Re: [Clamav-users] output of "clamscan -i" with clamdscan ?
On 2008-10-06 13:41, giggz wrote: > Hi, > > I would like to have the same output as "clamscan -i", but with the > clamav daemon. Is it possible ? If you are scanning a directory, then clamdscan will only show infected files, if you're scanning a single file it'll always show whether it is infected/OK. Best regards, --Edwin ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] [0.0] Re: Stop it!
On Tue, 2008-10-07 at 05:12 +0200, Colin Alston wrote: > On 2008/10/07 12:05 AM Jerry wrote: > > Just out of morbid curiosity, who is holding a gun to your head forcing > > you to use 'hobby products' anyway? No one is being forced to do > > anything, therefore they have no discernible right to demand that the > > developer of the product they are using change it to suit their own > > personal likes. > > Regardless of your despicable description of Clam, people do have a Which was only a quote BTW. > discernible right to make suggestions however they are expressed. The problem with impolite suggestions worded as an order and/or whining about missing features is that they tend to be ignored. > Clearly you have very little experience in Open Source. He has probably more than most from the old-school business world - long living free/open-source software didn't (and doesn't IMHO) come into existence just because someone "suggested" somewhere something (in whatever wording). It came into existence (and is developed further) by being programmed - either from scratch or as patch to existing source. Of course if you pay someone to do this, then there are other rules too. Bernd -- Firmix Software GmbH http://www.firmix.at/ mobil: +43 664 4416156 fax: +43 1 7890849-55 Embedded Linux Development and Services ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] 0.94, checking for CVE-2008-1372 and bzip2 1.0.5
On Tuesday 07 October 2008, Sergey wrote: > Why has check not passed ? > > checking for bzlib.h... yes > checking for CVE-2008-1372... bugged > configure: WARNING: ** bzip2 libraries are affected by the CVE-2008-1372 > bug > configure: WARNING: ** We strongly suggest you to update to bzip2 1.0.5. > configure: WARNING: ** Please do not report stability problems to the > ClamAV developers! Sorry, I found tread "bzip2 1.0.5 and clamav 0.94". -- Regards, Sergey ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
[Clamav-users] 0.94, checking for CVE-2008-1372 and bzip2 1.0.5
Hello. Why has check not passed ? checking for bzlib.h... yes checking for CVE-2008-1372... bugged configure: WARNING: ** bzip2 libraries are affected by the CVE-2008-1372 bug configure: WARNING: ** We strongly suggest you to update to bzip2 1.0.5. configure: WARNING: ** Please do not report stability problems to the ClamAV developers! $ bzip2 --version bzip2, a block-sorting file compressor. Version 1.0.5, 10-Dec-2007. Copyright (C) 1996-2007 by Julian Seward. This program is free software; you can redistribute it and/or modify it under the terms set out in the LICENSE file, which is included in the bzip2-1.0.5 source distribution. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the LICENSE file for more details. -- Regards, Sergey ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] output of "clamscan -i" with clamdscan ?
Török Edwin a écrit : > On 2008-10-06 13:41, giggz wrote: >> Hi, >> >> I would like to have the same output as "clamscan -i", but with the >> clamav daemon. Is it possible ? > > If you are scanning a directory, then clamdscan will only show infected > files, on my computer : 11:17 [EMAIL PROTECTED] ~ % clamdscan --no-summary folder /home/giggz/folder: OK So I always get the line "/home/giggz/folder: OK" It's not very important. But I put a line with clamdscan in a cron. So without any output, I don't get a mail. With an output I get a mail...With this "ok" line, I will get a mail each time the task is running...and it's not the expected behaviour. > if you're scanning a single file it'll always show whether it is > infected/OK. > Cheers, Guillaume > Best regards, > --Edwin > > ___ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://www.clamav.net/support/ml > ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] output of "clamscan -i" with clamdscan ?
Tomasz Kojm a écrit : > On Tue, 07 Oct 2008 11:20:45 +0200 > giggz <[EMAIL PROTECTED]> wrote: > >> on my computer : >> 11:17 [EMAIL PROTECTED] ~ % clamdscan --no-summary folder >> /home/giggz/folder: OK >> >> So I always get the line "/home/giggz/folder: OK" >> >> It's not very important. But I put a line with clamdscan in a cron. So >> without any output, I don't get a mail. With an output I get a >> mail...With this "ok" line, I will get a mail each time the task is >> running...and it's not the expected behaviour. > > You could simply filter out such entries using grep -v ": OK$" for example > Yes, it's a good solution. But clamscan -ir give to me the perfect output, so I searched if clamdscan could give me the same. THx for your suggestion! Bye ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Stop it!
Firstly, apologies for failing to remove my spam tags ([0.0]) in some e-mails. I know it messes up threading. I try to remember. Sorry. On 2008/10/07 12:05 AM Jerry wrote: > Just out of morbid curiosity, who is holding a gun to your head... Money. The 'gun' is money. Or, more precisely stated, the LACK of it. No money, and our choices are either free software or *none*. The ClamAV developers (and indeed many other AV vendors) recognize the need to address this problem, and so they work very hard and well to make sure that free quality virus protection is available to ALL. And we thank them for it. > therefore they have no discernible right to demand that the > developer of the product they are using change it to suit their own > personal likes. Agreed. But the only 'demanding' I see going on here is by the lucky 'rich', who are (or have) full time amply funded SA's. Just because *they* can *afford* to do things a certain way (which most would agree is the 'ideal' solution), they insist that the rest of us "must not" make our requests and suggestions for methods of operation and flexibility that address *our* needs. The people who think the financially disadvantaged "deserve" to suffer in silence are the ones who are "demanding". Those of us who actually want/need certain features have basically brought it to the 'attention' of those who *want* to know how they are serving the broader community that ClamAV as developed to serve. We only 'demand' the right to have our suggestions heard in their proper context, and not held up against the idealistic standards of the lucky few. Thanks. - C ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] output of "clamscan -i" with clamdscan ?
Tomasz Kojm a écrit : > On Tue, 07 Oct 2008 11:32:10 +0200 > giggz <[EMAIL PROTECTED]> wrote: > >> Yes, it's a good solution. But clamscan -ir give to me the perfect >> output, so I searched if clamdscan could give me the same. > > I think it should be fixed in clamdscan so please open a bug report > at http://bugs.clamav.net > > Thanks, > I open a bug under debian bugzilla, because I'm running under debian sid. I think the bug will follow up, isn't it ? Thx Bye ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] output of "clamscan -i" with clamdscan ?
On Tue, 07 Oct 2008 11:20:45 +0200 giggz <[EMAIL PROTECTED]> wrote: > on my computer : > 11:17 [EMAIL PROTECTED] ~ % clamdscan --no-summary folder > /home/giggz/folder: OK > > So I always get the line "/home/giggz/folder: OK" > > It's not very important. But I put a line with clamdscan in a cron. So > without any output, I don't get a mail. With an output I get a > mail...With this "ok" line, I will get a mail each time the task is > running...and it's not the expected behaviour. You could simply filter out such entries using grep -v ": OK$" for example -- oo. Tomasz Kojm <[EMAIL PROTECTED]> (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Tue Oct 7 11:23:18 CEST 2008 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
[Clamav-users] 0.94 and 0.94-exp
Hello. I found in log Tue Oct 7 16:41:18 2008 -> Software version from DNS: 0.94 Tue Oct 7 16:41:18 2008 -> WARNING: Your ClamAV installation is OUTDATED! Tue Oct 7 16:41:18 2008 -> WARNING: Local version: 0.94-exp Recommended version: 0.94 Tue Oct 7 16:41:18 2008 -> DON'T PANIC! Read http://www.clamav.net/support/faq ClamAV was built with --enable-experimental. I think what this a small bug. -- Regards, Sergey ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Stop it!
On 2008/10/7 Charles Gregory wrote: > We only 'demand' the right to have our suggestions heard in their proper > context, and not held up against the idealistic standards of the lucky > few. I must say that for the disadvantaged, this has been a great debate. However, it has missed the basic premise. The Question and Issue is that ClamAV is failing without warning. I really must believe that developers, designers, and customers need to work together to meet the demands of the product.Each has a point, but the basic fact that needs to be addressed is that the product is not presenting information to the users that an error is occurring in a way that can be readily identified as a situation to get fixed. I must protest that this is not an issue of who is right or wrong, but rather on what are we going to do as developers to meet the need of the application. Primarily, notifying (experts and novice alike) that a problem is occurring that is allowing unscanned mail and traffic through. I said this on a spin-off thread and I think it bears repeating. Failure to notify is not a feature, it is a problem. End users should not have to resort to other means to determine that this product is working correctly. If they do, then this product is defective. I am personally grateful for the hard work of the developers on this project and would like to understand enough to contribute. But to point blame to ignore the issue is just bad practice no matter the structure of the business. My opinion would be to start to suggest ways to inform end-users (novice and/or otherwise) that a situation exists with this (x) update that would allow for unchecked mail to come through and here are the steps to correct it. Putting this information on a Wiki that may or may not be visited is like raising a flag that there are bombs ahead and not providing a clear route to follow. Just a few thoughts. John. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] 0.94 and 0.94-exp
On 2008-10-07 14:51, Sergey wrote: > Hello. > > I found in log > > Tue Oct 7 16:41:18 2008 -> Software version from DNS: 0.94 > Tue Oct 7 16:41:18 2008 -> WARNING: Your ClamAV installation is OUTDATED! > Tue Oct 7 16:41:18 2008 -> WARNING: Local version: 0.94-exp Recommended > version: 0.94 > Tue Oct 7 16:41:18 2008 -> DON'T PANIC! Read > http://www.clamav.net/support/faq > > ClamAV was built with --enable-experimental. I think what this a small bug. This has already been fixed: https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1174 --Edwin ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] output of "clamscan -i" with clamdscan ?
On Tue, 07 Oct 2008 11:32:10 +0200 giggz <[EMAIL PROTECTED]> wrote: > Yes, it's a good solution. But clamscan -ir give to me the perfect > output, so I searched if clamdscan could give me the same. I think it should be fixed in clamdscan so please open a bug report at http://bugs.clamav.net Thanks, -- oo. Tomasz Kojm <[EMAIL PROTECTED]> (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Tue Oct 7 12:00:46 CEST 2008 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] [0.0] Re: Stop it!
On Tue, 07 Oct 2008 05:12:58 +0200 Colin Alston <[EMAIL PROTECTED]> wrote: >On 2008/10/07 12:05 AM Jerry wrote: >> Just out of morbid curiosity, who is holding a gun to your head >> forcing you to use 'hobby products' anyway? No one is being forced >> to do anything, therefore they have no discernible right to demand >> that the developer of the product they are using change it to suit >> their own personal likes. > >Regardless of your despicable description of Clam, people do have a >discernible right to make suggestions however they are expressed. If you have been following this thread, then you would know that I simple quoted a previous poster. I might add, and you will have to agree if you have been closely watching this thread, that other posters, well actually just one I believe, think the ClamAV developers are lazy, etc. because they will not immediately implement his suggestion(s) to lessen his supposed workload. Rather than using time proven updating procedures, he would rather off load the problem onto the ClamAV team. That, in my personal opinion, is just plain wrong. -- Jerry [EMAIL PROTECTED] There is no such thing as fortune. Try again. signature.asc Description: PGP signature ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] output of "clamscan -i" with clamdscan ?
On 2008-10-07 14:04, giggz wrote: > Tomasz Kojm a écrit : > >> On Tue, 07 Oct 2008 11:32:10 +0200 >> giggz <[EMAIL PROTECTED]> wrote: >> >> >>> Yes, it's a good solution. But clamscan -ir give to me the perfect >>> output, so I searched if clamdscan could give me the same. >>> >> I think it should be fixed in clamdscan so please open a bug report >> at http://bugs.clamav.net >> >> Thanks, >> >> > > I open a bug under debian bugzilla, because I'm running under debian > sid. I think the bug will follow up, isn't it ? > The Debian maintainer will have to open a bug on our bugzilla [1] You can save his time, and open a bug on our bugzilla too, and point the debian bugzilla entry to ours [2]. [1] http://bugs.clamav.net Best regards, --Edwin ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] [0.0] Re: Stop it!
>>>I am thankful that the underlying spirit of providing good quality >>>software to those who can't really afford it is not tainted by people >>>with attitudes like yours. >> >- Charles< > >>Respect. I have to agree 100% on your very (too ?) polite expression. >>Good software simply tells the user, that something is badly wrong. >>Because the system serves the user, not vice versa. >>And programmers, who do not adhere to this very simple principle, even >>refuse to accept it as a basic principle, simply are "amateur >>programmer", their products better to be called "hobby products", not >>suitable for the public. >Just out of morbid curiosity, who is holding a gun to your head forcing >you to use 'hobby products' anyway? No one is being forced to do >anything, therefore they have no discernible right to demand that the >developer of the product they are using change it to suit their own >personal likes. If this were a commercial product that they were paying >for, that might be a different story. One of the ideas behind 'open >source' software is that if you don't like it, you are free to modify >it to your liking. >It is not the operating systems job to stop the user from shooting >himself in the foot, but rather to deliver the bullet as >efficiently and expeditiously as possible. I expected OpenSource to be a real alternative to closed (proprietary, commercial) software, with the same quality standards, at least. Obviously, this is not the standard case. In case, this attitude persists, there will not be a real success. So the standard user of OpenSOurce then should be a highly trained, script- and may be even C++ capable person. Not a real recommendation. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
[Clamav-users] squid integration
Dear All, I have the following setup whcih i been using for quite some time n working fine Centos 5 squid-2.6.STABLE6-4.el5 the server is used as a proxy server recently a couple of users have complained that their pcs have been infected by virus and trojans as they experience one local intranet site not workin. when accesed there was a blank page and url was redirected to a non existing site so i installed clamav-0.94 and when i ran a clamscan it found n detected my /var/spool/squid directory had lots of files infected i did clear my cache immediately n whn i reran clamscan there was no infection detected or found 1) now i would want to intergrate squid with clamav so that clamav scans the HTTP traffic and downloaded files on the server and if detected any virus or malware or other infection blocks it at the server really apprecite if someone cd advise me how i could do the integration of clamav with squid .. or is there any other sofware i cd intergrate with squid Thanks and Regards simon -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] squid integration
Hi! On Tue, 2008-10-07 at 18:47 +0300, Benedict simon wrote: [...] > I have the following setup whcih i been using for quite some time n > working fine > > Centos 5 > squid-2.6.STABLE6-4.el5 > > the server is used as a proxy server [...] > so i installed clamav-0.94 and when i ran a clamscan it found n detected > my /var/spool/squid directory had lots of files infected > > i did clear my cache immediately n whn i reran clamscan there was no > infection detected or found > > 1) now i would want to intergrate squid with clamav so that > clamav scans the HTTP traffic and downloaded files on the server and if > detected any virus or malware or other infection blocks it at the server > > really apprecite if someone cd advise me how i could do the integration of > clamav with squid .. Google finds for "clamav squid centos" http://www.wains.be/index.php/2006/12/19/centosrhelfedora-web-proxy-antivirus-clamav/ Bernd PS: Please don't hijack threads. -- Firmix Software GmbH http://www.firmix.at/ mobil: +43 664 4416156 fax: +43 1 7890849-55 Embedded Linux Development and Services ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Stop it!
Jerry wrote: > > On Fri, 03 Oct 2008 22:12:49 -0700 > John Rudd <[EMAIL PROTECTED]> wrote: > > > > >At the very least, when the config file and options change, the ClamAV > >team should post a notice which explicitly lists (and only lists): > > > >1) new config items > >2) removed config items > >3) config items whose syntax, semantics, or options changed, and how > >4) supported but deprecated items, and what, if anything, replaced them > > > >This shouldn't just be buried in release notes, a read me file, or a > >change log. It should be in those places _TOO_, but it should also > >exist as its own stand-alone statement that any one of us can easily > >see and find. > > From my experience, if an end user refuses to RTFM, adding additional > reading material is not going to solve the problem. The needed > documentation is all ready readily available. The motivation to fetch > and read it are what is sorely lacking. I disagree. I think this would be VERY useful. Not for the people who don't want to RTFM, but for the people who would rather not have to wade through the docs and changelog to figure out if there are config changes. However, doesn't this already exist with the upgrade notes? Take a look here: https://wiki.clamav.net/Main/UpgradeNotes093 I don't know if they are this detailed on all of the releases (the notes for 0.94 don't say much), but this looks like exactly what John was asking for. -- Bowie ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] [0.0] Re: Stop it!
On Tue, 2008-10-07 at 15:19 +, reiner otto wrote: [] > >Just out of morbid curiosity, who is holding a gun to your head forcing > >you to use 'hobby products' anyway? No one is being forced to do > >anything, therefore they have no discernible right to demand that the > >developer of the product they are using change it to suit their own > >personal likes. If this were a commercial product that they were paying > >for, that might be a different story. One of the ideas behind 'open > >source' software is that if you don't like it, you are free to modify > >it to your liking. That's somewhat the main idea IMHO. > >It is not the operating systems job to stop the user from shooting > >himself in the foot, but rather to deliver the bullet as > >efficiently and expeditiously as possible. And exactly at the point where the bullet was aimed. So the OS should provide means to point the gun where the user wants to - including (but not limited to;-) the own foot (or head for that matter). > I expected OpenSource to be a real alternative to closed (proprietary, > commercial) software, with the same quality standards, at least. "Commercial" software is not necessarily proprietary (but can also be free software). So please don't mix that constantly up. > Obviously, this is not the standard case. No, usually it's actually better for me. But that actually depends on the requirements though. > In case, this attitude persists, there will not be a real success. > So the standard user of OpenSOurce then should be a highly trained, > script- and may be even C++ capable person. If one gets the (free) software for free *and* can't live (for whatever reason) with what he/she downloaded (for free) *and* doesn't want to go the commercial way paying someone else (or a company) to do the personally needed changes/fixes/enhancements/ *and* complaining/requesting/.. doesn't help, you are completely right. Bernd -- Firmix Software GmbH http://www.firmix.at/ mobil: +43 664 4416156 fax: +43 1 7890849-55 Embedded Linux Development and Services ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Stop it!
On Tue, 7 Oct 2008, John Smith wrote: > I must say that for the disadvantaged, this has been a great debate. > However, it has missed the basic premise. The Question and Issue is that > ClamAV is failing without warning. To which the 'advantaged' respond that the warnings are in 'documentation' or in the logs, belittling the needs of a large un(der)qualified sector of the user base. It is not failing "without" warning, but without *sufficient* warning for the nature of the *whole* user base. > the basic fact that needs to be addressed is that the product is > not presenting information to the users that an error is occurring in > a way that can be readily identified as a situation to get fixed. (nod) And loud declarations of how it works for *some* does not help it work for the rest. > Failure to notify is not a feature, it is a problem. End users should > not have to resort to other means to determine that this product is > working correctly. If they do, then this product is > defective. I would not describe a highly effective and laudable piece of software as defective because there was a minor (and debatable!) oversight in its development. At this point I would join with the people who point to the pre-release status and say, "this is to be expected". What I *don't* expect is a bunch of people to say that a strong and valid suggestion to fix a shortcoming is 'lazy' because *they* have the extra time/resources to make it work for them. I'm hoping the suggestions provided help make it work for everyone. Remember the bottom line principal: Every time we do anything that limits the ability of *anyone* to understand such basic ideas as whether the product is *working*, we are giving that person a chance to get a virus, and to *spread* that virus. Even if *we* (select your own peer group) are "safe", we would still suffer the loss of bandwidth caused by too many infeced machines. It is in *all* our interests, even those I label as 'advantaged', to make this software as EASY and RELIABLE as possible. I think that covers that. :) - C ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Stop it!
Bowie Bailey wrote: > Jerry wrote: >> From my experience, if an end user refuses to RTFM, adding additional >> reading material is not going to solve the problem. The needed >> documentation is all ready readily available. The motivation to fetch >> and read it are what is sorely lacking. > > I disagree. I think this would be VERY useful. Not for the people who > don't want to RTFM, but for the people who would rather not have to wade > through the docs and changelog to figure out if there are config changes. Let me help avoid prevent wading: diff new-config old-config There - now you know what changed, no wading. Happy to help with this very serious source of arduous effort. dp ... who has no doubt this is still too much work for some people who think of themselves as admins ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Stop it!
John Smith wrote: > On 2008/10/7 Charles Gregory wrote: >> We only 'demand' the right to have our suggestions heard in their proper >> context, and not held up against the idealistic standards of the lucky >> few. > > I must say that for the disadvantaged, this has been a great debate. > However, it has missed the basic premise. The Question and Issue is that > ClamAV is failing without warning. > So does Oracle, Apache, Python, Perl, MySQL, and a zillion other products. Dead processes are widely accepted to not be chatty. Pardon my Dennis Miller moment here, but I'm going to go ahead and blame the admin if a critical process dies and they don't know about it. dp ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
[Clamav-users] Clamscan file.rar
Hi, I have a problem: When I run "/usr/bin/clamscan -i -r --max-recursion=15 --no-summary $DIRECTORY" I get the following error: "UNRAR: rar_malloc(): Attempt to allocate 4294967294 bytes." Someone could help me? Thank you all in advance. Best Regards -- []'s Thiago Henrique Network Administration Digirati Networks K8 Networks ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Stop it!
Dennis Peterson wrote: > So does Oracle, Apache, Python, Perl, MySQL, and a zillion other > products. Dead processes are widely accepted to not be chatty. Pardon my > Dennis Miller moment here, but I'm going to go ahead and blame the admin > if a critical process dies and they don't know about it. You are (as usual) utterly missing the point. The ClamAV developers have asked to make a policy change that makes upgrading easier. They politely asked to have a bug report opened. They seem willing to make the change. It's little effort for them, will make many users happier, and will have absolutely no effect on you. Yet you, as a non-ClamAV-developer, are ranting about sysadmin incompetence and completely ignoring the real issue. The change DOES NOT AFFECT YOU in the slightest. So what the HECK is your problem? -- David. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Stop it!
Dennis Peterson wrote: > Bowie Bailey wrote: > > Jerry wrote: > > > > From my experience, if an end user refuses to RTFM, adding > > > additional reading material is not going to solve the problem. > > > The needed documentation is all ready readily available. The > > > motivation to fetch and read it are what is sorely lacking. > > > > I disagree. I think this would be VERY useful. Not for the people > > who don't want to RTFM, but for the people who would rather not > > have to wade through the docs and changelog to figure out if there > > are config changes. > > Let me help avoid prevent wading: > > diff new-config old-config > > There - now you know what changed, no wading. > > Happy to help with this very serious source of arduous effort. > > dp ... who has no doubt this is still too much work for some people > who think of themselves as admins That should do a good job of telling you about the NEW options. I'm not sure how well it will work for obsolete options. I guess it depends on how verbose the devs are in the config file when they change the options. This method also has the disadvantage of requiring you to install the new version before you can see the changes (or at least opening up the tarball to pull out the new config file). However... as I pointed out in my previous email, it appears that we already have what is being requested in the upgrade notes in the wiki. The wiki page is linked from the download page on ClamAV.net. So as long as the devs continue to update these notes as they did for v0.93, everything is good. -- Bowie ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Stop it!
On Tue, 7 Oct 2008, Dennis Peterson wrote: > > I disagree. I think this would be VERY useful. Not for the people who > > don't want to RTFM, but for the people who would rather not have to wade > > through the docs and changelog to figure out if there are config changes. > Let me help avoid prevent wading: > diff new-config old-config (sarcasm) Diff? What's a diff? I don't see a 'diff' in my e-mail. I don't see a 'diff' on my desktop. What do I click? (/sarcasm) That's sarcasm for *me*, but not for the hundreds of small office users who have paid someone a few bucks to 'set it up for them'. One last time: ClamAV is DISTINCT from other software packages in that a user cannot just install a 'stable' version and use it. New releases are not *just* enhancements or refinements or bug-fixes, but often include *critical* changes to the 'engine' that *need* to be installed to assure continued protection against all the new viruses. And for this reason, people who would otherwise only update their software manually (and with all due diligence) maybe once or twice a *year*, moving from one 'stable' version to another, have to regularly update their ClamAV, and the only practical way to do that for many users is *automatically*. All your goof-ball sarcastic suggestions do NOTHING to address this reality, and all the whining about how 'wrong' it is to update software automatically does not change the fact that it is the best compromise for a large number of small systems. If you can't deal with it, at least take your arrogance and parade it somewhere else, where the arrogant elite pat each other on the back. If someone found a way to make your 'diff' suggestion workable for the non-admins who have to 'watch' their servers for 'something going wrong', you would end up with nothing less complicated than the suggested 'watchdog' programs to e-mail users when clamd crashes or errors. And the watchdog would be more generic. > Happy to help with this very serious source of arduous effort. You are the overflowing milk of human kindness. Must be chocolate milk, because it has a distinct brown color. > dp ... who has no doubt this is still too much work for some people who > think of themselves as admins CG ... who has not doubt that the work is not only 'too much', but not at all understood by people who "should not" be responsible for mail servers, but for some reason, STILL ARE. -- So sorry, my karma ran over your dogma. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Stop it!
