Eric Rostetter schrieb:
Quoting John Rudd <[EMAIL PROTECTED]>:It is not ClamAV's place to make policy decisions for me.And ClamAV does not. The milter is.
That distinction is immaterial. The milter comes as part of the ClamAV package. s/ClamAV/clamav-milter/ throughout my posting if you want, it doesn't change my argument in any way.
And the milter is designed to work with sendmail. And if leaving this enabled by default produces an exploitable sendmail, then it is wrong.
The premise of this implication is false, therefore the conclusion doesn't follow. Passing E-mail addresses containing shell metacharacters does not produce an exploitable sendmail.
It is ClamAV's place to match email messages to signatures.Yes, but this is _not_ the function of the milter, it is the function of ClamAV, and ClamAV is not the thing causing the issue, the milter is.
Ok, since a simple s/ClamAV/clamav-milter/ probably won't cut it in this case, I'll rephrase that statement: It is clamav-milter's place to pass messages to clamd for matching them to signatures.
At most, it should offer me policy options, but only _options_.You would rather it allows you to become exploitable? I wouldn't...
Most programs "allow you to become exploitable". It is always up to you to configure them so that this doesn't happen. Programs that *make* you exploitable are the problem, but a hypothetical clamav-milter that wouldn't block mail addresses containing vertical bar or semicolon characters does not fall into that category.
IMHO, the proper thing to do is to document this in the milter docs. Whether it becomes a configurable option or not, it should certainly be documented that the default is to block such addresses.
That would have been the minimum. But it is still wrong for a milter whose advertised purpose is to pass messages to a virus scanner, to start blocking messages based on unrelated criteria like allegedly illegal characters in addresses.
BUT, the point of my email is ClamAV is an anti-virus program, its jobs is to match patterns and report the match. clamav-milter is a separate program, a milter for sendmail. A milter is by definition a filter. It's job IS to filter (see: https://www.sendmail.org/milter/), even though many people use them in a non-filtering way... Don't confuse the two programs, or their functions.
Ok, point taken. Consider them unconfused. Now please let us discuss the clamav-milter program, distributed with ClamAV but separate from it, and how it should behave with respect to the recipient addresses of the mails it processes. My position is still that checking the legality of those is not its job and it should leave them alone.
It would be irresponsible for a milter to knowingly allow a security hole by default. Protecting against such a hole is the only reasonable thing to do. How to best protect that hole is still a subject of debate.
Clamav-milter cannot protect my mail server against all possible security holes, and shouldn't even try. It has a precise job, which is to check mails for known viruses by passing them to ClamAV, and block their delivery if the check comes back positive. Other security risks must be covered by other means. Thanks, Tilman
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
