Re: [Clamav-users] You have been unsubscribed from the clamav-users mailing list
> > Forcefully unsubscribing people is not a fair way to silence them. > Not > > even > > explaining why is even worse. > > > > Maybe somebody of you will reply "Welcome to world!", but this > doesn't > > make > > you any better at all. > > > Could it be that there where bouncing emails because of the downtime > you had? Which downtime? I didn't have any downtime at all. Who is in charge of administering the list server? > > met vriendelijke groet, > > Maurice Lucas > > TAOS-IT > > Paulus Buijsstraat 191 > 2613 HR Delft > www.taos-it.nl > KvK Haaglanden nr. 27254410 > > Denk aan het milieu; is het afdrukken van deze e-mail echt > noodzakelijk? ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] You have been unsubscribed from the clamav-users mailing list
Forcefully unsubscribing people is not a fair way to silence them. Not even explaining why is even worse. Maybe somebody of you will reply "Welcome to world!", but this doesn't make you any better at all. Giampaolo ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] The EOL tweets
> Quoting Giampaolo Tomassoni : > > > In 6 months there were many clamav updates. I would have put the > > Signature updates, yes, but not code updates. To make any changes, > you need code updates, not signature updates. Of course I meant code updates. How can you change the signature update code otherwise? In 6 months there were at least 0.95.3 (2009-10-28) and 0.96 (2010-03-21). I meant them. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] EOL
> Giampaolo Tomassoni wrote: > >> In response to your example, that was a DOS attack and is illegal. > >> Microsoft updates have causes systems including servers to fail and > >> crash, should you be petitioning to have Microsoft prosecuted under > >> this law? > >> > > > > It happens. > > > > Anyway, the fact is that you keep comparing two different thing. The > fact > > that an *occasional* old system in bad shape breaks because of an > update is > > not the same as an update meant to break old systems. > > > > > > And please keep in mind that the EOL problem could easily and > inexpensively > > be circumvented. No excuse, then. > > > Good Morning Giampaolo, > > We are never going to agree so .. I have moved on. > I sincerely hope your's and your colleagues systems are back to running > and that they continue to do so for a long time. To me, your move doesn't seem far enough from the mudding neck you already show. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Thanks for the weekend entertainment
> Giampaolo, you're one of us. You may have a dissenting opinion, but > otherwise you're level headed and logical and seem to have some passion > for your job. So, you're cool in my book. Thank you, Cody, for your good words: I needed some... :) Giampaolo ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] EOL
> In response to your example, that was a DOS attack and is illegal. > Microsoft updates have causes systems including servers to fail and > crash, should you be petitioning to have Microsoft prosecuted under > this law? It happens. Anyway, the fact is that you keep comparing two different thing. The fact that an *occasional* old system in bad shape breaks because of an update is not the same as an update meant to break old systems. Microsoft of course knows that every and each update they ship is potentially going to break some old bix, but I believe they are putting every feasible effort in keeping numbers low. This is not only because of people possibly filing a law suit against them, but because every system broken by an update is a very bad return in terms of corporate image. As I already said, when 95, 98, me and 2k went at EOL, Microsoft didn't send an update meant to stop them. It could mean a big class action against Microsoft. Worse, it would surely mean a huge loss of faith in the Microsoft platforms by users. Not even to mention how competitors would have ride it. This kind of loss of image is something the clamav project now shall expect (and probably deserve). Which is not my main concern, by the way: the thing I really dislike is that the open-source community as a whole will get somehow damaged by this sole clamav action. And please keep in mind that the EOL problem could easily and inexpensively be circumvented. No excuse, then. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] The EOL tweets
> On Fri, Apr 16, 2010 at 01:15:45PM +0200, Giampaolo Tomassoni said: > ... omissis ... > On Sat, Apr 17, 2010 at 03:56:38PM +0200, Giampaolo Tomassoni said: Fine. You filed your request. Now the maillist admins will decide if I was runting, there. And will take action if needed. Ok? ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] The EOL tweets
> Can the listmoms please throttle or remove this guy? This is roughly > 50 > messages containing the same rant over the last several days. There is > no argument that needs to be spread over that much email and waste that > much of everyone's time. Would you please show me the 50 messages you speak about? Thanks. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] The EOL tweets
> Obviously neither side of the discussion can be convinced. It would > possibly be a good idea to through in some more general thoughts about > GPL'ed software. > If I understood RMS' basic intention right he is all for the freedom of > the _user_. This basically means no software vendor or supplier should > have the power to dismiss a running system only because he thinks it is > the right thing to do. This can only be a users' choice. And it is his > choice _not_ to listen to the supplier and do updates or whatever. Right. I agree with you. > Following this thought it was no good idea to bring the ancient > services down only to make people update. That is exactly what GPL is > _not_ about. > Nobody can and should drive a supplier of GPL'ed software to deliver > ultimate support. It is his choice to stop supporting certain versions. > But that can be handled in a user-friendly way, too. > And really, the whole idea of eol'ing GPL software is really violating > the moral ground. And that is what makes people upset. Right, right. Absolutely right. Also, in this specific case some work-arounds to the problems were both feasible and inexpensive. I can understand that the team of an open-source product would even decide to break things when at a corner. But this wasn't really the case. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] The EOL tweets
> Hello Giampaolo Tomassoni, Hello Michelle, > It depends on what youmean with "five small companies". > > Here I have a bunch of such small companies with 3-5 employees... > where > I maintain the Intranet-Server. And since they are All-In-One- > Systems, one failure could take down the whole system and > because they are expensive, those small enterprises have not > even reserve systems laying around. > > I have to take care about it. > > also there are some customers which install there onw Debian Systems > and use me only a "Debian GNU/Linux Consultant" and the know, they > hat to be carefuly because there income depends on it... This is the situation I was spotting out. > You say you have mailinglists and customers called you? No. I was speaking about a couple of fellows who consulted me because the systems they assemble and sell (which are some kind of SuSE-based mailing and faxing systems) broke and they weren't immediately able to get them back working: some of these SuSE stuff run 10.1 which have gcc 4.1.0 at best, and clamav 0.96 doesn't ./configure there. > I do not want to be you customer after reading your messages here > in this Mailinglsts, because I show, you have not a singel clue > about importance of software parts... I'm still waiting for you to show something, moron. Giampaolo > > Thanks, Greetings and nice Day/Evening > Michelle Konzack > Systemadministrator > > -- > # Debian GNU/Linux Consultant > ## >Development of Intranet and Embedded Systems with Debian GNU/Linux > > itsyst...@tdnet France itsyst...@tdnet UG > (haftungsbeschränkt) > Gesch. Michelle Konzack Gesch. Michelle Konzack > > Apt. 917 (homeoffice) > 50, rue de Soultz Kinzigstraße 17 > 67100 Strasbourg/France 77694 Kehl/Germany > Tel: +33-6-61925193 mobil Tel: +49-177-9351947 mobil > Tel: +33-9-52705884 fix > > <http://www.itsystems.tamay-dogan.net/> > <http://www.flexray4linux.org/> > <http://www.debian.tamay-dogan.net/> > <http://www.can4linux.org/> > > Jabber linux4miche...@jabber.ccc.de > ICQ#328449886 > > Linux-User #280138 with the Linux Counter, http://counter.li.org/ ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] What mental midget shut down my server?