On Tue, 7 Oct 2008, Dennis Peterson wrote: > > However, it has missed the basic premise. The Question and Issue is that > > ClamAV is failing without warning. > So does Oracle, Apache, Python, Perl, MySQL, and a zillion other > products. Dead processes are widely accepted to not be chatty. You're a 'troll', aren't you? Sitting at your keyboard and making up witty 'true' but otherwise nonsensical arguments over and over, blithely ignoring (or probably you just don't read) the previous postings. I covered this one already. I'm not repeating myself. Go troll someplace else. - C ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Stop it!
On Tue, 7 Oct 2008, David F. Skoll wrote: > Yet you, as a non-ClamAV-developer, are ranting about sysadmin incompetence > and completely ignoring the real issue. The change DOES NOT AFFECT YOU in > the slightest. So what the HECK is your problem? Well, now that you make me think about it, there is a really strong undertone of someone trying to *justify* their job to their employer. I have a suspicion that a lot of people are currently being employed as 'sysadmins' to 'monitor' and 'diff' systems for hours each week when their employers could more wisely invest their money in a high-end automated system requiring far less oversight. If ClamAV and all other packages truly became as 'easy' as most of us are advocating, dp might be out of a job. The sad irony is that, until his employer figures it out, he's doubtless making way more money than me. LOL - Charles ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Stop it!
David F. Skoll wrote: > Dennis Peterson wrote: > >> So does Oracle, Apache, Python, Perl, MySQL, and a zillion other >> products. Dead processes are widely accepted to not be chatty. Pardon my >> Dennis Miller moment here, but I'm going to go ahead and blame the admin >> if a critical process dies and they don't know about it. > > You are (as usual) utterly missing the point. > > The ClamAV developers have asked to make a policy change that makes > upgrading easier. And you've missed the point that some people here have claimed that their clamd process has silently failed and was off line for days, and other such claims. No amount of hand holding for creating config files is going to make that problem better. That requires an interested admin. > > They politely asked to have a bug report opened. They seem willing to make > the change. It's little effort for them, will make many users happier, and > will have absolutely no effect on you. And I've offered earlier an excellent example of a product that goes down that path to help create a new config or to integrate an existing config file with a newer release. Nothing wrong with that - it's a great idea. But in the absence of that, to complain that one's processes have died and mail was tempfailed because of it and that it is the vendor's problem to fix is a freaking stretch. > > Yet you, as a non-ClamAV-developer, are ranting about sysadmin incompetence > and completely ignoring the real issue. The change DOES NOT AFFECT YOU in > the slightest. So what the HECK is your problem? I have no problem, David - I simply offered a means to help empower the interested admin to avoid wading through the docs to see what has changed. I snarkily noted it would probably be too much work for some and damn if the next post didn't validate that. The gentleman truly believes it is necessary to install ClamAV in order to preview the config files. Where do ideas like that spring from? Here's my concern - I'm sharing port 25 with a lot of these people's systems as we all are, and so there is a need and I think expectation that people who have systems that connect to other's systems have a responsibility to keep their systems running properly even when a vendor is not helpful. If they are lax in such a simple thing as configuring this product what other shortcomings do their systems have? I don't run AV tools because I have a problem - I run them because others have a problem. If everyone knew what they were doing and did a good job there'd be no need for any of this. That is an impossible expectation as evidenced by comments in this thread. dp ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Clamscan file.rar
What version are you running? What OS? We need more info... On Tue, Oct 7, 2008 at 11:18 AM, Thiago Henrique <[EMAIL PROTECTED]>wrote: > Hi, > > I have a problem: > > When I run > "/usr/bin/clamscan -i -r --max-recursion=15 --no-summary $DIRECTORY" > > I get the following error: > > "UNRAR: rar_malloc(): Attempt to allocate 4294967294 bytes." > > > > Someone could help me? > > > Thank you all in advance. > Best Regards > -- > []'s > Thiago Henrique > Network Administration > Digirati Networks > K8 Networks > > > > ___ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://www.clamav.net/support/ml -- http://www.volatileminds.net ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Stop it!
Dennis Peterson Wrote: > And you've missed the point that some people here have claimed that > their clamd process has silently failed and was off line for days, and > other such claims. No amount of hand holding for creating config files > is going to make that problem better. That requires an interested admin. Maybe this will shine a different light on the issue. I personally have ClamAV running as both a service on my firewall and as a desktop application (ClamWinAV). For my desktop, I have watched the update logs and seen issue. My firewall is IPCOP and it has ClamAV as part of the system. It updates and does not display errors through an automated process. I admit that I am still learning to control this beast, but having it fail with no notification is scary (at best) and dangerous (at worst). I am a very good Windows admin but just learning Linx Admin via IPCOP and the inclusion of a very good AV that has such a good community of developers and support is critical. That being said, it does not help me to find when and if the firewall's ClamAV (clamd) is failed without opening the firewall daily to determine if it is still going. Furthermore, failures because of changes in the config file are beyond my understanding of this installation and would require several days of research (which I don't have) just to understand enough to make the change. >I don't run AV tools because I have a problem - I run them because >others have a problem. If everyone knew what they were doing and did a >good job there'd be no need for any of this. That is an impossible >expectation as evidenced by comments in this thread. I agree that a good AV is the reason we are here. Automation or no, we as both consumers and admins need to have an easy way to see that there is an issue. In a previous comment, it was suggested that the Wiki would be a good place to put update information. Most non-technical people don't go to wiki unless they have a problem. And since the product does not let us know that there is a problem (until it crashes), we are not likely to go looking. While I have learned a lot in this thread, the issue is still that the problem (major to us or minor to you) is a silent failure that leads to unscanned emails. Please, let me say that I have no intention of starting a pointing contest of this product vs. that product. I only mentioned IPCop because I use it and it has been very good at updating and keeping within the current version of Clamd. John. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] [0.0] Re: Stop it!
Jerry wrote: > > It is not the operating systems job to stop the user from shooting > himself in the foot, but rather to deliver the bullet as > efficiently and expeditiously as possible. If that were true, we wouldn't have things like protected memory, chroot jails, etc. in our operating systems, as those all interfere with all sorts of "bullets". What you're describing is the "caveman" approach to providing systems and services. And, over time, the discipline has evolved to understand that that's actually a rather counter-productive mindset. Every level of the computing infrastructure provides safe guards to prevent people from doing exactly what you've said: shooting themselves in the foot. The idea that the OS shouldn't be participating in that is outdated, and ignorant. The idea that each application developer doesn't also have a role to play in those protections is of a similarly out-of-date and out-of-touch mindset. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Stop it!
