[Pkg-clamav-devel] Bug#578133: clamav-daemon: clamav contains remote detonator
Tom Laermans
tom.laermans at powersource.cx
Sat Apr 17 09:19:24 UTC 2010
On 17/04/2010 11:05, Stefan Hornburg (Racke) wrote:
>> [...]
>>
>> This ain't as easy: Upstream can at any time (and this is what they
>> did this
>> time as well) choose to release "broken" signature files that can't
>> be parsed by
>> clamav-daemon. What sysadmins could do, of course, is simply disabling
>> freshclam.
>
> At any rate, if the maintainer wants to act upon this the choice
> should be
> given to the end user whether the "detonator" is active or not.
>
> I would rather choose to get bombed out than getting no more updates.
>
> In the current case, only people with really outdated installations were
> affected (all sarge or etch/lenny not using volatile).
>
I assumed there was a killswitch embedded in the code, because of the
following text from ClamAV:
"Starting from 15 April 2010 our CVD will contain a special signature
which disables all clamd installations older than 0.95 – that is to say
older than 1 year."
-- http://www.clamav.net/lang/en/2009/10/05/eol-clamav-094/
When indeed checking the clamav logs it seems they see an invalid
signature - I'm not sure how to tackle that myself, and I have not
checked if there is any special code to really kill it.
Obviously, not having new signatures and just keep running along is not
good, though notifying the admin would be nice in that case - killing
all mail traffic on a mailserver because amavis can't start clam, or not
even queueing mail in case of using it as an smtp pipeline, is not
terribly nice as well.
I had lenny boxes running without volatile indeed - do new installs
automatically have volatile as sources? I suspect most people don't -
especially not the ones upgrading from previous debian releases.
Tom
More information about the Pkg-clamav-devel
mailing list