Blog | Fleximus

Security

Developers for OpenEAV wanted

2009-06-28 Felix Ehlers

OpenEAV, the free and open antivirus system for the enterprise is watching out for a talented and experienced C++/QT programmer with good knowledge of the STL and the Boost library. The client gui needs to be designed, implemented and must fit well around OpenEAV’s core api. Everyone who feels to be interested in helping out should not hesitate to contact me. The OpenEAV project is hosted on Google Code In additional news, the project now has it’s own development list OpenEAV-devel.

Multiple antivirus products with security issues

2009-06-17 Felix Ehlers

Symantec reports that most of their av products have a security issue in conjunction with prepared archive files. These could bypass the virus scanner because the file format is not correct but the operating system is still able to etract the files. Also Frisk (F-Prot), Norman and Ikarus published updates to similar problems in their products. Kaspersky silently deployed updates to a parsing bug that prevented to identify pdf files if the magic string %PDF was missing.

Secunia releases annual report for 2008

2009-03-06 Felix Ehlers

Secunia, well known for their vulnerability research and vuln announcements, has released the Secunia 2008 Report as pdf. The report shows that they release more advisories per year and 0-day vulnerabilities felt back to the 2006-level for decreasing about 40 percent. Also very interesting was the comparison of browser security. While Firefox has more vulnerabilities than IE, Safari and Opera together, those security holes are closed way faster than the ones from IE.

Lighttpd 1.21 released

2009-02-18 Felix Ehlers

Version 1.21 is mainly a bugfix release over 1.4.20 and fixes at least 30 bugs. There are also 3 new features: mod_compress now supports caching through etags and last-modifieda new config setting debug.log-timeouts = “enable”. The default is now disabled and eleminates annoying log entriesa new $HTTP[“language”] conditional that allows interesting stuff like url rewritings that takes language codes into account The official Lighttpd 1.4.21 release announcement and changelog

DragonflyBSD 2.2 released

2009-02-18 Felix Ehlers

One of the most interesting improvements made in DragonFly BSD are about the HAMMER filesystem which is now considered ready for productional use. It is also now possible to boot from a HAMMER-only disk, though this is still not recommended. On the kernel side first steps toward AMD64 support have been made, thanks to the Google Summer of Code 2008. For a complete list of changes and release notes have a look at the DragonFly 2.