Re: ClamAV concerns

To: debian-security@lists.debian.org
Subject: Re: ClamAV concerns
From: Johann Spies <jspies@sun.ac.za>
Date: Mon, 21 Apr 2008 08:56:07 +0200
Message-id: <[🔎] 20080421065607.GE15765@sun.ac.za>
Mail-followup-to: Johann Spies <jspies@sun.ac.za>, debian-security@lists.debian.org
In-reply-to: <[🔎] 200804180006.01483.jluehr@gmx.net>
References: <[🔎] 200804180006.01483.jluehr@gmx.net>

On Fri, Apr 18, 2008 at 12:06:01AM +0200, Jan Luehr wrote:
> we're using ClamAV on our mail server for scanning incomming mail server-side 
> on Etch. However, looking back at ClamAV's history (DSA-1320-1, DSA-1366-1, 
> DSA-1435-1, DSA-1479, DSA-1549)  makes me feel a little bit uneasy. To be 
> honest, ClamAV had more remote exploitable holes than all of other public 
> reachable services together. Therefore imho it's difficult to say, whether 
> ClamAV protects our network or puts our server at risk.
> 

The fact that there are regular updates shows that the product is
constantly developing.  That does not necessarily mean that it is an
inferior product to closed source 

> What Do you think about this? Do you know reasons for ClamAV's unusual high 
> number of bugs? Would you abandon ClamAV for server side mail scanning in 
> favor of other scanners?

No.

Regards
Johann
-- 
Johann Spies          Telefoon: 021-808 4036
Informasietegnologie, Universiteit van Stellenbosch

     "For by grace are ye saved through faith; and that not 
      of yourselves: it is the gift of God: Not of works, 
      lest any man should boast."   Ephesians 2:8,9

Reply to:

Follow-Ups:
- Re: ClamAV concerns
  - From: Lee Glidewell <lee.glidewell@gmail.com>

References:
- ClamAV concerns
  - From: Jan Luehr <jluehr@gmx.net>

Prev by Date: Request a security audit for my xiterm+thai package.
Next by Date: Re: ClamAV concerns
Previous by thread: Re: ClamAV concerns
Next by thread: Re: ClamAV concerns
Index(es):
- Date
- Thread