Hi Yanosz, Jan Luehr wrote:
we're using ClamAV on our mail server for scanning incomming mail server-side on Etch. However, looking back at ClamAV's history (DSA-1320-1, DSA-1366-1, DSA-1435-1, DSA-1479, DSA-1549) makes me feel a little bit uneasy. To be honest, ClamAV had more remote exploitable holes than all of other public reachable services together. Therefore imho it's difficult to say, whether ClamAV protects our network or puts our server at risk.
First off, one of the major benefits of ClamAV is that _if_ there is any vulnerability found in particular modules, then a machine that actively uses freshclam will very quickly close off the module that exploits such vulnerability until it can be more properly addressed.
Furthermore the security advisories don't seem to take the above behaviour into account and they are often misleading in themselves... I believe the same can be often said about other 'vulnerable' products, that is, they are not as vulnerable as they seem unless updates are not installed regularly.
What Do you think about this? Do you know reasons for ClamAV's unusual high number of bugs? Would you abandon ClamAV for server side mail scanning in favor of other scanners?
I would not abandon ClamAV. At this time I don't know of any other AV scanner that competes well with ClamAV on a mail server that can potentially host any number of domains and mail boxes. Too many products charge by the domain or by the number of mail boxes.... stick with ClamAV. The support with ClamAV is outstanding from my experience and what I see on their mailling lists.
Keep smiling
;) Kind Regards AndrewM Andrew McGlashan Broadband Solutions now including VoIP Current Land Line No: 03 9912 0504 Mobile: 04 2574 1827 Fax: 03 9012 2178 National No: 1300 85 3804 Affinity Vision Australia Pty Ltd http://www.affinityvision.com.au http://adsl2choice.net.auIn Case of Emergency -- http://www.affinityvision.com.au/ice.html