> >> Why is it ridiculous? You could have configured you server to send > >> the > >> mail in case of ClamAV failure and yet you did not? Why? > > > > Know what? I didn't even need to. > > > > And you are still missing the point. Hope you don't do the same with > > your > > life. > > > > Giampaolo > > > > See, this is where we disagree, I do not miss the point and say you > miss the point. The point is, if mail getting through is 'critical', > configure you mail system to send mail in case of milter failure. If > the power goes out for a short period and takes down your server is > the power companies fault? or yours for not providing adequate power > backup? And no, do not take this as another tangent to argue over it > is an analogy to show that you could have planned for this when you > configured your system. Don't panic: I reasonably planned for all of these cases. I'm still believing that teaching happens in places which is not this mailing list. I'm also thinking you are not wise enough to teach me something I don't know. Oh, by the way: I also don't like people like you, because you're the kind of person who tries to charge others of responsibilities which are at least debatable. And because you keep mudding to put people in a bad light. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] The EOL tweets
> But you have not been forced to go to bleeding edge. 0.95 is outdated > but still receives the updates OK. In all development there comes a > time when you have to break with compatibility in order to achieve the > results you desire. The ClamAV team felt that this was the time. Incompatibility doesn't mean to break things. To me, it means that db updates would be unavailable for old systems. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] The EOL tweets
> None, and what you be doing next month when the new signatures came > out and those same unpatched systems 'failed'? According to the way I see it had to be, those unpatched systems would simply don't get any update. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] The EOL tweets
> >>> What if your PS3 stops working because the maker thinks it is a > too-old model to still go? > >> > >> A fine question. Let's suppose a certain old PS3 model has a > serious > >> manufacturing defect, such that it can overheat and catch fire. > > > > Which is not our case... > > You suggested the analogy. I meant you're entering in the field of safety against personal injuries. It is not the case. You can't match a non-working PS3 model with a flaming one. > >> Six months later, Sony releases a new game which happens to really > beat > >> on the PS3 and is pretty likely (or even dead-certain) to cause > >> machines which have this problem to catch fire. Should Sony release > >> firmware which causes the PS3 to refuse to run this game? > > > > No, they should not. Period. One runs its own life the way he/she > likes. > > Evidently, both the ClamAV folks and Sony disagree with your position. > However, since you've also clearly made up your mind on this matter, I > won't argue further. Again, you are trying to cast a matter in a very different one. I can understand that putting the user's life in danger can make a difference (but personally still think I would not ship the new firmware). But this is simply not the case. > Please fork ClamAV into your own project, perhaps called OstrichAV-- > for those who wish to hide from what they consider to be unreasonable > software updating policies-- and you may provide the world with virus > definition updates in a fashion that will support all versions of your > fork of the software, as best you can, indefinitely. > > [ If this doesn't seem fair to expect of you, then it's time to re- > evaluate your own expectations vis-a-vis ClamAV ] Well, Chuck. I'm going to take the simple way and re-evaluate the ClamAV project, instead. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] The EOL tweets
> > > > Wasn't it better to simply let these system go the way they were used > to? > > > > What's the difference from the clamav standpoint? > > The ClamAV developers want to continue on with things they way they are > used to. They don't want to overhaul their update system just so they > can continue to support a version of the software which is rapidly > becoming less usable. > > You proposed that the change the way that 0.96 updates. Fine, that > could have been done. But what about 0.95? Which is arguably the most > deployed version at this moment. It was first released on 2009-03-23, > and the last update was made 2009-10-28. It properly handles > incremental updates of large signatures, and will continue to need new > signatures for a while longer. 0.96 was just released on 2010-03-31. > > There's no way to stop updates for 0.94 and below, while still > providing > updates for the heavily used 0.95, even if changes were made for 0.96. In 6 months there were many clamav updates. I would have put the current.cvd1 trick early in one of them, then I would have waited enough time to allow distributions and users to deploy it, then I would have stopped dns responses to the current.cvd branch, and finally I would have started distributing new signatures. I don't know exactly how large is the problem, but if it is, this is something that can still be done, supposed freshclam is still working. But this would now imply a huge amount of traffic in order to distribute a new database with old signatures, if at all possible. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] The EOL tweets
> > I see you're quite far from it at the moment, since you are trying to > > drive people to think that complains are only from bad sysadms. I > > can't of course speak for others, but I'm complaining because of the > > bad light in which the ClamAV team put open-software with the 0.96 > > case. > > To paraphrase your statement that you are only complaining because of > this unproven accusation that ClamAV is somehow putting FOSS in peril, > "When someone says its not the money but the principal, you can bet > your bottom dollar it is the money." In other words, you are trying to > move off center and refocus on alleged damage that the ClamAV > action(s) have caused. In other words, you've fear. You're are in the management, right? Typical. > Actually, I take the opposite stance. Team > ClamAV has taken a bold move forward. Right toward the trashcan. > By refusing to back port every > conceivable enhancement to their product, they will be able to focus on > producing a more robust product. They didn't do this. I mean, your staff didn't do this. Your staff had 6 months to implement a very simple and inexpensive solution to workaround all the troubles your "bold move" could do to their users. > Microsoft spent billions of dollars > back porting every conceivable improvement to their system just to > placate the winny-weaners (you know the type) that expect everyone to > cater to their demands. This lead to a less than robust Internet > Explorer offering. Now that they have openly stated that the unreleased > IE9 will not work on WinXP, a ten year old OS, those same cry-babies > are at it again. IE isn't less robust because it runs on XP instead of in some other environment. It is less robust because it have to deal with all that silly ways Microsoft followed in badly implementing W3C standards. The OS is less than an issue in robustness. It may be in security, but a robust IE implementation would be safe even on a W2k. So, what are you saying. That you're a good sysadm because you run W7? Or because you own a Mac? It is a silly reasoning. > Maybe you and them should get together and form a fan club. That is what makes me think you're in the management: you keep mudding. > > My systems, Jerry, work fine, thank you. But I had a couple of phone > > calls from some friend sysadmins (yes, I have friends colleagues. Do > > you?) who were in trouble due to ClamAV. > > My systems are functioning perfectly. Then again, I don't > procrastinate, although I have spend way to much time today on this > chat line. Of course, since none of my systems are down due to a > catastrophic AV failure, I really don't have a whole lot to do at > present. See? So is me. > > Open software shouldn't behave this way. The ClamAV team should have > > implemented ways to not screw old installation while going for its > > own way. There were feasible ways to do this, but they chose not to > > follow them. Period. > > They choose to do it in a manner that was most efficient for them. By > the way, how much did you pay for your ClamAV license? Better yet, when > ClamAV asked for public input months ago on the planned change, what > did > you contribute to the party? Right, it is a good tactic to take some other observation and use it to keep mudding. > I am willing to be nothing. You are like a > moron who doesn't vote and then bitches because the candidate they > wanted did not get elected. Which is still allowed, isn't it? ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] The EOL tweets
> > An open-source project is not supposed to change rules at will. The > license > > itself of open source software is often oriented toward this view, > such > > that > > it guarantees people to keep using software they already got, even > when the > > project becomes a completely commercial one. > > > > Wow, not even close. OSS licenses cover what you can do with the > source > code. Nothing more. Nothing less. Exactly what I meant. Many OSS licenses says you get the permanent right to run the software. If a project becomes commercial and stops free distribution, the user still have the right to use (and modify) its old copy of the software. The company now owning the project can't stop you from doing so. The company doesn't have the right to change the rules at will... Some OSS licenses impede "de facto" a migration from OSS to barely commercial, since no line of the OSS product could be used in the commercial one. But not all the OSS licenses do this. All this OSS licensing game stems from a wider philosophy, which can hardly be coded in laws or legal agreements. It is regarding the freedom of access and use of software. It was meant to contrast emerging (Microsoft) as well as consolidated (IBM, Sun) software monsters, who were willing to gain total control on the software market. I don't believe that the people who made the OSS world so interesting and important would agree on the fact that a database upgrade known to cause a functional kill would be OSS-compliant. Maybe in a court it is. Are we in a court? > And there's nothing stopping you > from > grabbing the clamav source code, rewriting freshclam to ignore updates > past > the 14th of April, and making that available to the world. *THAT* is > the > point of OSS ... you have the freedom to do whatever you want with the > source code. Right. But not because of the source code itself (that is the legal facade). That is because of the functionality it carries. Who care of some megabytes of text? > There's nothing in any OSS license that says the software will always > work, > that the software will be bug free, that all future updates will work > with > any previous version, etc. Infact there isn't. This doesn't mean that the idea of a killer update - a db update, by the way. Not a software one - would be in line with the OSS philosophy. Sure it is with licenses. Sure who put it out will rest with no worries tonight. But to me, its effects clash a bit with OSS philosophy. > > Because the open-source idea is > > all based on freedom. > > > > Not in the way you think it is. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] The EOL tweets
