I work for a medium sized department in a large public University. We're currently testing the open source version of Zimbra for future deployment to replace our existing system (based on iPlanet). Thus, far we've been satisfied with the performance of Zimbra.
We have yet to engage the sales team, but before we do we have a few questions for the community.
- Does Zimbra have some mechanism to deal with security updates? For example, there were multiple DoS attacks reported for ClamAV in the past few weeks. (see CVE-2007-3123 (under review)). Updating the OS (RHEL 4 in our case) alone does solve the problem, because Zimbra runs its own ClamAV. I've seen some wiki posts on updating it manually, but that doesn't seem practical as it overwrites the Zimbra binaries (and might not be "certified" to work with Zimbra).
- Is there a (low-volume) mailing that one can subscribe to and receive security only announcements related to Zimbra?
Thanks in Advance.