include much needed antivirus products in FC2

Enrico Scholz enrico.scholz at informatik.tu-chemnitz.de
Tue Jan 6 18:10:43 UTC 2004


[ Since I am the author of the clamav package at fedora.us I am little
bit biased ]

tmus at get2net.dk ("Thomas Munck Steenholdt") writes:

> Neither is the case with the clamav packages from fedora.us. First of all
> a number of manual customizations has to be made in order to start the
> daemon... including installing the default conf file, adding init scripts
> and a lot of other things...
>
> This is not how things should work,

No, this is exactly how things should work. Default clamav configuration
is broken:

* daemon runs as root by default -> bad flaw since it works as non-root
  also. Please do not begin with SELinux; it's not the solution for all
  security problems and not available in FC1 or below.

* default logging and sockets are suggested to be under /tmp
  -> man symlink-attack, man tmpwatch

* no crontab entries for database update and logrotating

It is ok when the package itself has these flaws, but some tasks of
package-management is the providing of a secure and preconfigured
setup. I do not want a package which just puts the results of 'make
install' in the filesystem and where I have to spent hours to create new
users, fix broken default configurations or to write initscripts.

QA trail at https://bugzilla.fedora.us/show_bug.cgi?id=268 should
explain some parts of the clamav package.



Enrico





More information about the fedora-devel-list mailing list