ClamAV and The Case of The Missing Mail

Posted by Neil Schwartzman on

Neil Schwartzman
By Neil Schwartzman
Senior Director, Security Strategy, Receiver Services

Some email discussion lists were all atwitter yesterday, as Sourcefire’s open-source anti-virus engine ClamAV version 0.94.x reached its end-of-life.

Rather than simply phase this geriatric version out (it was at least one year old, revised to versions .95 and .96 since release, and announcements about the need to upgrade had been made for six months) the development team put to halt instances of V0.94 in production yesterday, April 15, 2010. This was to protect users from an issue that existed with the older version in terms of its inability to be updated with fresh virus signatures.

In other words, the ClamAV developers caused version .94 to stop working entirely, and, depending upon the implementation, that meant email to systems using ClamAV also stopped flowing.

Yikes. Several high-profile anti-spam services were hit with an unanticipated shutdown, for example, Roaring Penguin’s CANIT, with large incursion into the educational market reported incidents of downed systems. Michelle Sullivan of GFI Mail Essentials’ SORBS also noted the inbound servers for the blacklist took a hit.

The Twitterverse wasn’t pleased either — numerous systems administrators have been tweeting their chagrin at the move.

Some sender-side mailing lists noted a 3-5% drop in email deliverability yesterday; that sounds very much on the high side to us, given such figures invariably change from list to list. No major ISPs and receiving sites are using ClamAV on their production mail servers, but nonetheless, the concern for us isn’t so much about dropped mails. By now, email systems have been re-arranged or upgraded.

Rather it is the reliance upon out-dated systems and anti-virus software. With zero-day exploits and a constant flow of malware, the latest and greatest commercial anti-virus software packages are only able to flag, at best, half of the viruses live on the net; at least 50% go undetected. Out-of-date anti-virus software is generally less effective at catching malware, and out-of-date system software much more vulnerable to exploit.

Our advice for all users, be they systems administrators or desktop users is to run more than one anti-virus system and to keep your operating system and applications updating regularly, daily if at all possible.

There were no winners here, recipients didn’t get mail, receiver systems dropped mail, senders failed to get through, two high-profile spam-filtering services were adversely affected, and Sourcefire took it on the chin.


Popular this Month

 Video in Email: Is It Right For Your Business? (Part 1)

Video in Email: Is It Right For Your Business? (Part 1)

Video in email is nothing new. Marketers have been using some form of video...

Read More

 [New Research] Are These Hidden Metrics Harming Your Deliverability?

[New Research] Are These Hidden Metrics Harming Your Deliverability?

Reaching the inbox is not as simple as hitting send. Once a message is...

Read More

 What Job Is Your Subscriber Hiring Your Email To Do?

What Job Is Your Subscriber Hiring Your Email To Do?

Over the last 16 years, I’ve worked as a product manager, run product...

Read More

Author Image

About Neil Schwartzman

Author Archive

Stay up to date

Enter your name and email address below to subscribe to our mailing list.

Your browser is out of date.
For a better Return Path experience, click a link below to get the latest version.