I work for a medium sized department in a large public University. We're currently testing the open source version of Zimbra for future deployment to replace our existing system (based on iPlanet). Thus, far we've been satisfied with the performance of Zimbra.
We have yet to engage the sales team, but before we do we have a few questions for the community.
- Does Zimbra have some mechanism to deal with security updates? For example, there were multiple DoS attacks reported for ClamAV in the past few weeks. (see CVE-2007-3123 (under review)). Updating the OS (RHEL 4 in our case) alone does solve the problem, because Zimbra runs its own ClamAV. I've seen some wiki posts on updating it manually, but that doesn't seem practical as it overwrites the Zimbra binaries (and might not be "certified" to work with Zimbra).
- Is there a (low-volume) mailing that one can subscribe to and receive security only announcements related to Zimbra?
Thanks in Advance.
Software/Security Updates for Zimbra
Software/Security Updates for Zimbra
I suppose no one here is interested in updates to security holes. I'm wondering how administrator's are handling security updates? On our secondary mail servers (clamav/postfix/etc) we've been relying on Redhat updates, so I'm a reluctant to go with Zimbra unless they are taking security seriously.
-
14319KevinH
- Ambassador
- Posts: 4558
- Joined: Fri Sep 12, 2014 9:52 pm
Software/Security Updates for Zimbra
[quote user="autospy"]I suppose no one here is interested in updates to security holes. I'm wondering how administrator's are handling security updates? On our secondary mail servers (clamav/postfix/etc) we've been relying on Redhat updates, so I'm a reluctant to go with Zimbra unless they are taking security seriously.[/QUOTE]
We take it seriously and currently ship security updates as part of each patch release. At this time we have not created a security maillist but do at times send out notifications to our customer list first and then post on the forums a day or two later when there are security issues that can be fixed with a config change. This has only happened twice that I can remember.
We take it seriously and currently ship security updates as part of each patch release. At this time we have not created a security maillist but do at times send out notifications to our customer list first and then post on the forums a day or two later when there are security issues that can be fixed with a config change. This has only happened twice that I can remember.
-
2234msallee
- Posts: 16
- Joined: Sat Sep 13, 2014 12:27 am
Software/Security Updates for Zimbra
I would also be interested in subscribing to a security-updates only notification list. (for Zimbra NE.) Is there one available yet?
Thank you.
Mark
Thank you.
Mark
Software/Security Updates for Zimbra
It would be nice if the updates were posted on zimbrablog.com or even @zimbra on twitter.