On Thu, 13 Mar 2025 17:27:26 +0200 Wael Karram <[email protected]> wrote: > Note that this package is quite important to keep up to date [...] and > it does have the occasional RCE. Indeed.
> most people running any kind of public-facing server will most likely > use it somewhere to scan files (e.g.: mail) If you can avoid using ClamAV or any similar tool it might improve security as ClamAV's goal is to parse/scan untrusted files, and that is very difficult to do safely with languages like C. It might be possible to sandbox ClamAV somehow to improve security as it shouldn't require many permissions/access, and its NEWS.md file in its source code mentions that "Removed use of problematic feature [...]. This feature caused issues in environments where the ClamAV engine is run in a low-permissions or sandboxed process.". Denis.
pgpXEZ8VORNgj.pgp
Description: OpenPGP digital signature
_______________________________________________ Dev mailing list [email protected] https://lists.parabola.nu/mailman/listinfo/dev
