On Sun, 16 Mar 2025 16:09:20 +0100 Denis 'GNUtoo' Carikli <[email protected]> wrote:
> On Thu, 13 Mar 2025 17:27:26 +0200 > Wael Karram <[email protected]> wrote: > > Note that this package is quite important to keep up to date [...] > > and it does have the occasional RCE. > Indeed. > > > most people running any kind of public-facing server will most > > likely use it somewhere to scan files (e.g.: mail) > If you can avoid using ClamAV or any similar tool it might improve > security as ClamAV's goal is to parse/scan untrusted files, and that > is very difficult to do safely with languages like C. That is quite off-topic and factually incorrect, please don't spread C++/Rust-inspired FUD. Case in point SeL4, OpenBSD...etc The issue with ClamAV is quite larger, there is no FOSS AV/file milter that would be an alternative. > > It might be possible to sandbox ClamAV somehow to improve security as > it shouldn't require many permissions/access, and its NEWS.md file in > its source code mentions that "Removed use of problematic feature > [...]. This feature caused issues in environments where the ClamAV > engine is run in a low-permissions or sandboxed process.". Sandboxing actually does seem like a smart thing to do, thanks. > > Denis. -- Kind Regards, Wael Karram.
pgpojJABejv1A.pgp
Description: OpenPGP digital signature
_______________________________________________ Dev mailing list [email protected] https://lists.parabola.nu/mailman/listinfo/dev
