On 4/7/2010 4:05 PM, David F. Skoll wrote: > o The server could look at the Freshclam user-agent version number and
> not serve up the new database if it's too old.
Wouldn't this provide a solution? I checked, and freshclam does provide
the version number in the User-Agent string. I used the trusty packet
sniffer to check first. And while I'm not sure what the end result/error
would be, couldn't the servers be easily configured to redirect requests
from old clients? Or better yet, somehow return the last valid/working
image for < 0.94.2 clients?
I understand that F/OSS projects like ClamAV are at the mercy of what
the developers would like to work on, and that generally means pushing
the code forward rather than maintaining past releases; but common
cutesy says they also shouldn't knowingly make technical decisions that
will result their code exploding into a burst of flames at some
arbitrary point in the future. As someone who regularly gets parachuted
into burning buildings with a keyboard and a water bucket; I
instinctively frown upon the people who go about setting fires on purpose.
There is a big difference between a product that is no longer
updated/maintained past a certain date but continues to provide the same
humble functionality it had when it was abandoned, and one that refuses
past a certain date.
Personally speaking, I have a few servers in production right now that
use 0.94.2 because moving past that point will require updating code to
use the new library interface. I had assumed on those servers that
ClamAV would simply continue working past the 15th, but would just be
stuck using whatever ends up being the last compatible signatures
database. This thread made me realize that if I don't disable freshclam
on the 14th, I might be needing the water bucket on the 15th.
For those sysadmins who don't notice this thread; I hope all that ends
up happening is inbound mail gets delivered without being scanned. And
that they are are able to revert their database to a working version or
update their installs before the bad guys realize which systems are no
longer scanning for viruses.
Of course the unlucky ones will only hear the bells that ring when the
bits stop flowing.
Anyone feel like volunteering to create a wrapped version of ClamAV that
is binary compatible with pre 0.95 installs?
Please submit your patches to our Bugzilla: http://bugs.clamav.net