 |
 |
FYI Back on Feb 9th, a security issue with SAV was announced. http://www.sarc.com/avcenter/security/Content/2005.02.08.html I'm pretty sure the SAV CE 9.x version distributed thru the Computer Store under the Big 10 license is vulnerable. The issue is a buffer overflow, potentially followed by running arbitrary code, so in effect a root exploit. I was able to get an updated CD (9.0.3.1000) thru the Computer Store last week and have been working with that. I'm still trying to figure out why "push" installations aren't working too well for me (maybe 20% success). Most of my clients were using SAV 8.x, I push the new version to them over the net, and after rebooting they are still running 8.x. But another issue popped up on some of the clients that did take the 9.x version. Scanning email is on by default, but SAV can't scan encrypted email connections. That causes a problem with mail.msu.edu of course. I'm pretty sure at least one of my clients running Eudora had SSL turned off for sending email by the SAV upgrade. So it quit sending messages. And on other clients, SAV gives a pop-up warning about encrypted email. There is a button to say "don't warn again", but it didn't seem to work. One computer was getting the pop-up about every minute. I found this page describing the problem, and have taken the work-around of turning off email scans. http://kb.indiana.edu/data/apat.html?cust=360324.67646.30 I'm leaving town for ten days so I'm dropping this project for now. It sounded like the Computer Store may be ready to sell the new SAV media next Friday. If someone checks into this and finds out I'm wrong, please let me and/or the list know. -John PS - LiveUpdate doesn't fix this. The improved client code must be installed outside of LiveUpdate.