include much needed antivirus products in FC2
Michael Schwendt
ms-nospam-0306 at arcor.de
Wed Jan 7 17:06:25 UTC 2004
On Wed, 7 Jan 2004 15:43:44 +0100 (CET), Thomas Munck Steenholdt wrote:
> > It remains unclear what your Clamav installation scenario looked like and
> > in which way you wanted an [unsecure] daemon.
> >
>
> My clamav installation looked like an utter mess and that my complaint.
With "installation scenario" I refer to your specific requirements of what
you needed and wanted to achieve. That is whether and how you integrate
ClamAV into your system.
> I don't want an unsecure daemon, but then again, i'm not completely
> sure why it would need to be insecure in order to check users mails
> anyway... The MTA user got his greesy hands on the mail anyway, what keeps
> us from having him check for infections while his at it??? That shouldn't
> add a big security risk, should it?
The MTA user is not the same user clamd runs as. So unless the scanning
user receives data to be scanned as a local/networked stream, the data
must be made accessible in a shared place.
Btw, with a completely preconfigured clamd, you can fill up
/var/log/clamav easily with thousands of error log messages created
with "clamdscan / -r". Nice DoS.
--
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.fedoraproject.org/pipermail/devel/attachments/20040107/233089e6/attachment-0002.bin
More information about the devel
mailing list