Bowie Bailey wrote: > > However, doesn't this already exist with the upgrade notes? Take a look > here: > https://wiki.clamav.net/Main/UpgradeNotes093 > > I don't know if they are this detailed on all of the releases (the notes > for 0.94 don't say much), but this looks like exactly what John was > asking for. That one is a GREAT example of what I'd like to see for every release that affects the config file. And, you'll notice that the other "Upgrade Notes" pages make no mention of such changes. If that's all there was, those Upgrade Notes pages, and they were consistently annotated with these sort of changes (in every release), and the location was well advertised, I'd be happy with it. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Stop it!
John Smith wrote: > > Dennis Peterson Wrote: >> And you've missed the point that some people here have claimed that >> their clamd process has silently failed and was off line for days, and >> other such claims. No amount of hand holding for creating config files >> is going to make that problem better. That requires an interested admin. > > Maybe this will shine a different light on the issue. I personally have > ClamAV running as both a service on my firewall and as a desktop application > (ClamWinAV). For my desktop, I have watched the update logs and seen issue. > > My firewall is IPCOP and it has ClamAV as part of the system. It updates > and does not display errors through an automated process. > > I admit that I am still learning to control this beast, but having it fail > with no notification is scary (at best) and dangerous (at worst). As I've pointed out many processes die quietly. ClamAV is not unique in any way in this regard. My response to that for the last 30 years is to write or implement existing tools that monitor critical processes and notify if there are failures. Those same monitors attempt to restart the process and oft times this is successful. In any event, in my business I am finally responsible for the safety of my customers and that is something I take very seriously - even on weekends. With the tools we have available to us today there is no reason a failed process should remain a secret. dp ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Stop it!
Dennis Peterson wrote: > > With the tools we have available to us today there is no reason a failed > process should remain a secret. > Which does not explain the push-back on having the applications/services/daemons provide better documentation and triggers for helping that effort, instead of immediately attacking the OP as though they're an inadequate sysadmin for having requested that higher level of participation from the application/service/daemon authors. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Stop it!
John Rudd wrote: > Dennis Peterson wrote: > >> With the tools we have available to us today there is no reason a failed >> process should remain a secret. >> > > Which does not explain the push-back on having the > applications/services/daemons provide better documentation and triggers > for helping that effort, instead of immediately attacking the OP as > though they're an inadequate sysadmin for having requested that higher > level of participation from the application/service/daemon authors. For my part I'm only kvetching about admins who become helpless when these services on not included in the box. dp ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Stop it!
On Tue, 07 Oct 2008 12:07:09 -0700 John Rudd <[EMAIL PROTECTED]> wrote: > Bowie Bailey wrote: > > > > However, doesn't this already exist with the upgrade notes? Take a look > > here: > > https://wiki.clamav.net/Main/UpgradeNotes093 > > > > I don't know if they are this detailed on all of the releases (the notes > > for 0.94 don't say much), but this looks like exactly what John was > > asking for. > > That one is a GREAT example of what I'd like to see for every release > that affects the config file. And, you'll notice that the other > "Upgrade Notes" pages make no mention of such changes. Could we please kill this thread? FYI: 1. the requested functionality has been implemented in SVN (and will be included in 0.94.1): https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1213 2. this is a copy&paste of the README file from the clamav tarball (0.93-0.94): the release notes include information about changes to the config files; all of them have been posted to clamav-announce@ 0.94 Sourcefire and the ClamAV team are pleased to announce the release of ClamAV 0.94. The following are the key features and improvements of this version: - Logical Signatures: The logical signature technology uses operators such as AND, OR and NOT to allow the combination of more than one signature into one entry in the signature database resulting in more detailed and flexible pattern matching. - Anti-phishing Technology: Users can now change the priority and reporting of ClamAV's heuristic anti-phishing scanner within the detection engine process. They can choose whether, when scanning a supicious file, ClamAV should stop scanning and report the phish, or continue to scan in case the file contains other malware (clamd: HeuristicScanPrecedence, clamscan: --heuristic-scan-precedence) - Disassembly Engine: The initial version of the disassembly engine improves ClamAV's detection abilities. - PUA Detection: Users can now decide which PUA signatures should be loaded (clamd: ExcludePUA, IncludePUA; clamscan: --exclude-pua, --include-pua) - Data Loss Prevention (DLP): This version includes a new module that, when enabled, scans data for the inclusion of US formated Social Security Numbers and credit card numbers (clamd: StructuredDataDetection, clamscan: --detect-structured; additional fine-tuning options are available) - IPv6 Support: Freshclam now supports IPv6 - Improved Scanning of Scripts: The normalization of scripts now covers JavaScript - Improved QA and Unit Testing: The improved QA process now includes API testing and new library of test files in various formats that are tested on a wide variety of systems (try running 'make check' in the source directory) For more details, please refer to http://www.clamav.net/press/0.94-WhatsNew.pdf and to the ChangeLog. You may need to run 'ldconfig' after installing this version. ** This version drops the special support for Cygwin. Our QA process showed ** serious problems with ClamAV builds under Cygwin due to some low-level ** incompatibilities in the POSIX compatibility layer, resulting in unreliable ** ClamAV behaviour. -- The ClamAV team (http://www.clamav.net/team) 0.93.3 -- This release fixes a problem in handling of .cld files introduced in 0.93.2. -- The ClamAV team (http://www.clamav.net/team) 0.93.2 -- This release fixes and re-enables the Petite unpacker, improves database loading and solves some other minor issues. 0.93.1 -- This version improves handling of PDF, CAB, RTF, OLE2 and HTML files and includes various bugfixes for 0.93 issues. -- The ClamAV team (http://www.clamav.net/team) 0.93 This release introduces many new features and engine enhancements, please see the notes below for the list of major changes. The most visible one is the new logic in scan limits which affects some command line and config options of clamscan and clamd. Please see clamscan(1) and clamd.conf(5) and the example config file for more information on the new options. Most important changes include: * libclamav: - New logic in scan limits: provides much more efficient protection against DoS attacks but also results in different command line and config options to clamscan and clamd (see below) - New/improved modules: unzip, SIS, cabinet, CHM, SZDD, text normalisator, entity converter - Improved filetype detection; filetype definitions can be remotely updated - Support for .cld containers (which replace .inc directories) - Improved pattern matcher and signature formats - More efficient scanning of HTML files - Many other improvements * clamd: - NEW CONFIG FILE OPTIONS: MaxScanSize, MaxFileSize, MaxRecursion, MaxFiles - ** THE FOLLOWING OPTIONS ARE NO LONGER SUPPORTED **: MailMaxRecursion, ArchiveMaxFileSize, ArchiveMaxRecursion, ArchiveMaxFiles, ArchiveMaxCompressionRatio, ArchiveBlockMax
Re: [Clamav-users] Stop it!
On 2008/10/07 09:35 PM Tomasz Kojm wrote: > 1. the requested functionality has been implemented in SVN > (and will be included in 0.94.1): Thanks a lot Tom. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] squid integration
> Hi! > > On Tue, 2008-10-07 at 18:47 +0300, Benedict simon wrote: > [...] >> I have the following setup whcih i been using for quite some time n >> working fine >> >> Centos 5 >> squid-2.6.STABLE6-4.el5 >> >> the server is used as a proxy server > [...] >> so i installed clamav-0.94 and when i ran a clamscan it found n detected >> my /var/spool/squid directory had lots of files infected >> >> i did clear my cache immediately n whn i reran clamscan there was no >> infection detected or found >> >> 1) now i would want to intergrate squid with clamav so that >> clamav scans the HTTP traffic and downloaded files on the server and if >> detected any virus or malware or other infection blocks it at the server >> >> really apprecite if someone cd advise me how i could do the integration >> of >> clamav with squid .. > > Google finds for "clamav squid centos" > http://www.wains.be/index.php/2006/12/19/centosrhelfedora-web-proxy-antivirus-clamav/ > > > Bernd Thanks bernd, appreciate ur real quick reply i do have a small problem now i setup a fresh new centos 5.2 server with updates and when i do yum install dansguardian-av it gives the following message Loading "fastestmirror" plugin Loading mirror speeds from cached hostfile * SecurityTeamUS: repo.securityteam.us * base: centos.spd.co.il * updates: centos.spd.co.il * addons: centos.spd.co.il * extras: centos.spd.co.il base 100% |=| 1.1 kB00:00 updates 100% |=| 951 B00:00 addons100% |=| 951 B00:00 extras100% |=| 1.1 kB00:00 Setting up Install Process Parsing package install arguments No package dansguardian-av available. Nothing to do do i need to install another repo apprecitye if you cd let me know regards simon > > PS: Please don't hijack threads. > -- > Firmix Software GmbH http://www.firmix.at/ > mobil: +43 664 4416156 fax: +43 1 7890849-55 > Embedded Linux Development and Services > > > ___ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://www.clamav.net/support/ml > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > -- Network ADMIN - KUWAIT MUNICIPALITY: -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] squid integration
Benedict simon wrote: > really apprecite if someone cd advise me how i could do the integration of > clamav with squid .. > We have had great success with HAVP. Supports multiple AVs (including ClamAV of course). However, I don't think it's part of any repo. http://www.server-side.de/ -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] squid integration
--- Benedict simon <[EMAIL PROTECTED]> schrieb am Di, 7.10.2008: Von: Benedict simon <[EMAIL PROTECTED]> Betreff: [Clamav-users] squid integration An: "ClamAV users ML" Datum: Dienstag, 7. Oktober 2008, 17:47 Dear All, I have the following setup whcih i been using for quite some time n working fine Centos 5 squid-2.6.STABLE6-4.el5 the server is used as a proxy server recently a couple of users have complained that their pcs have been infected by virus and trojans as they experience one local intranet site not workin. when accesed there was a blank page and url was redirected to a non existing site so i installed clamav-0.94 and when i ran a clamscan it found n detected my /var/spool/squid directory had lots of files infected i did clear my cache immediately n whn i reran clamscan there was no infection detected or found 1) now i would want to intergrate squid with clamav so that clamav scans the HTTP traffic and downloaded files on the server and if detected any virus or malware or other infection blocks it at the server really apprecite if someone cd advise me how i could do the integration of clamav with squid .. or is there any other sofware i cd intergrate with squid Thanks and Regards simon Have a look at www.dansguardian.org Although dansguardian mainly is for content filtering, you can configure it to use ClamAV for virus scanning, and no filtering at all. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] [0.0] Re: Stop it!
On Tue, 07 Oct 2008 12:02:59 -0700 John Rudd <[EMAIL PROTECTED]> wrote: >Jerry wrote: >> >> It is not the operating systems job to stop the user from shooting >> himself in the foot, but rather to deliver the bullet as >> efficiently and expeditiously as possible. > >If that were true, we wouldn't have things like protected memory, >chroot jails, etc. in our operating systems, as those all interfere >with all sorts of "bullets". > >What you're describing is the "caveman" approach to providing systems >and services. And, over time, the discipline has evolved to >understand that that's actually a rather counter-productive mindset. > >Every level of the computing infrastructure provides safe guards to >prevent people from doing exactly what you've said: shooting >themselves in the foot. The idea that the OS shouldn't be >participating in that is outdated, and ignorant. > >The idea that each application developer doesn't also have a role to >play in those protections is of a similarly out-of-date and >out-of-touch mindset. Your rambling diatribe is meaningless. The OS's job is to do what the user instructs it to do. If, and that is a big if, AI ever becomes a 100% accurate reality, I might be persuaded to change my mind. Until then, no. What you are, or should be referring to are software packages which may, but are certainly not required too, have some safeguards built in to protect fools from themselves. Unfortunately, nothing is fool proof to the properly motivated fool. I absolutely guarantee that no matter what route the developers take on this question, someone will still bitch that the solution is still "To Hard" or "To Complicated", or "FILL IN YOUR OWN PROBLEM" for them to comprehend and implement. God forbid that they actually RTFM and learned how to do their job competently. That is the problem with today's work force. Everyone (well not everyone per se) wants great rewards with minimal effort. Even worse, the minimal is too much for some. -- Jerry [EMAIL PROTECTED] When a lion meets another with a louder roar, the first lion thinks the last a bore. George Bernard Shaw signature.asc Description: PGP signature ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Stop it!
On Tue, 7 Oct 2008 14:01:53 -0500 "John Smith" <[EMAIL PROTECTED]> wrote: > > >Dennis Peterson Wrote: >> And you've missed the point that some people here have claimed that >> their clamd process has silently failed and was off line for days, >> and other such claims. No amount of hand holding for creating config >> files is going to make that problem better. That requires an >> interested admin. > >Maybe this will shine a different light on the issue. I personally >have ClamAV running as both a service on my firewall and as a desktop >application (ClamWinAV). For my desktop, I have watched the update >logs and seen issue. > >My firewall is IPCOP and it has ClamAV as part of the system. It >updates and does not display errors through an automated process. > >I admit that I am still learning to control this beast, but having it >fail with no notification is scary (at best) and dangerous (at worst). > >I am a very good Windows admin but just learning Linx Admin via IPCOP >and the inclusion of a very good AV that has such a good community of >developers and support is critical. > >That being said, it does not help me to find when and if the firewall's >ClamAV (clamd) is failed without opening the firewall daily to >determine if it is still going. Why don't you install an application to monitor the daemon. Some can be accessed via the web, while most will email you if something goes wrong. Most will automatically restart the failed application. >Furthermore, failures because of changes in the config file are beyond >my understanding of this installation and would require several days of >research (which I don't have) just to understand enough to make the >change. I know you are not going to like this; however, if you cannot take the time to learn the application, then maybe you should not be running it at all. I most certainly hope you are responsible for yourself and no other unfortunate users. >>I don't run AV tools because I have a problem - I run them because >>others have a problem. If everyone knew what they were doing and did >>a good job there'd be no need for any of this. That is an impossible >>expectation as evidenced by comments in this thread. > >I agree that a good AV is the reason we are here. Automation or no, >we as both consumers and admins need to have an easy way to see that >there is an issue. Again, install a daemon monitor. >In a previous comment, it was suggested that the Wiki would be a good >place to put update information. Most non-technical people don't go >to wiki unless they have a problem. And since the product does not >let us know that there is a problem (until it crashes), we are not >likely to go looking. Define: PROBLEM -- If it is incorrectly configured, the problem can usually be localized to the user sitting in the chair in front of the monitor. >While I have learned a lot in this thread, the issue is still that the >problem (major to us or minor to you) is a silent failure that leads to >unscanned emails. > >Please, let me say that I have no intention of starting a pointing >contest of this product vs. that product. I only mentioned IPCop >because I use it and it has been very good at updating and keeping >within the current version of Clamd. > >John. Seriously John if you are going to start with a new product, one that you readily admit you have not got a working knowledge of, you have got to RTFM. Create a jail and place your new program in it and then fire it up. Check the logs, see what is happening under the hood. Try different configurations until you get the desired results. Once you have stress tested your application, then move it into your production machine. Anything less, and you are asking for trouble. If you are the only user, then you can pretty much only screw yourself. However, if others depend on you, then that is a totally different story. -- Jerry [EMAIL PROTECTED] Hell's broken loose. Robert Greene signature.asc Description: PGP signature ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] [0.0] Re: Stop it!
>Unfortunately, nothing is fool proof to the properly motivated fool.< One of my customers, from a big international airline, I developed some SW for, told me: "There is nothing like users fault". After some thinking, I had to admit, he was right. There is only the fault of the programmer, not to think about it. But, may be, this attitude nowadays is a bit out of fashion. Forgive me, I am only an old-fashioned German engineer. And SW-developer. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Stop it!
Jerry Wrote: >Seriously John if you are going to start with a new product, one that >you readily admit you have not got a working knowledge of, you have got >to RTFM. Create a jail and place your new program in it and then fire >it up. Check the logs, see what is happening under the hood. Try >different configurations until you get the desired results. Once you >have stress tested your application, then move it into your production >machine. Anything less, and you are asking for trouble. If you are the >only user, then you can pretty much only screw yourself. However, if >others depend on you, then that is a totally different story. Thank you Jerry for those kind words of wisdom. However, I too am a full time developer and have placed it in a Jail (home network) just for that reason. I am in the process of stress testing and learning how it works. The issue is not my configuration, or even my lack of knowledge as it is an add-on included in the firewall. It is that there is a limited manual (i.e. RTFM) that has been difficult to find and some are harder to understand on many open-source project.This one is no exception in that it is all on a wiki that I could not find until today when I finally saw a posting to it. I would like to point out that I happened into this use through a 3rd party that was kind enough to point out the advantages of ClamWin and IPCOP as a firewall. Just to stress my point, the manual and wiki are for the Unix/linux version and not the ClamWin version. IPCop has it buried in an add-on and has removed most of the configuration options. And it restarts whenever the Clamd service fails. I will take all the blame for my own faults (which are many) but feel it necessary to point out that the use of 3rd party tools to keep track of an application is FAULTY at best and BROKEN at worst. Microsoft has held the office community captive for years with the desktop application that "Needs" a server running in the background to make it more than a glorified typewriter. >Why don't you install an application to monitor the daemon. Some can be >accessed via the web, while most will email you if something goes wrong. >Most will automatically restart the failed application. But the need to buy or get another product to keep track of my current product is like adding a chase vehicle to watch your trailer because your truck doesn't have mirrors configured properly. It works for the rich who have others to drive the car and money to pay for it. It does not work for the poor who are limited and don't have the resources. The truth is... (1) we buy computers to work harder... (2) we buy servers to link the computers in network... (3) we buy AV to protect the servers and the computers on the network (4) we buy firewalls to protect our network because the AV is limited... (5) we buy other software to watch the AV and firewalls because they can't be trusted to do their jobs. ... When does it stop How big does our house of cards need to get before we start thinking about what we are advocating >Define: PROBLEM -- If it is incorrectly configured, the problem can usually >be localized to the user sitting in the chair in front of the monitor. If your going to be critical (which I do not want to be or have been), I am not the only one running IPCOP (test or production) and just to be clear; the ability to restart a service who is silently failing because of a configuration file does not solve the problem, IT ONLY HIDES IT. Oh, and just for your information, I have been "Testing" these products for 6 months without issue. But with the inclusion of needing to find, get, and test even another package to "Watchdog" the process. I am not sure that I can readily advise any of my customer base to switch at this time. I will just have to keep testing. John. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] 0.94 and 0.94-exp
On Tuesday 07 October 2008, Török Edwin wrote: > This has already been fixed: > https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1174 Ok, thanks. -- Regards, Sergey ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
