Re: [clamav-users] Malware miner, new one : Linux.BtcMine.174
Hi all! n 23/11/2018 23:23, Gilles Mioni wrote: [...] > How to uninstall it if it's found on system ? As with every other virus/malware/...: You don't "uninstall" it - you reinstall the system from scratch. MfG, Bernd -- Bernd Petrovitsch Email : be...@petrovitsch.priv.at LUGA : http://www.luga.at ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] /bin/mkdir: cannot create directory ‘/run/clamav’: File exists
Hi all! On 17/10/2018 19:36, Dino Edwards wrote: [...] > "Hey I noticed the "-" prefix in "ExecStartPre=-/bin/mkdir /run/clamav" line. > This does not indicate a problem, but rather a warning letting you know that > the directory already exists. You don't have anything to worry about" FWIW but changing that to "ExecStartPre=/bin/mkdir -p /run/clamav" should silence the "directory already exists" case (and it doesn't return an error value). MfG, Bernd -- Bernd Petrovitsch Email : be...@petrovitsch.priv.at LUGA : http://www.luga.at ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Why are the ClamAV team so slow at creating signatures ?
On Mon, 2014-10-06 at 15:21 +0100, Tim Smith wrote: > > but call paid prebuildt software always better is not correct, but mostly > > just marketing > > What rubbish... ClamAV always lags behind the commercial vendors in > any comparative you wish to mention. > > The majority of well established vendors will also do a better job of > detecting and pushing out definitions as it seems that ClamAV is > reactive, not proactive on the definitions front Well, as with all free software/opens source, you can help to speed it up. [...] > Seriously, why should I mess around with creating virus signatures, > its a waste of my time. To get them earlies/fster into ClamAV? [...] > it very quickly removes the attractiveness of the product. 80% of > people using your open-source project won't have the knowledge, time > or inclination to hack together their own virus definitions At least that is the same with the proprietory vendors: Then you you get what they feel to deliver to you. Bernd -- "I dislike type abstraction if it has no real reason. And saving on typing is not a good reason - if your typing speed is the main issue when you're coding, you're doing something seriously wrong." - Linus Torvalds ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] clamav-milter making strange files in my root
On Son, 2013-12-08 at 23:46 -0500, Scott Galambos wrote: > I'm trying to install clamav 0.97.8 on Linux box and after almost every > reboot I'm seeing some strange files in my root. > > central x64(/): ls -l -a > total 182K > drwxr-xr-x 24 root root 4.0K Dec 8 00:59 ./ > drwxr-xr-x 24 root root 4.0K Dec 8 00:59 ../ > drwxr-xr-x 2 root root 4.0K Dec 6 00:59 bin/ > ... stuff ... > drwxr-xr-x 2 root root 12K Dec 5 04:09 sbin/ > dr-xr-xr-x 11 root root 0 Dec 7 20:50 sys/ > drwx-- 3 root root 4.0K Dec 8 01:49 temp/ > drwxrwxrwt 13 root root 41K Dec 7 08:45 tmp/ > drwxr-xr-x 16 root root 4.0K May 13 2013 usr/ > drwxr-xr-x 14 root root 4.0K Dec 6 03:18 var/ > -rw-r- 1 root root 33 Dec 7 08:26 \340\020\320 > -rw-r- 1 root root 33 Dec 6 21:20 \340\020\371 > -rw-r- 1 root root 33 Dec 7 04:43 \3400\342\001 > -rw-r- 1 root root 33 Dec 6 23:07 \340P\272 > -rw-r- 1 root root 33 Dec 7 05:50 \340\240\024\002 > -rw-r- 1 root root 33 Dec 6 21:37 \340\240q > -rw-r- 1 root root 33 Dec 6 06:12 \340\320\254\001 > -rw-r- 1 root root 33 Dec 8 00:59 \340\340I\002 > -rw-r- 1 root root 33 Dec 7 08:46 \340\340\206\001 > > So I take a closer look and each one says "Killing the monitor and > stopping". This string is found in clamav-milter. Specificially > clamav-milter/connpool.c. Is this an attempt to log to syslog? I'm > running syslog-ng, not syslog but that was never a problem before. > > Any know why this is happening? How do I stop or fix it? First major fault: Run clamav-milter as some normal user and especially not as "root". Bernd -- Bernd Petrovitsch Email : be...@petrovitsch.priv.at LUGA : http://www.luga.at ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
Re: [clamav-users] System plays the "William Tell Overture"
