First off, the ClamAV issue was somewhat mitigated by them telling everyone to be off of v96 for a few weeks. :)
But, the reality of this situation is that signature-based host-level protection is getting to the point where the human error factor is too high. (I feel a blog entry coming up soon) In order to attack the threats that are out there, signatures need to be updated frequently, and increasing the frequency places greater burden on the QA process, and increases the risk of a self-inflicted DoS. What this signifies is that we need to start demanding a different approach to host-based protection *as the norm*, because there is now as great a chance that your system can be made ineffective from an AV update as from an actual piece of malware. AV in its current form really has to die, as there is no way for the good guys to keep up with the bad guys, leaving us vulnerable to even more foolishness from creative bad guys. -ASB: http://XeeSM.com/AndrewBaker On Fri, May 7, 2010 at 1:27 PM, Kurt Buff <[email protected]> wrote: > - -------- Original Message -------- > Subject: [Clamav-announce] problem with daily.cvd 10938 > Date: Fri, 7 May 2010 13:06:56 +0200 > From: Luca Gibelli <[email protected]> > Reply-To: [email protected] > To: ClamAV Announce <[email protected]> > > Dear ClamAV users, > > about 15 mins ago we released daily.cvd 10938. This update apparently > caused a segmentation fault in all ClamAV versions older than 0.96 > on 32 bit systems. > > We just released daily.cvd 10939 which removes the faulty signature and > we have taken measures to ensure that this problem won't happen again. > > We recommend using a monitor tool like clamdwatch or clamdmon to > automatically restart clamd whenever it dies. > > If you are already using a similar solution, your clamd will be > restarted automatically as soon as freshclam downloads the daily.cvd > 10939 update. > > We apologise for the inconvenience. > > Regards, > > - -- > Luca Gibelli (luca _at_ clamav.net) ClamAV, a GPL anti-virus toolkit > [Tel] +39 0187 1851862 [Fax] +39 0187 1852252 [IM] nervous/jabber.linux.it > PGP key id 5EFC5582 @ any key-server || http://www.clamav.net/gpg/luca.gpg > _______________________________________________ > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
