[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: 'exim', version '4.69', is out of date

On Wed, 09 Dec 2009 13:45:39 +0000, Tzafrir Cohen wrote:

> On Wed, Dec 09, 2009 at 12:37:22PM +0000, Camaleón wrote:

>> > No. Rkhunter is not doing its job. Most of the installations of Exim
>> > in the world are by now "out of date". Hence Rkhunter is more likely
>> > to generate a false warning. Or even worse: to encourge the user to
>> > install an unsupported package.
>> Well, but it is "a fact" that is oudated. And that is the warning
>> Rkhunter is giving to the user. No more, no less.
> It's not outdated.
> http://packages.debian.org/changelogs/pool/main/e/exim4/exim4_4.69-9/
> -- Andreas Metzler <ametzler@debian.org>  Tue, 30 Sep 2008 20:12:27
> +0200
> Is this outdated?

Well, yes.

As per Exim's site, the current verion is 4.71. And "4.69" is "minor" 
than "4.71" :-)

But "outdated" does not means "insecure" per se. That is what I tried to 
make the OP to understand.

> Rkhunter assumes that a simple check of the version number will do. That
> assumption fails all too often.

Is how the program works. And one who install it have to know before hand 
what kind of warning provides.

Remember what the log said:

Warning: Application 'exim', version '4.69', is out of date, and possibly 
a security risk.

The program cannot know the full changelog between one version and 
another, and of course, also knows nothing about security issues that can 
arise in both versions. 

It just only "rings the bell" so the user can take the desired step (if 

>> > So you basically your hunter is crying "old wolf" and you ignore it.
>> I don't know how Rkhunter works, but it should be configurable so the
>> user can select what kind of warning wants to receive.
> So it's just the defaults that are wrong?

ClamAV, by the way, warns the user in a similar way: it floods the logs 
saying "eh, there is a newer version|signature files upstream, I need an 

And I don't think that is a "bad default" setting. It is just doing its 
job ;-)



Reply to: