Am 30.05.2014 10:02 schrieb Charles Swiger: > > Is there a chance the codepath could be disabled? > > Of course. Source code is available; and anyone is welcome to create a patch.
Charles, thanks for response. I'm not unfamiliar in creating patches but here I need a hint to a starting point. That's why I ask... > A second point to note is that openssl-0.9.7d not only has a bunch of known > security > issues, it's obsolete and will not be getting fixes. It should be easier to > update > your OpenSSL to something secure than it would be to create a patch ClamAV to > have it > work with obsolete versions of OpenSSL. normaly the server in question don't use ssl at all. for that reason they still run. But no clamav uses parts of openssl and I run into that problem. Andreas -- Andreas Schulze Internetdienste | P252 DATEV eG 90329 Nürnberg | Telefon +49 911 319-0 | Telefax +49 911 319-3196 E-Mail info @datev.de | Internet www.datev.de Sitz: 90429 Nürnberg, Paumgartnerstr. 6-14 | Registergericht Nürnberg, GenReg Nr.70 Vorstand Prof. Dieter Kempf (Vorsitzender) Dipl.-Kfm. Wolfgang Stegmann (stellvertretender Vorsitzender) Dipl.-Kfm. Dr. Robert Mayr Jörg Rabe v. Pappenheim Dipl.-Vw. Eckhard Schwarzer Vorsitzender des Aufsichtsrates: Reinhard Verholen _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml