Re: Does email server OS needs clamav?
On Wed, 02 Dec 2009 17:51:18 +0100, Jochen Schulz wrote:
> Camaleón:
>> On Wed, 02 Dec 2009 22:38:43 +0700, Sthu Deus wrote:
>>
>>> PS I want to remove it because I suppose that in case clamav blesses
>>> users' life and not server's - by removing clamav I can close one
>>> potential security whole.
>>
>> In what way removing clamav you are closing a "potencial security
>> hole"? :-?
>
> http://www.google.com/search?q=clamav+exploit
Oh, sure.
But you can then change the query by:
http://www.google.com/search?q=postfix+exploit
http://www.google.com/search?q=sendmail+exploit
http://www.google.com/search?q=exim+exploit
And then we have to shutdown the mail service at all :-)
>> Clamav is just another service, just keep it updated for security fixes
>> and you are done.
>
> Installing patches doesn't change the fact that another service
> increases the amount of code dealing with unsafe data (like e-mails).
No, but it help your users to decrease the amount of code with unsafe
data at a very low prize for your server performance or security ;-)
Greetings,
--
Camaleón
Reply to: