>>> Why, are you blocking outbound rsync traffic? If so, after 3 years of >>> maintaining this script and many >>> thousands of users, this is the first time I've heard this request. >> >> Some of do this by default - set an outbound policy of block and allow >> specific traffic that's allowed. It >> means that should a machine get compromised despite all other precautions, >> it can't* then be used to >> launch an attack on others (or other servers in your own network) and/or is >> unable to communicate with >> it's control centre. Just another layer of security.
Yes, exactly. That which is not expressly permitted is prohibited. Not only once it's been compromised, but even by a trusted user that uses rsync to download something from his own remote site to actually do the compromising (of your system or an other system). It's one thing on a home system, but quite another on a corporate network where there is a policy in place. I think it's more likely that no one has reported it previously, rather than not implementing it. Thanks, Alex _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
