 |
|
|
Articles
|
 |
|
 |
|
|
IN FOCUS: Is ClamAV Vulnerable to a Corporate Attack?
Posted by SteveT on Thursday, February 07, 2008 :: Last Updated on Thursday, February 07, 2008:: Views 302 |
Mark Joseph Edwards, News Editor, mark at ntsecurity / net
Software vulnerabilities caused by faulty code pop up every day, and most of them are fixed in a reasonably quick fashion. But there's another type of software vulnerability that's going unpatched. That vulnerability has to do with intellectual property and patent claims.
As you might know, Microsoft claimed that various open-source software packages, such as Linux and OpenOffice.org, violate as many as 235 of the company's patents. You can read more about Microsoft's claims at http://ct.email.windowsitpro.com/rd/cts?d=33-2082-803-202-5219-160766-0-0-0-1-2-207 (http://ct.email.windowsitpro.com/rd/cts?d=33-2082-803-202-5219-160767-0-0-0-1-2-207.
To date, none of Microsoft's claims have been backed up by evidence, so some Linux vendors think it's all a bunch of smoke and mirrors designed to frighten people away from using Linux.
Recently, Trend Micro has gone after Barracuda Networks -- an avid supporter of open-source projects -- because it includes the open-source ClamAV (www.clamwin.com/http://ct.email.windowsitpro.com/rd/cts?d=33-2082-803-202-5219-160768-0-0-0-1-2-207) in its Security appliances. In case, you've been living in a cave for the last five years, ClamAV is a hugely popular antimalware solution. More than one million people download its signature updates each day, if that gives you any idea as to how widespread its use has become. Many of those downloads come from a plethora of Windows users running a ported version of ClamAV.
Trend Micro's argument is that ClamAV violates at least one of Trend Micro's patents that centers on scanning for viruses at a gateway. Because Barracuda Networks uses ClamAV, Trend Micro decided to file a lawsuit against the company. Trend Micro hasn't openly stated why it didn't go after the developers of ClamAV directly, but it doesn't take a rocket scientist to figure out that because ClamAV is a free, open-source product, there's no money to be gained by suing the developers of ClamAV. Suing Barracuda Networks could kill two birds with one stone: Trend Micro might collect a ton of cash in a settlement, and the payment of a big settlement could, hypothetically, put Barracuda Networks out of business, thereby eliminating one of Trend Micro's competitors.
Interestingly enough, Sourcefire acquired ClamAV in December of 2007. Sourcefire is the company behind the hugely popular Snort Intrusion Detection and Prevention system. Why Trend Micro hasn't confronted Sourcefire regarding ClamAV is yet another mystery. Trend Micro's legal approach might have something to do with the terms of the General Public License (GPL).
Mysteries aside, Barracuda Networks isn't waiting for the other shoe to drop. The company is going after Trend Micro's patent claims and hopes to have the patent negated. To do so, Barracuda Networks will need evidence of a prior work that existed before Trend Micro filed for its patent. Right now, it seems that Barracuda Networks is looking to get its hands on a copy of MIMESweeper 1.0 because the company thinks that the software could possibly represent a prior work.
I'm no legal expert, so I have no idea which company's argument is stronger. If you're interesting in a pretty good amount of information about the battle, read Groklaw's article at www.groklaw.net/article.php?story=20080125135544713 (http://ct.email.windowsitpro.com/rd/cts?d=33-2082-803-202-5219-160769-0-0-0-1-2-207, which explains some of the finer points of the battle. But before you do that, head over to Barracuda Networks' Web site and read its summary of the allegations, which offers some good background information, at www.barracudanetworks.com/ns/legal/ (http://ct.email.windowsitpro.com/rd/cts?d=33-2082-803-202-5219-160770-0-0-0-1-2-207.
|
Previous Page | Next Page
|
|
|
|
|
|
 |
| Mid-Summer Promotion - Mail Server .NET |
We are launching mid-summer promotion with our Mail Server .NET. You can upgrade, or get a new license for $50.00 less until July 15 2008.
| | 7/4/2008 9:36:35 AM |
|
| ArGoSoft Mail Server .NET v1.0.5.2 | |
Mail Server
- Added Available Updates checking. Of course, it will show up only after we release
the next version... If new version is avialable, a link will be displayed on the bottom of
the UI, suggesting to upgrade
- "SMTP Log In" will be no longer be registered in the last login database, because it causes
confusion when the web interface displays last login protocol;
- Updated help files, now they reflect new Remoting services;
Web Interface
- "Wiping" of trash folder now works. With each login, messages, located in the
trash folder, and older than 3 days will be wiped out;
| | 6/16/2008 8:45:05 AM |
|
|
|
| ArGoSoft Mail Server .NET v1.0.5.1 | |
Mail Server
- Fixed a bug from 1.0.5.0 - was impossible to add domain groups and domains from the
UI;
Web Interface
- Created a
page for localized resource files. If you are willing to contribute
your resources, we would be very thankful;
- It turns out, major IMAP clients do not allow rename of the Inbox folder. They display
localized name of Inbox, but an actual name of folder on the server stays "Inbox".
Now the web interface will allow the same - you can specify the name of inbox, but it will be
just a display name, how it will appear on the web interface. It will keep compatibility with
IMAP clients;
- CC and BCC headers on the Write Email page are now initially hidden.
- When accessing the web interface initially, user will be prompted to enter
default SMTP server address;
| | 6/3/2008 11:43:33 AM |
|
| ArGoSoft Mail Server .NET v1.0.5.0 | |
Web Interface
It is a major change, even though there are no significant changes in the "look and feel" of the web interface.
- Now all the communication with mail server is performed via a remoting object, which is hosted in the
mail server.
- It allows to run the mail server and the web interface on separate
computers;
- Eliminates access right problems to directories and databases;
- Web interface no longer requires SQL Server 2005 or SQL Server Express on the
computer where it runs;
- Something you've been asking for very long time!
Now users can send out HTML messages
- Almost entire text that appears in the UI is placed in resource files, allowing
easy localization of string resources;
- When going out, mail is relayd to mail server via SMTP, instead of going directly to outbox. It ensures,
that all server plugins are called, and all server generated headers (including Domain Keys) are properly inserted;
- Server and Domain Group administration temporarily are not available. We will be releasing
new separate web application, which will be doing that. Currently, you still can use old version of
web interface for administering server via web, old and new version can co-exist peacefully;
Mail Server
- Now each account has No SMTP access flag, allowing to have "incoming only" accounts; Works only when
SMTP authentication is enabled;
- Optimized the load of Edit Domain Group box. In earlier versions it was taking long time, because
that calculation of the usage was being performed at the box load. Now calculation will be not perfomed,
unless user clicks Calculate Usage link;
Following changes are related to the major change of the web interface (see above):
- Added remoting object, which is used to communicate with the web interface;
- Added Default Content-Type field to users, allowing them to select in which
initial state is the Compose Mail message body editor: plain text or HTML;
- Now each user can select the name for their Inbox.
Useful when creating localized versions.
| | 5/30/2008 11:18:43 PM |
|
|
|
|
|
 |
 |
|
 |
|