[Pkg-clamav-devel] Bug#578133: clamav-daemon: clamav contains remote detonator
Michael Tautschnig
mt at debian.org
Sat Apr 17 08:44:41 UTC 2010
> Package: clamav-daemon
> Version: 0.94.dfsg.2-1lenny2
> Severity: normal
>
> Apparently the ClamAV software contains a remote detonator so the clamav
> team can disable the software through an update sequence. This can knock any
> mailserver (for example) offline running the version they deem fit to
> disable.
>
> Please remove this code in at least the debian package, or replace it by one
> that does not run updates but not simply bomb out the daemon.
>
[...]
This ain't as easy: Upstream can at any time (and this is what they did this
time as well) choose to release "broken" signature files that can't be parsed by
clamav-daemon. What sysadmins could do, of course, is simply disabling
freshclam.
Best,
Michael
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-clamav-devel/attachments/20100417/8f9a6ef9/attachment.pgp>
More information about the Pkg-clamav-devel
mailing list