[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Does email server OS needs clamav?

On Wed, 02 Dec 2009 18:34:16 +0100, Jochen Schulz wrote:

> Camaleón:

>> >> In what way removing clamav you are closing a "potencial security
>> >> hole"? :-?
>> > 
>> > http://www.google.com/search?q=clamav+exploit
>> Oh, sure.
>> But you can then change the query by:
>> http://www.google.com/search?q=postfix+exploit
>> http://www.google.com/search?q=sendmail+exploit
>> http://www.google.com/search?q=exim+exploit
>> And then we have to shutdown the mail service at all :-)
> The OP specifically asked whether removing ClamAV from the mail server
> would increase the security on the server. The answer is obviously yes.

Well, I do not (personally) know any case where a linux server was 
"taken" by a ClamAV exploit.

But I do know many cases where client workstations are being used as 
zombi machines to spread malware. 

(Assuming here we are talking about windows machines, as it was stated 
the end-users should be using some kind of antivirus at their end).

E-mail is the first entry gate for these threats and should be protected.

> IMO, the real question (which only the OP can answer) is:
> What's worse: the mail server being taken over by an attacker, or
> several workstations at once?

Dunno what could be "worse": a linux server running clamav or several 
client machines infected in any way.



Reply to: