[Pkg-clamav-devel] Bug#578133: clamav-daemon: clamav contains remote detonator
Michael Tautschnig
mt at debian.org
Sat Apr 17 21:41:23 UTC 2010
[...]
> Obviously, not having new signatures and just keep running along is
> not good, though notifying the admin would be nice in that case -
> killing all mail traffic on a mailserver because amavis can't start
> clam, or not even queueing mail in case of using it as an smtp
> pipeline, is not terribly nice as well.
>
The Debian security advisory has been sent out about half a year ago. DSAs
should hopefully reach a majority of our users - there is simply no one true way
to notify the admin!
> I had lenny boxes running without volatile indeed - do new installs
> automatically have volatile as sources? I suspect most people don't
> - especially not the ones upgrading from previous debian releases.
>
No, volatile is not enabled by default. In future Debian releases, however, we
are likely to distribute clamav *only* via volatile.
Best,
Michael
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-clamav-devel/attachments/20100417/b3b616a9/attachment.pgp>
More information about the Pkg-clamav-devel
mailing list