On Die, 2013-11-26 at 16:47 -0700, Dave Pitts wrote: [...] > Like at 4:30pm MT every day. It may play at other times. But, I can't say. Check the crontabs. Check if someone logs in at that time every time. Bernd -- Bernd Petrovitsch Email : be...@petrovitsch.priv.at LUGA : http://www.luga.at ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
Re: [clamav-users] System plays the "William Tell Overture"
On Die, 2013-11-26 at 16:47 -0700, Dave Pitts wrote: [...] > Like at 4:30pm MT every day. It may play at other times. But, I can't say. Check the crontabs. Check if someone logs in at that time every time. Bernd -- Bernd Petrovitsch Email : be...@petrovitsch.priv.at LUGA : http://www.luga.at ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
Re: [clamav-users] Compiler error: 7z/Types.h:58: redefinition of `Byte'
On Mon, 2013-09-23 at 15:33 +0100, Francis Stevens wrote: > I have also hit this compilation issue, also on an old RedHat system. > Looking in the sources for the file libclamav/7z/Types.h for 0.97.8 > there are some edits that seem to be working around this issue which > don't appear in the corresponding Types.h file for 0.98. The diff > output is a bit long so here are the relevant bits... > > at line 13 > > /* aCaB -- lame workaround for "Byte" refef */ > #include > > at line 46 > > /* aCaB -- use Byte defined in zconf.h > typedef unsigned char Byte; > */ > > making these changes to the Types.h file with 0.98 enables the compile > to complete. > > I have compiled 0.98 on CentOS6.4 without issues so this is probably > related to the gcc version or some such. Just for the record/archives/Google: That has nothing to do with gcc, the version or any C compiler. There are 2 typedef's for the same type name and that is a bad thing in C. They seem to come from 2 different packages but that doesn't matter. If both (or all;-) are identical, it is a safe thing to comment n-1 out. The #define as proposed above may lead to strange error messages - especially if the #define is seen by the preprocessor before the "typedef" BTW the really cute solution if someone needs types with a defined size (which is perfectly reasonable) is to #include (which exists since ages in the civilized world) and use int8_t, uint8_t and similar instead of homegrown "byte", "Byte", "uchar" or others - see also http://pubs.opengroup.org/onlinepubs/007904975/basedefs/stdint.h.html. Bernd -- Bernd Petrovitsch Email : be...@petrovitsch.priv.at LUGA : http://www.luga.at ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
Re: [clamav-users] Obfuscated IP address.
On Mon, 2011-09-19 at 12:40 -0400, Bowie Bailey wrote: > On 9/19/2011 12:16 PM, Michael Orlitzky wrote: > > On 09/19/11 12:04, Bowie Bailey wrote: > >> He is not trying to match the IP address. He is trying to match an > >> unusual way of presenting the IP address that seems to occur primarily > >> in spam. > >> > >> Whether this is something that should be done in ClamAV or would be > >> better done by something like SpamAssassin is another question altogether. > >> > > Fair enough. I was just unhappy with the idea that "0.0.0.1" is somehow > > less obfuscated than "1". > > I would tend to say that "1" is fairly well obfuscated. Most people -- > even most technical people -- would not immediately see that as an IP > address. We have been conditioned to see IP addresses as XX.XX.XX.XX. That's the whole problem as both are legal and correct (as in RFC-compliant) form. And you want to flag it as "spam"? > And while there are other valid ways of displaying an IP address, most > people will not immediately recognize a number or series of numbers as > an IP address if it is not in the familiar dotted-quad notation. But in the context of http://0.0.0.1/ or http://1/ most people should only think: Is this an IP address or a hostname? And it makes no real sense to have syntactically illegal links in spam mails. So the obfuscation so IMHO more for the tools to avoid matches on blacklists of domains and IP addresses. No, one should really extend the blacklist checks to the not so well known forms and not only dotted-quads. Bernd -- Bernd Petrovitsch Email : be...@petrovitsch.priv.at LUGA : http://www.luga.at ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] (no subject)
On Mon, 2010-04-19 at 17:28 -0700, Dennis Peterson wrote: [...] > The question wasn't directed to my but I'd like to see them be more selective > as > to who should be allowed to use this product. Maybe an IQ test. No. Everyone should be allowed to shoot in the foot - with free/open source or proprietary software. Bernd -- Bernd Petrovitsch Email : be...@petrovitsch.priv.at LUGA : http://www.luga.at ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] GTUBE test pattern not being picked up
On Fri, 2009-09-25 at 09:46 +1000, James Brown wrote: > ClamAV does not pick up the GTUBE test pattern. Install SpamAssassin for that. > GTUBE - the Generic Test for Unsolicited Bulk Email. > > This is one of the tests that nospamtoday uses. See: > http://www.nospamtoday.com/emailsecurity/ Probably because it's not ClamAV's job to detect unsolicited bulk or commercial email but to detect malware/viruses/trojan horses. BTW you really want a distinct defined test for each tool - otherwise you can't really check them all. Bernd -- Firmix Software GmbH http://www.firmix.at/ mobil: +43 664 4416156 fax: +43 1 7890849-55 Embedded Linux Development and Services ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Duplicate Clamd Processes
Hi mailinglist, On Mit, 2009-09-23 at 11:44 -0500, Dan Denton wrote: [...] > I've got an RHEL 3 server (yes, I know...) running clamd on generic > hardware. When I start clamd, it appears two processes are created. > None of my other systems do this (RHEL 4 and 5 systems). I didn't > notice this happening until a couple days ago when nagios started > alerting low memory on the system. > > Whenever I start the process by invoking clamd and specifiying the > config file, it starts without error. When I run top, it shows two > processes with separate PID's running, using the same amount of > resources. When I do a "ps -ef", it only shows one of them. If do a > kill on the second unseen PID, it kills them both. > > Can anyone tell me if this is something RHEL 3 has always done and I > just haven't noticed it, or is this out of the norm? That's smells like RHEL3 ist using linuxthreads (and not the more current NTPL) -> http://en.wikipedia.org/wiki/Native_POSIX_Thread_Library Bernd -- Firmix Software GmbH http://www.firmix.at/ mobil: +43 664 4416156 fax: +43 1 7890849-55 Embedded Linux Development and Services ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Upgrade very old Clamav
On Mon, 2009-05-25 at 16:57 +0200, Bernd Petrovitsch wrote: [...] > Yes, saw these on other packages from F11 and I hadn't time to figure > out how to circumvent that (which is the main reason for using F10 FWIW, it's here http://www.devheads.net/linux/fedora/development/fedora-11-epel-5-md5-issue.htm explained and there some kind of solution there. Bernd -- Firmix Software GmbH http://www.firmix.at/ mobil: +43 664 4416156 fax: +43 1 7890849-55 Embedded Linux Development and Services ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Upgrade very old Clamav
On Tue, 2009-05-26 at 01:33 -0700, martinnitram wrote: [...] > Just wonder, if use EPEL repository src rpm, why don't use the binary rpm > from repo directly? Never tried that recently. If I have to guess: missing dependencies, need for newer packages, some packages may have been renamed and proper "obsoletes" are missing, ... Yes, all that is a packaging/distribution issue (and not an application/ClamAV issue). BTW I tried to rebuild http://download.fedora.redhat.com/pub/epel/5/SRPMS/clamav-0.95.1-1.el5.src.rpm on FC4 and it wants a "fedora-usermgmt-devel" package (which doesn't exists there). Commenting out the 2 lines in the .spec file makes the package build. No, I didn't try to run it. Waiting for 0.95.2 to have a reason for an update. > BTW, some of servers of our clients also running FC3, which using the > source tar from clamav.net, seem work so far so good. We run it (also) on RHEL3 (and didn't notice any problems). No, I don't remember on which RedHat/Fedora that was based. RHEL/CentOS3 needs a few more simple tweaks - bintulis are far older there. [ Fullquote deleted ] Bernd -- Firmix Software GmbH http://www.firmix.at/ mobil: +43 664 4416156 fax: +43 1 7890849-55 Embedded Linux Development and Services ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Upgrade very old Clamav
