[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Solarspeed MailScanner Denial of Service attack in message!
- Subject: Re: [cobalt-security] Solarspeed MailScanner Denial of Service attack in message!
- From: Eugene Crosser <crosser@xxxxxxxxxxx>
- Date: Sat, 27 Sep 2003 22:40:47 +0400
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
On Sat, 2003-09-27 at 14:08, Michael Stauber wrote:
> We had the same on two boxes that still use Kaspersky. The newer AV-Suite uses
> Clam AV instead.
>
> Apparently the virus definitions were corrupted upon or during download.
>
> Re-downloading the virus definitions (from the GUI if a RaQ550, XTR or Qube3)
> or from the command line solves the issue.
Not directly related, but still...
I am using a clamav based antivirus solution on a rather big mail system
(non Cobalt). I beleive that freshclam probably checks MD5 of the
downloaded signature database to prevent accidental curruption of the
file.
But the signature files are *not* signed with public key crypto, and
therefore is someone breaks into the main distribution server and
replaces a signature file *together* with the md5 sum of it, everyone in
the world who uses clamav will be in very big trouble. Ideally, the
person who builds the database should sign it with pgp or something, and
put the signature to the download site.
Makes me somewhat nervous.
Eugene