Re: ClamAV concerns
On 2008-04-21, Lee Glidewell <lee.glidewell@gmail.com> wrote:
> On Sunday 20 April 2008 11:56:07 pm Johann Spies wrote:
>>
>> The fact that there are regular updates shows that the product is
>> constantly developing. That does not necessarily mean that it is an
>> inferior product to closed source
> Certainly not. What should be said here, though, is that anti-virus software
> is fundamentally high-risk software. I can't claim to be security whiz, but
> everything I've read, and what I hear from acquaintances who *are* good at
> this stuff, is that AV software is constantly targeted by malware developers
> for the simple reason that it is one of the few applications that they *know*
> will interact with their exploits. It's not that AV software is poorly
> designed, it's that it's in a bad situation to begin with.
>
> That's not a reason to give up on it when it is needed, but it is more than
> reason enough to be very careful with it.
Most issues are found in handler code for obscure compression formats.
If it's possible to configure clamav to drop such exotic formats instead of
analysing them, you'd be able to limit the exposure of freshly discovered
issues significantly.
Cheers,
Moritz
Reply to: