[Mimedefang] Mimedefang and clamd configuration problems

Les Mikesell les at futuresource.com
Wed Dec 21 15:58:15 EST 2005


On Wed, 2005-12-21 at 14:41, David F. Skoll wrote:

> [...]
> 
> > But ClamAV is not likely to be exploited... AV software tends to be
> > more secure than software in-the-main.
> 
> *cough* I don't think so.
> 
> Clam 0.87.1 fixed a security bug.
> Clam 0.87 fixed a security bug.
> Clam 0.86.2 fixed a security bug.
> Clam 0.86.1 fixed a DoS bug.
> Clam 0.86 fixed a DoS bug.
> 
> I think you get the picture...
> 
> (Btw, if I seem to be picking on Clam, I'm not.  Most AV software is
> horribly hairy, because it tries to deal with
> zip/tar/gzip/bzip2/lha/zoo/arc/your_weird_format_here files.  With all those
> wacky uncompressors and file formats, bugs will inevitably creep in.)

Yes, odd you should mention this today - Symantec has exactly
that problem:
http://news.zdnet.com/2100-1009_22-6004097.html?tag=nl.e589
and the article mentions a couple of others.

-- 
  Les Mikesell
    les at futuresource.com




More information about the MIMEDefang mailing list