Hi, I noticed the announcement of the bytecode interpreter in the 0.96-rc1 announcement.
That feature took me utterly by surprise. Could anyone provide a use-case for it? I'm at a loss as to why a security tool should allow signature writers to be able to inject arbitary executable code. (Yes, I know the bytecode has all kinds of security checks and is limited in what it can do, but so does/did Java and there were still many bugs found in the Java sandbox.) And a security tool that requires (or at least can use) a C compiler at run-time boggles the mind. I guess we either have to install a C compiler or live with the slower bytecode interpreter. So... Why do we need the bytecode interpreter? Can we disable it if we decide the cons outweigh the pros? Regards, David. _______________________________________________ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net
