Re: [Mimedefang] SA or not to SA was Spamassassin Removal?

Tue, 27 Jul 2021 08:08:07 -0700 

Excellent points.
For better or worse, we are committed to maintaining MD and security issues would have very rapid responses. 


And we do have a bug bounty sponsorship program too which has been very 
helpful fixing security issues for other projects.


Regards,
KAM

On 7/27/2021 9:41 AM, Dianne Skoll via MIMEDefang wrote:

On Tue, 27 Jul 2021 09:22:41 -0400
"Kevin A. McGrail via MIMEDefang" <[email protected]>
wrote:


For the stubs, great point. What would you estimate the RAM usage is?
I'm assuming pretty tiny.

The SA glue code is pretty tiny.  The anti-virus glue code in
mimedefang.pl is substantially larger, making up more than 50% of all
the lines in mimedefang.pl.  Since people are unlikely to be running
more than one virus scanner, it means about 50% of mimedefang.pl is
just dead weight.

More code isn't only more RAM; it's also more attack surface.  Security
best practices indicate not installing code you don't need.


We're about to put out MIMEDefang 2.85 and can build one without SA
as a dependency if you think it's more than a few Kilobytes.

As per my posting at
https://lists.mimedefang.org/pipermail/mimedefang_lists.mimedefang.org/2020-November/029601.html
I don't think MIMEDefang is fixable with little tweaks.

Regards,

Dianne.

_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

MIMEDefang mailing list [email protected]
https://lists.mimedefang.org/mailman/listinfo/mimedefang_lists.mimedefang.org

--

PCCCLogo <https://www.pccc.com/>
RaptorLogo <https://raptoremailsecurity.com/>

        

        *Kevin A. McGrail
* /CEO Emeritus
/ *Peregrine Computer Consultants Corporation
*
Phone   +1.703.798.0171         email
        [email protected]
Globe
        www.pccc.com    Globe
        www.raptoremailsecurity.com

Location
        10311 Cascade Lane, Fairfax, VA 22032


LinkedIn <https://linkedin.com/in/kmcgrail> Twitter 
<https://twitter.com/kamcgrail>



_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

MIMEDefang mailing list [email protected]
https://lists.mimedefang.org/mailman/listinfo/mimedefang_lists.mimedefang.org






















					Reply via email to