On Mon, 2009-05-25 at 07:19 -0500, M. Lewis wrote: > Bernd Petrovitsch wrote: > > On Mon, 2009-05-25 at 06:22 -0500, M. Lewis wrote: > >> I have a client who for a variety of reasons is still running Fedora > >> Core 3. I know he has worse problems that Clamav being out of date with > > > > I'm doing the same on Fedora Core 4. > > > >> this, but I'm wondering if there is a way to get Clamav up to date on > >> this system. > > > > Find a recent clamav-*.src.rpm (from Fedora 10 or whatever) and > > `rpmbuild --rebuild` it und `rpm -Uvh` it > > This would appear to be the easiest solution? In theory, yes. In practice, there is often more than one .src.rpm package per application. And now to reality;-): On Mon, 2009-05-25 at 07:50 -0500, M. Lewis wrote: > Bernd Petrovitsch wrote: > > On Mon, 2009-05-25 at 06:22 -0500, M. Lewis wrote: [...] > > Find a recent clamav-*.src.rpm (from Fedora 10 or whatever) and > > `rpmbuild --rebuild` it und `rpm -Uvh` it > > I downloaded clamav-0.95.1-1.fc11.src.rpm from > ftp://rpmfind.net/linux/fedora/development/source/SRPMS/clamav-0.95.1-1.fc11.src.rpm > > I'm getting the following errors: > > [r...@host ~]# rpmbuild --rebuild clamav-0.95.1-1.fc11.src.rpm > Installing clamav-0.95.1-1.fc11.src.rpm > warning: user mockbuild does not exist - using root > warning: group mockbuild does not exist - using root These are harmless - just ignore. > error: unpacking of archive failed on file > /usr/src/redhat/SOURCES/README.fedora;4a1a91dd: cpio: MD5 sum mismatch > error: clamav-0.95.1-1.fc11.src.rpm cannot be installed > > I downloaded the file a second time just to insure it was not corrupted > in the transfer. Results were the same. Yes, saw these on other packages from F11 and I hadn't time to figure out how to circumvent that (which is the main reason for using F10 packages ). http://download.fedora.redhat.com/pub/epel/5/SRPMS/clamav-0.95.1-1.el5.src.rpm (from the EPEL repository - Fedora packages ported to RHEL/CentOS) should work with "old" rpm binaries. > I realize now I'm getting into a RedHat specific question and may need > to move this to a RedHat list. Yes, that's a Fedora issue. Bernd -- Firmix Software GmbH http://www.firmix.at/ mobil: +43 664 4416156 fax: +43 1 7890849-55 Embedded Linux Development and Services ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Upgrade very old Clamav
On Mon, 2009-05-25 at 06:22 -0500, M. Lewis wrote: > I have a client who for a variety of reasons is still running Fedora > Core 3. I know he has worse problems that Clamav being out of date with I'm doing the same on Fedora Core 4. > this, but I'm wondering if there is a way to get Clamav up to date on > this system. Find a recent clamav-*.src.rpm (from Fedora 10 or whatever) and `rpmbuild --rebuild` it und `rpm -Uvh` it > Previously all upgrades were done via RPM, which of course has not been > possible for a long time. Unless you build the few you really need updated yourself. > If I were to remove the existing clamav (clamav-0.88.7-1) and install > the current version from source, are the libraries and all there that > are needed to compile the current version on this old machine? I would > think probably they are not, but I'd like to confirm this with someone > more knowledgable. clamav-0.95.1 runs and works AFAICS with libs from FC4. So I would try it on FC3 similarly. Bernd -- Firmix Software GmbH http://www.firmix.at/ mobil: +43 664 4416156 fax: +43 1 7890849-55 Embedded Linux Development and Services ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Upgrade very old Clamav
On Mon, 2009-05-25 at 13:54 +0200, aCaB wrote: [] > you you have gcc 2.95 or less, then forget about compiling it. You will FC4 has gcc-4.0.2. So FC3 should have a gcc-3. Just do `rpm -q gcc` or `yum install gcc` and see what it has/delivers. Bernd -- Firmix Software GmbH http://www.firmix.at/ mobil: +43 664 4416156 fax: +43 1 7890849-55 Embedded Linux Development and Services ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Stop it!
On Die, 2008-10-07 at 13:19 -0400, Charles Gregory wrote: > On Tue, 7 Oct 2008, Dennis Peterson wrote: > > > I disagree. I think this would be VERY useful. Not for the people who > > > don't want to RTFM, but for the people who would rather not have to wade > > > through the docs and changelog to figure out if there are config changes. > > Let me help avoid prevent wading: > > diff new-config old-config > > (sarcasm) > Diff? What's a diff? I don't see a 'diff' in my e-mail. > I don't see a 'diff' on my desktop. What do I click? > (/sarcasm) > > That's sarcasm for *me*, but not for the hundreds of small office users > who have paid someone a few bucks to 'set it up for them'. These users should complain to those who 'set it up for them'. I don't see the smallest reason for the rest of the world to *fix* problems for free which where originally created by someone being paid for the real job[0]. If paying for the initial installation and configuration wasn't a problem, it is not for support and/or for upgrades or at least a crash course in "how do I check and fix vanishing config options" (which should actually be included with the basic installation). Accept it or not but software installation/upgrade is nothing anyone should do unless he/she is prepared to also repair any breakage through it. It's just the simple matter of responsibility for one's own actions. Bernd [0]: Do you buy a car and reasonably expect that someone[1] will service it every 6 months for you for free and do all the dirty work on it and you can just watch TV during that time? [1]: In the best case that "someone" is actually motor mechanic working at car producers factory. -- Firmix Software GmbH http://www.firmix.at/ mobil: +43 664 4416156 fax: +43 1 7890849-55 Embedded Linux Development and Services ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] [0.0] Re: Stop it!
On Tue, 2008-10-07 at 15:19 +, reiner otto wrote: [] > >Just out of morbid curiosity, who is holding a gun to your head forcing > >you to use 'hobby products' anyway? No one is being forced to do > >anything, therefore they have no discernible right to demand that the > >developer of the product they are using change it to suit their own > >personal likes. If this were a commercial product that they were paying > >for, that might be a different story. One of the ideas behind 'open > >source' software is that if you don't like it, you are free to modify > >it to your liking. That's somewhat the main idea IMHO. > >It is not the operating systems job to stop the user from shooting > >himself in the foot, but rather to deliver the bullet as > >efficiently and expeditiously as possible. And exactly at the point where the bullet was aimed. So the OS should provide means to point the gun where the user wants to - including (but not limited to;-) the own foot (or head for that matter). > I expected OpenSource to be a real alternative to closed (proprietary, > commercial) software, with the same quality standards, at least. "Commercial" software is not necessarily proprietary (but can also be free software). So please don't mix that constantly up. > Obviously, this is not the standard case. No, usually it's actually better for me. But that actually depends on the requirements though. > In case, this attitude persists, there will not be a real success. > So the standard user of OpenSOurce then should be a highly trained, > script- and may be even C++ capable person. If one gets the (free) software for free *and* can't live (for whatever reason) with what he/she downloaded (for free) *and* doesn't want to go the commercial way paying someone else (or a company) to do the personally needed changes/fixes/enhancements/ *and* complaining/requesting/.. doesn't help, you are completely right. Bernd -- Firmix Software GmbH http://www.firmix.at/ mobil: +43 664 4416156 fax: +43 1 7890849-55 Embedded Linux Development and Services ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] squid integration
Hi! On Tue, 2008-10-07 at 18:47 +0300, Benedict simon wrote: [...] > I have the following setup whcih i been using for quite some time n > working fine > > Centos 5 > squid-2.6.STABLE6-4.el5 > > the server is used as a proxy server [...] > so i installed clamav-0.94 and when i ran a clamscan it found n detected > my /var/spool/squid directory had lots of files infected > > i did clear my cache immediately n whn i reran clamscan there was no > infection detected or found > > 1) now i would want to intergrate squid with clamav so that > clamav scans the HTTP traffic and downloaded files on the server and if > detected any virus or malware or other infection blocks it at the server > > really apprecite if someone cd advise me how i could do the integration of > clamav with squid .. Google finds for "clamav squid centos" http://www.wains.be/index.php/2006/12/19/centosrhelfedora-web-proxy-antivirus-clamav/ Bernd PS: Please don't hijack threads. -- Firmix Software GmbH http://www.firmix.at/ mobil: +43 664 4416156 fax: +43 1 7890849-55 Embedded Linux Development and Services ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] [0.0] Re: Stop it!
On Tue, 2008-10-07 at 05:12 +0200, Colin Alston wrote: > On 2008/10/07 12:05 AM Jerry wrote: > > Just out of morbid curiosity, who is holding a gun to your head forcing > > you to use 'hobby products' anyway? No one is being forced to do > > anything, therefore they have no discernible right to demand that the > > developer of the product they are using change it to suit their own > > personal likes. > > Regardless of your despicable description of Clam, people do have a Which was only a quote BTW. > discernible right to make suggestions however they are expressed. The problem with impolite suggestions worded as an order and/or whining about missing features is that they tend to be ignored. > Clearly you have very little experience in Open Source. He has probably more than most from the old-school business world - long living free/open-source software didn't (and doesn't IMHO) come into existence just because someone "suggested" somewhere something (in whatever wording). It came into existence (and is developed further) by being programmed - either from scratch or as patch to existing source. Of course if you pay someone to do this, then there are other rules too. Bernd -- Firmix Software GmbH http://www.firmix.at/ mobil: +43 664 4416156 fax: +43 1 7890849-55 Embedded Linux Development and Services ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Stop it!
On Mon, 2008-10-06 at 11:37 -0400, Charles Gregory wrote: > On Sat, 4 Oct 2008, Dennis Peterson wrote: > > Hopefully they're not running mail servers on the Internet elsewise they > > could easily be considered derelict in their responsibilities. > > Ah. Yes, I must be 'derelict' because there is only ONE sysadmin (me) and > I go home on weekends? > > Heck, I'm not even the 'worst case' you should worry about. I check for > failures over the weekend. But there are many home-grown servers out > there, particularly in small offices, that are completely unattended over > weekends. They are run by very good, intelligent, but NON-technical people > who bring in a tech guy to set it all up for them, and then have that tech > guy check up on the system "occasionally". If they have an obvious > problem, they call their tech guy to "come in". But there is never > anything 'obvious' about ClamAV aborting. That's the argument here. What could be more obvious than simply stopping to work? OK, sending emails before "exit()"? If you are lucky, the MTA stops to deliver mail. So nowadays people will probably check it after 2 hours. The root cause of the whole problem is: Don't take it personally but I won't let such "users" install or upgrade software if they don't even remotely check afterwards that the upgrade/install worked[0]? Please remember that the whole thread started with "it breaks after an upgrade of ClamAV". > They could go for *weeks* not knowing their ClamAV has failed silently. BTW if they don't notice for weeks, it probably wasn't not that important though. Again no point Bernd [0]: Let alone on a Friday. -- Firmix Software GmbH http://www.firmix.at/ mobil: +43 664 4416156 fax: +43 1 7890849-55 Embedded Linux Development and Services ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Stop it!
On Sat, 2008-10-04 at 13:30 +0200, Colin Alston wrote: [] > I'm not all that interested if you have time for that. I don't, and > neither do most end users regardless of your opinion about their > intellect or ability. To put it simple and direct: If you don't have time to read the documentation, why should anyone have the time to think and implement to make it unnecessary for you the RTFineM? Bernd -- Firmix Software GmbH http://www.firmix.at/ mobil: +43 664 4416156 fax: +43 1 7890849-55 Embedded Linux Development and Services ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Stop it!
We are getting somewhat off-topic but: On Fre, 2008-10-03 at 20:56 +, reiner otto wrote: [] > Agreed. Unfortunately, this is a general problem with OpenSource. > As a programmer for already over 30 years, I am still wondering that > the terms "Usability, user-friendliness, egoless-programming" are not More egoless than open-source software is probably not possible. > very well known in the OpenSource Community. Well, I'm sure you are to submit patches for all of these for you important features. > Probably, because this is "old-fashioned". No, mainly because if people are programming stuff primarily for fun in their free-time, there are more rewarding challenges than supporting old features or making upgrades plug-n-play for other. Open-source is about: *You* want something? Then write patch (or do whatever is necessary to get it done) *yourself* or *you* find (and motivate, e.g. with money) someone to do it for *you*. Whining on public mailing lists usually doesn't help. Bernd -- Firmix Software GmbH http://www.firmix.at/ mobil: +43 664 4416156 fax: +43 1 7890849-55 Embedded Linux Development and Services ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Stop it!
