Jose-Marcio.Martins at ensmp
Apr 8, 2010, 1:03 AM
Post #19 of 25
David F. Skoll wrote:
Re: The upcoming 15 April kill-switch (and a feature suggestion)
[In reply to]
> Jonathan Kamens wrote:
>> My company had hundreds of appliances in the field running versions of
>> ClamAV affected by this change. When we saw the announcement, we
>> immediately started working on figuring out how we were going to get
>> them updated by April 15, and we succeeded in doing so.
> We have hundreds of appliances too. Those are easy. Most customers
> enable automatic updates and have long since upgraded, and those that
> haven't are easy to find and to upgrade.
> The problem is we have some customers who prefer RPM versions of our
> software, and still others who install from source on platforms like
> NetBSD, Solaris and FreeBSD. We have no administrative control over
> their machines, yet if something goes wrong, they (quite reasonably)
> call us.
> So even though 80% or more of our user-base is fine, I still dread
> hundreds of support calls come the 15th. It doesn't do *us* any good
> to say "We told you to upgrade... why didn't you?" when some irate
> caller's mail is down.
> So anyway... to try to make something constructive out of this thread,
> I have a feature suggestion: Incorporate the version number in your
> DNS TXT records and download URLs. Your download mirrors can use
> symlinks in most cases (when versions are completely compatible) and
> you can easily stop older machines from attempting to download by
> stopping updates on the 0.96.whatever.clamav.net TXT record.
I think the suggestion from Jonathan is a good one : allow people to
continue to run the antivirus with the older database and no updates.
That means, instead of "refuse to load and exit", it should just reload
the last valid database without update.
On the other hand, running an antivirus older than two years while there
are new releases available, for free, is quite irresponsible.
While it's acceptable to run a really old version of, say, openoffice,
it isn't for a security related software.
The problem with your customers is that you accepted to engage yourself
about something which is intrinsically moving and you have no control
(and you can't) just to satisfy the injustified inertia of a (I hope)
small amount of your users. Maybe you can set up a mirror on your
domain, with the old database, just for your lazy customers.
Jose Marcio MARTINS DA CRUZ http://j-chkmail.ensmp.fr
Ecole des Mines de Paris
60, bd Saint Michel 75272 - PARIS CEDEX 06
mailto:Jose-Marcio.Martins [at] mines-paristech
Please submit your patches to our Bugzilla: http://bugs.clamav.net