[clamav-users] [OT] ClamAV® blog: ClamAV 0.104.0 Release Candidate is here!
Gary R. Schmidt
grschmidt at acm.org
Wed Jul 28 13:31:05 UTC 2021
On 28/07/2021 21:53, G.W. Haywood via clamav-users wrote:
> Hi Paul,
>
> On Wed, 28 Jul 2021, Paul Kosinski via clamav-users wrote:
>
>> In my case, I can't simply upgrade to the latest Debian (or any
>> other distro), as one of the systems is our home firewall and
>> gateway -- with iptables, multi-LAN routing (with local DNS), a bit
>> of bridging, encrypted tunnels to elsewhere, etc. This means we
>> would lose *all* Internet connectivity for who knows how long if I
>> tried an in-place upgrade.
>
> I'd recommend not using any big distro for your perimiter firewall.
> I use one of the purpose-built stripped-down firewall distributions.
> The maintenance needed on it is minimal, and it doesn't prevent you
> from having firewalls on other machines too. To get to *any* of our
> servers from outside, packets must traverse at least three firewalls.
>
>> So the only way to move forward seems to be to rebuild our system on
>> separate hardware. I have started this on hardware I already mainly
>> have (being retired, and thus without corporate budget or staff).
>
> One of the slightly unexpected benefits of using things like the
> Raspberry Pi is that you can have a few of them kicking around which
> are surplus to requirements and just fire one up as and when needed.
I second what Ged is saying here, for firewalls and so on the Raspberry
Pi and its ilk are a much better choice than a full-on system, they use
/much/ less power, and keeping a spare or three isn't a board- (or
wife-) level budget request. :-)
I still like a full-on machine for handling email, but that's because I
run Panda-IMAP, which is probably the closest thing to a "reference"
IMAP implementation we will ever see, and I can do far more clever
things with disks and SANs when needed.
Cheers,
Gary B-)
P.S. Yes, I know I said good-bye, but I am interested in the fall-out
of the recent decisions made about ClamAV. (And I like to laugh at the,
"I haven't been able to download...", posts. :-) )
More information about the clamav-users
mailing list