/ice.html 



--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]























					Reply via email to