Re: [Clamav-users] DB Update email before actual update available?
Dennis Peterson wrote: > Per Jessen wrote: >> Jay Lee wrote: >> >>> The point of the exercise it to run freshclam *only* when the update >>> is published, not to run every x hours (or minutes) without knowing >>> if there is an update. >>> >>> Looking at my options there... >> >> Why not just run freshclam as a daemon? > > Then you really need to have a daemon watcher to keep it going. At some point you've got to trust someone/something. Who watches your daemon watcher? Who watches your OS? Who watches your power-supply? Quis custodiet ipsos custodes? ... > And it is actually used just a few seconds a day but as a daemon the > resources it uses are fully committed 100% of the day. Given the very limited amount of resources it uses, I see no problem in that. > At some point you just have to step back and take a simple approach, > especially when it's a simple problem. Running freshclam IS a simple option, IMHO. Anything else is needs additional scripting, checks of this and that etc. - not a simple approach at all. /Per Jessen, Zürich ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] DB Update email before actual update available?
Per Jessen wrote: Dennis Peterson wrote: Per Jessen wrote: Jay Lee wrote: The point of the exercise it to run freshclam *only* when the update is published, not to run every x hours (or minutes) without knowing if there is an update. Looking at my options there... Why not just run freshclam as a daemon? Then you really need to have a daemon watcher to keep it going. At some point you've got to trust someone/something. Who watches your daemon watcher? Who watches your OS? Who watches your power-supply? I run SPARC equipment - I have monitoring for all that and cpu temperature, too. There's a difference between proper monitoring and absurdity. Your strawman fails that. The objective for me is self-healing systems with a human asset as a backup in the event of an unhealable failure. Those are rare. And it is actually used just a few seconds a day but as a daemon the resources it uses are fully committed 100% of the day. Given the very limited amount of resources it uses, I see no problem in that. We found different solutions. But in nearly 30 years of doing this every day I can tell you I've never had a cron daemon fail, but I can guarantee freshclam can fail regularly (and has) when run as a daemon. At some point you just have to step back and take a simple approach, especially when it's a simple problem. Running freshclam IS a simple option, IMHO. Anything else is needs additional scripting, checks of this and that etc. - not a simple approach at all. What makes it simple, and it is, is cron and a very basic reuseable script - the script does far more than just launch freshclam. It also examines the files freshclam has downloaded to a sandbox before they're deployed so that bad files don't replace good ones. And of course I have a daemon monitoring clamd and that daemon watching tool watches a lot of daemons and other processes. I use cfengine and I can't recommend it more strongly for data center operations. One of the daemons it doesn't watch is freshclam because that runs out of cron as described. It does watch cron, though, and cron watches it. And Big Brother and HPOV watch everything. Our requirements are for 5 9's reliability and system availability and that requires self-healing systems. If something can't heal itself I get paged and email. So what do you do when your freshclam dies or explodes from a memory leak or do you depend 100% on it never failing? If the latter then I assure you we have found different solutions. dp ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Want to submit 100+ spam images to razor and clam dbs
I've identified 100+ spam images in my INBOX that razor/clam don't catch, and want to submit them. The images have been MIME-decoded and are in GIF/JPG/etc format. My questions: 1. For razor, can I just do "razor-report *.gif *.jpg" or do I need to re-MIME-encode the images first? Should I do "razor-report -H *.gif *.jpg" and just report the sigs to save bandwidth? 2. Does Clam consider image spams to be "viruses"? If yes, where can I upload/report these images en masse? -- We're just a Bunch Of Regular Guys, a collective group that's trying to understand and assimilate technology. We feel that resistance to new ideas and technology is unwise and ultimately futile. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Want to submit 100+ spam images to razor and clam dbs
On Tuesday 26 December 2006 19:01, Kelly Jones wrote: > I've identified 100+ spam images in my INBOX that razor/clam don't > catch, and want to submit them. The images have been MIME-decoded and > are in GIF/JPG/etc format. My questions: > > 1. For razor, can I just do "razor-report *.gif *.jpg" or do I need to > re-MIME-encode the images first? Should I do "razor-report -H *.gif > *.jpg" and just report the sigs to save bandwidth? > > 2. Does Clam consider image spams to be "viruses"? If yes, where can I > upload/report these images en masse? Perhaps you should get in touch with the folks doing this: http://www.msrbl.com/site/msrblimagesabout -- - Bob Hutchinson Midwales dot com - ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] RE: clamav-users Digest, Vol 26, Issue 1
- ZhangFrank <[EMAIL PROTECTED]> wrote: > Hello all, > > I installed Clamav-0.88.6 by "pkg_add clamav-0.88.6.tbz" in FreeBSD > OS. After configured clamd.conf and freshclam.conf I run freshclam, > but got a ERROR said > > "/libexec/ld-elf.so.1:freshclam:Undefined symbol "__h_errno" > > I've installed clamav-0.88.6 on other FreeBSD machines before but > never seen that Error. I'm wondering Why and How can I handle it. ... What version of FreeBSD? The ClamAV package was probably built for a different version, so it does not match the libc on your system. Tom ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
