[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Solarspeed MailScanner Denial of Service attack in message!
- Subject: Re: [cobalt-security] Solarspeed MailScanner Denial of Service attack in message!
- From: Michael Stauber <cobalt@xxxxxxxxxxxxxx>
- Date: Sat, 27 Sep 2003 20:56:47 +0200
- Organization: SOLARSPEED.NET
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Hi Eugene,
> Not directly related, but still...
> I am using a clamav based antivirus solution on a rather big mail system
> (non Cobalt). I beleive that freshclam probably checks MD5 of the
> downloaded signature database to prevent accidental curruption of the
> file.
That's correct. Therefore the updater which Clam AV uses (freshclam) is a lot
more relieable than the updater which Kaspersky uses. Although Kaspersky
checks the downloaded definitions for virii or corruption it has no fallback
mechanism to revert back to a good set of definitions if the downloaded ones
are corrupt. Which is kinda crazy.
> But the signature files are *not* signed with public key crypto, and
> therefore is someone breaks into the main distribution server and
> replaces a signature file *together* with the md5 sum of it, everyone in
> the world who uses clamav will be in very big trouble.
A lot of critical sourcecode is available only with an md5 sum to check for
tampering. It's better than nothing, but you're right: Ideally it should be
signed with PGP.
--
With best regards,
Michael Stauber