On Sam, 2008-10-04 at 22:38 +0200, Colin Alston wrote: > On 2008/10/04 10:15 PM Bernd Petrovitsch wrote: > >> users to sit and audit each change. On Ubuntu for example there can be > >> as many as 30 to 50 updates a week. > > > > Using a desktop distribution on a server was *your* decision. And you > > really *must* upgrade that much? > > Probably not really. > > It's an example, don't get personal. > > Life works like this: Upstream -> Distribution -> Users There are several different distributions (if one counts the large ones only). Some are there own distributors (e.g. because the run it on an old distribution). Some users have actually external people doing that. So what? > Expecting everyone to manage splintered code bases instead of their > distribution when they don't like something is unreasonable. I'm not a > distribution, and I don't intend to be one. Then you have to choose from the existing ones. > ClamAV is complicated by the fact that it needs to update its > database. I already explained that I can't keep to the distribution > releases because the current database causes the 'stable' release to > break. > > Are you telling me that my choice is either to have ineffective virus > signatures or spend the rest of time maintaining a whole new package? No, just contribute some script (in time) which comments out the killed options. Or probably even simpler: Write a patch to add an option, command-line parameter, whatever for "Die on unknown options" (but keep syslog-ging and fprintf(stderr) etc.). So everyone can choose the desired behaviour. Problem solved. > Why not just fix the problem at the source, then everyone benefits? Yes, please fix your problem at the source. But please don't tell others to fix your problems. > >> ClamAV isn't the only thing sys-admins have to look after. > > > > So you try now to move *your* work to someone else for free? > > Please get real. > > This particular problem is a project management culture, not something Everyone can improve that (or at least help to it). > that particularly interesting code patches. Bernd -- Firmix Software GmbH http://www.firmix.at/ mobil: +43 664 4416156 fax: +43 1 7890849-55 Embedded Linux Development and Services ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Stop it!
On Sam, 2008-10-04 at 17:29 -0300, Aecio F. Neto wrote: > On Sat, Oct 4, 2008 at 5:15 PM, Bernd Petrovitsch <[EMAIL PROTECTED]> wrote: > > > > > users could take the appropriate action ASAP instead of finding out or > > > > having to check the logs on an hourly basis for problems. > > > > > > You're (by you I mean everyone agreeing here with how ClamAV fails) > > > assuming users install packages. That's old fashioned. > > > Most people distribute updates with Puppet and such tools > > > automatically. With a largely complex system (which a good mail system > > > > And it was *their* decision to do so. > > And it was *their* decision to actually use the free as in beer ClamAV > > in the first place. Perhaps these people should move to a commercial > > virus-scanner where such problems probably do not happen. > > That's one kind of argument I cannot stand for. Sorry, but that are facts. > Because one decide to use a "free as in free beer" software one must suffer > due this decision. If you want to call it that way, then yes. And you have to suffer the same way from it as you "suffer" from the it-doesn't-cost-you-anything. Not that I can speak for the ClamAV people but most of the free software projects accept your help to fix things which annoy you. > "Ah, you choose clamav: now you will be doomed". > Why? > Why free software has to be harder (or with more problem) than a commercial > one and one must accept that? > > That's the kind of argument that takes people away from free/open source > software. Do you mean "free as in beer" or "free as in speech" software? > Free/Open source softwar should be as nice as any other commercial - or not > - software out there. > There are great software - free or not - and bad software - free or not. Since it is free (as in speech) software, you have the source and you can improve it. > I cannot agree with this myth that commercial software is better than free. No one said or implicated that. There are aspects which are better with commercial software and others are betters "free as in beer" software. And there are aspects which are better with proprietory software and others are betters "free as in speech" software. Which aspects are (most) important to you, is your decision. > There are bad and good software. > I consider ClamAV an excellent software and this thread is an example that > it can be improved. There are hundreds of ways to improve ClamAV. The question is: Which of these will be done by you (or anyone else)? Bernd -- Firmix Software GmbH http://www.firmix.at/ mobil: +43 664 4416156 fax: +43 1 7890849-55 Embedded Linux Development and Services ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] [0.6] ClamAV watchdog scripts (was Re: Stop it!)
On Fre, 2008-10-03 at 16:56 -0400, Charles Gregory wrote: > On Fri, 3 Oct 2008, David F. Skoll wrote: > > That's not Clam's fault. On our product, if Clam dies, then mail is > > tempfailed. > > I suppose you have 24/7 tech support. We go home on weekends. I don't need > to tempfail all mail until Monday for a config deprecation. So with Well, it's probably better to not update in Friday (and Thursday) in the first place. SCNR > respect, this is one case where ClamAV should *not* die Bernd -- Firmix Software GmbH http://www.firmix.at/ mobil: +43 664 4416156 fax: +43 1 7890849-55 Embedded Linux Development and Services ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Stop it!
