Re: [clamav-users] Introducing OpenSSL as a dependency to ClamAV
On Fri, 28 Feb 2014 12:00:00 -0500 clamav-users-requ...@lists.clamav.net wrote: There are only a few of reasons I can imagine that SSL (OpenSSL) would be a *required* addition to ClamAV: 1. A "better" way of signing signature downloads than whatever is currently done (not sure what that is, if anything). 2. A mechanism to secure the CLAMD port to restrict LAN access (pretty far-fetched). 3. A mechanism to encrypt signature downloads so that you have to pay if you want the latest and greatest (like for Snort). 4. A mechanism to encrypt signatures to keep them pretty much secret from the users of ClamAV. I would be quite disappointed if ClamAV turned its back on the spirit of GPL software by charging for signature data (#3 above, like Snort has done). I would find it quite unacceptable if ClamAV signatures could no longer even be examined to see what they detect (#4 above), as this would mean that ClamAV had effectively become Closed Source. > Message: 5 > Date: Thu, 27 Feb 2014 15:55:55 -0800 > From: Dennis Peterson > To: clamav-users@lists.clamav.net > Subject: Re: [clamav-users] clamav-users Digest, Vol 113, Issue 18 > Message-ID: <530fd08b.6010...@inetnw.com> > Content-Type: text/plain; charset=ISO-8859-1; format=flowed > > On 2/27/14, 3:43:08PM, Paul Kosinski wrote: > > The blog post concerning OpenSSL being required for ClamAV only > > has one reason as to why it might *benefit* ClamAV, the other > > reasons are why OpenSSL *itself* in good. > > > > That single reason is: > > > >"We will be able to provide a better freshclam experience in a > >future release." > > > > What exactly does this mean? (The phrase "freshclam experience" is > > marketing speak, not a technical explanation.) > > > > Since adding complexity to a system tends to increase bugs and > > decrease security, I am leery of seeing ClamAV become even more > > complicated than it already has become. > > > > Paul > > I took it to mean there is a cloud on the horizon like they have > for Snort. > > http://www.snort.org/snort-rules/ > > Instead of Oinkcode you get gastrocode. > > dp ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
Re: [clamav-users] No more updates since march 1st
On Mar 2, 2014, at 11:19 PM, Mischa Coenen wrote: > I have noticed that the last update of the ClamAV database was at 01 Mar 2014 > 16-54 -0500, after that I didn't see any new updates. Are there issues with > releasing new updates? Weekends are always slow, so I wouldn’t get too excited unless you still haven’t seen something by mid-day tomorrow. -Al- -- Al Varnell Mountain View, CA ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
Re: [clamav-users] No more updates since march 1st
On Mar 2, 2014, at 11:19 PM, Mischa Coenen wrote: > I have noticed that the last update of the ClamAV database was at 01 Mar 2014 > 16-54 -0500, after that I didn't see any new updates. Are there issues with > releasing new updates? Weekends are always slow, so I wouldn’t get too excited unless you still haven’t seen something by mid-day tomorrow. -Al- -- Al Varnell Mountain View, CA ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
[clamav-users] No more updates since march 1st
I have noticed that the last update of the ClamAV database was at 01 Mar 2014 16-54 -0500, after that I didn't see any new updates. Are there issues with releasing new updates? A couple of months ago I have seen the same issue that no new updates were released, and after a post on the maillinglist it resumed again. Updating the database seems to me a very important for a virus scanner, but isn't it internally checked for issues? Thanks. ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
Re: [clamav-users] Keeping the ClamAV process open?
On 3/2/14, 7:55 PM, Scott Snow wrote: I'm working on a MapReduce project using Amazon's EC2. The only bottleneck I have is that it takes ~35-40 seconds to scan each file, which seems very high. I'm using a c program as a wrapper for ClamAV, which takes a single file and the mode. Does anyone know approximately how long it takes to initialize ClamAV and load the virus db? Would it be possible to just keep the ClamAV process loaded/running? I've been searching quite a bit, but haven't found anything so far. If anyone has any other suggestions for optimization, that would be appreciated as well. I'm not very familiar with ClamAV. Thanks. You need to use clamd, the daemon process. The client is clamdscan. It will open a tcp or local socket connection to clamd and pass the file info across. dp ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
[clamav-users] Keeping the ClamAV process open?
I'm working on a MapReduce project using Amazon's EC2. The only bottleneck I have is that it takes ~35-40 seconds to scan each file, which seems very high. I'm using a c program as a wrapper for ClamAV, which takes a single file and the mode. Does anyone know approximately how long it takes to initialize ClamAV and load the virus db? Would it be possible to just keep the ClamAV process loaded/running? I've been searching quite a bit, but haven't found anything so far. If anyone has any other suggestions for optimization, that would be appreciated as well. I'm not very familiar with ClamAV. Thanks. ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
Re: [clamav-users] Heuristics.Phishing.Email.SpoofedDomain false-positive
Comment about this feature, which I've never turned on before. I flipped it on, for a single mail router in a pool of 9. Over the course of a day and MANY messages, it tripped for only 4 messages, all of which seem legit. So I'm turning it back off. ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
Re: [clamav-users] Introducing OpenSSL as a dependency to ClamAV
I need to correct myself on this. The version of OpenSSL that Apple includes in the current OS X is 0.9.8y 5 Feb 2013. I now see that the previously reported version was add by me from MacPorts. -Al- On Feb 28, 2014, at 2:56 AM, Al Varnell wrote: > > On Wed, Feb 26, 2014 at 08:08 AM, Joel Esler (jesler) wrote: >> On Friday last week I put a blog post up about introducing OpenSSL into the >> ClamAV ecosystem. I wanted to make sure everyone saw it, so please have a >> look at the blog post here: >> >> http://blog.clamav.net/2014/02/introducing-openssl-as-dependency-to.html > > > Just thought I'd throw this out from the OS X world. > > OpenSSL was officially deprecated by Apple with OS X 10.7 in favor of Common > Crypto and Security Transforms (and you probably all know what that did for > them this weekend). OpenSSL v1.0.1f is still included in the library so I > don't anticipate any immediate issues for developers or users, but we'll have > to wait for a ClamAV® developer release to be certain and there's no telling > how long Apple will continue to include it. After that I'm sure there will > be ports available that can be adapted. ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml