[clamav-users] Daily 23161 broke Clam
Noel Jones
njones at megan.vbhcs.org
Mon Mar 6 03:28:58 UTC 2017
On 3/5/2017 6:51 AM, Joel Esler (jesler) wrote:
> The question here is, do we strive to make a package that is installable on more machines, (even ones that are going EOL?), or do we strive to make a package that is the best for security?
>
It's my understanding that the new features in pcre7 are mostly
about shortcuts and convenience for the programmer, not about pcre6
inability to match particular content.
So this isn't really about security, it's about writing the same
signatures so they work with older pcre.
This is about not alienating that portion of your user base that for
whatever reason is unable to upgrade to a new incompatible
requirement. Once you lose such a customer, you're probably lost
them for a long time -- not just until they upgrade, but maybe forever.
I see clamav slowly sliding towards irrelevance. Progressively less
effective, slower to respond to new threats, and now considering a
decision to reduce their user base. This makes me sad.
My systems all meet the proposed requirements, so this doesn't
affect me directly. But I feel this reflects a deeper problem
within the project -- a lack of consideration for the end user.
-- Noel Jones
More information about the clamav-users
mailing list