On Fre, 2008-10-03 at 20:37 +0200, Colin Alston wrote: > On 2008/10/03 05:57 PM James Kosin wrote: > > Colin Alston wrote: > >> I've had enough now, and I want all you ClamAV people to listen up. > > > > Hay, maybe the packagers could write a script or something to indicate a > > problem with the current configuration when it is being installed. Then Hey, maybe people who absolutely need a seamless upgrade will do that. > > users could take the appropriate action ASAP instead of finding out or > > having to check the logs on an hourly basis for problems. > > You're (by you I mean everyone agreeing here with how ClamAV fails) > assuming users install packages. That's old fashioned. > Most people distribute updates with Puppet and such tools > automatically. With a largely complex system (which a good mail system And it was *their* decision to do so. And it was *their* decision to actually use the free as in beer ClamAV in the first place. Perhaps these people should move to a commercial virus-scanner where such problems probably do not happen. > can very easily be) the amount of man hours required to audit change > logs of every single update with the frequency of updates required for > tools specific to security (which ClamAV certainly is) is simply not > feasible. You're asking on top of the distribution maintainers for end The problem is that that is *your* primary job as an admin to do exactly that. If you can't do it, find someone who can do it. > users to sit and audit each change. On Ubuntu for example there can be > as many as 30 to 50 updates a week. Using a desktop distribution on a server was *your* decision. And you really *must* upgrade that much? Probably not really. > While many (well, all) package management tools *do* have > configuration upgraders, they can only do so well at trying to > negotiate a merge between custom configurations and your own. This > doesn't work well at all in automation. > > ClamAV isn't the only thing sys-admins have to look after. So you try now to move *your* work to someone else for free? Please get real. Bernd -- Firmix Software GmbH http://www.firmix.at/ mobil: +43 664 4416156 fax: +43 1 7890849-55 Embedded Linux Development and Services ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Non-Windoze Viruses
On Die, 2008-04-01 at 16:21 +1300, Steve Holdoway wrote: [...] > Well, ignoring the ensuing flame war as to whether a worm is a virus > ( it certainly is in this context! ), the first ever virus was unix > based. And Microsoft Windows hadn't been invented yet. Or linux. But the Unix world learned that lesson well - and never forgot it IMHO. Bernd -- Firmix Software GmbH http://www.firmix.at/ mobil: +43 664 4416156 fax: +43 1 7890849-55 Embedded Linux Development and Services ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Re: Question on SUNWbzip and SUNWbzipx on Solaris 10
Sorry for being off-topic (and risking to feed a troll): On Mon, 2006-03-27 at 22:36 -0800, Dennis Peterson wrote: > [EMAIL PROTECTED] wrote: > > At 10:16 PM 3/27/2006, you wrote: > > > >> [EMAIL PROTECTED] wrote: [...] > >> That's what my license says - and I paid for it. IP theft is never ^^^ > >> irrelevant. At least in the laws of continental Europe there is no such thing as "IP theft" (and I doubt it exists in anglo-american jurisdiction either) - only in the propaganda wording and advertisements of companies which live from managing so-called "IP rights". > > not all the licenses for solaris 9 are the same. do your research first > > before you suggest I or anyone else is engaging in IP theft. > > I'm using Sol 9 commercially. I'm not a student. I'm not exploring it > for possible inclusion in my world. I'm using it in a business. > Therefore I have to pay for it and I did. It's the law. If I had not I You should decide if you speak about the law (as such) or your personal contracts/licenses which may even be partially or completely void if they don't comply to the law as such. Mixing up those things doesn't do anyone any good. > would be engaging in IP theft. I didn't say you were engaging in IP > theft. There is no way I can determine that. What you understood in what ^ Neither can we or some lawyer - the only one who "determines" that is the judge in court. Could you please stop the false propaganda (from the "pro total IP business" camp) and all other misleading claims. [...] Bernd -- Firmix Software GmbH http://www.firmix.at/ mobil: +43 664 4416156 fax: +43 1 7890849-55 Embedded Linux Development and Services ___ http://lurker.clamav.net/list/clamav-users.html