> > An open-source project is not supposed to change rules at will. The > > license > > itself of open source software is often oriented toward this view, > > such that > > it guarantees people to keep using software they already got, even > > when the > > project becomes a completely commercial one. > > Exactly but the ONLY thing open-source guarantees is that you will not > be charged for the source code. The fact that the community provides > binaries is a convenience for you (and the rest of us). If you chose > to build your own, you could have prevented this by modifying the > source code. Right, but it isn't that simple to me. The OS stems from the idea of wide usability and free exchange which is (was?) common in research. The basic idea was to prevent anybody to limit your option in using an OS product. The various OS licenses available nowadays are effectively only based on a matter of free access to the software, but this is because it was basically the only reasonable thing needed in a unconnected world, when you had to physically "put in the disk" to install or update something. To me, today the freedom of use of an OS package also means that any risk of impairing the usefulness of an existing installation should be reduced to a minimum. Please note this isn't stated in licenses, of course. Probably because it is unfeasible to be stated there, or because in a connected world there are many things which may go the wrong way and impair existing software. But nevertheless one of the target to which a team developing a (successful) OS product should attain, should be to keep old installations working the way they already do. It doesn't mean backward compatibility, of course. It simply means "live and let live". > > A remote kill is very dangerous to a commercially-oriented product, > > but may > > be a real disaster to an open-source one. Because the open-source > > idea is > > all based on freedom. > > They did not do a "Remote kill" They sent out one of the new style > signatures which your installed version could not handle. It is still > your responsibility as it is the responsibility of everyone who sets > up a server to ensure it DOES what they want in case of a failure. You > chose to keep the default behavior which is to block mail when it > can't be scanned and want to blame ClamAV for that. All they are > responsible for is sending out the new signatures as they had promised. But they were aware of the consequences. And they were probably aware of the fact that there were workaround which could let the new functionalities live, while letting the old installations live too. > > The ClamAV team can't act the way it did and not risk to be censured > > by the > > open-source community. > > > > If people blames you and feels betrayed by you, it is not a "sysadm > > matter"... > > > > Giampaolo > > > Yes it is, as my systems did not fail nor did anyone who bothered to > heed the warnings that clamd would STOP working and took steps to > mitigate the situation. That could be by upgrading or not accepting > new signatures or ANY other method including modifying the source code. The people who preferred clamav because it was a solution much less prone to stop due to licensing matters, may feel betrayed. Honestly, I feel more worried than betrayed. But it isn't a good feeling anyway. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] The EOL tweets
> Just one remark: Anyone Ran Linux on their PlayStation lately? > > http://en.wikipedia.org/wiki/PlayStation_3#Removal_of_.22Other_OS.22_su > pport_with_firmware_v3.21 Aaah, see? This is how things go with commercial products. This to the various iPad/iPhone etc. It is the same or even worse. Producers are trying to tighten customers to their own distribution channels. This is definitely not something I would like to see on open-source projects. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] The EOL tweets
> On Apr 16, 2010, at 1:42 PM, Giampaolo Tomassoni wrote: > >> The owner of the box. They may not be qualified to manage the > machine, > >> but computers don't plug themselves into the network-- every machine > >> belongs to someone who pays for electrical power and network > >> connectivity. > > > > What if your PS3 stops working because the maker thinks it is a too- > old > > model to still go? > > A fine question. Let's suppose a certain old PS3 model has a serious > manufacturing defect, such that it can overheat and catch fire. Which is not our case... > Let's suppose Sony starts releasing firmware updates on new games, or > via network updates, etc, which check for the presence of the defect > and produce a big red warning on the screen saying, "This machine has a > problem and it needs a human to check and fix it." They don't stop you > from playing your game, but they have been trying hard to catch your > attention. Which is probably the correct approach. > Six months later, Sony releases a new game which happens to really beat > on the PS3 and is pretty likely (or even dead-certain) to cause > machines which have this problem to catch fire. Should Sony release > firmware which causes the PS3 to refuse to run this game? No, they should not. Period. One runs its own life the way he/she likes. > >>> If nobody had to turn off freshclam, why clamscan had to stop > working? > >> > >> Sufficiently old versions of ClamAV don't work with all of the > current > >> signatures, and bugs in these old versions prevent the ClamAV team > from > >> writing more complex signatures that they would like to use. > > > > Just prevent old versions from upgrading. It is not that difficult. > > I agree with you entirely. You're welcome to roll back to the 2010-4- > 14 virus signatures before the less-than-0.95 kill switch was turned > on, and your outdated ClamAV will continue to run just fine with these > old signatures. This is feasible, but know needs some kind of human intervention. Which generally means money. Which generally means, "since you're here, replace this stuff with an Exchange Server. My friend says it is wonderful and doesn't stop. Ever!". > PS: I wonder just how strong the correlation is between people who are > complaining about this issue and ones who also don't have adequate > backups such that they actually could revert to yesterday's signature > files? -1 for me: I'm not debating for necessity. I'm doing it for a right cause! ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] The EOL tweets
> > I'm know a bit uncomfortable with the idea that the ClamAV team can > so > > easily "unplug the wire". When there are other ways to do the same > with few > > more effort, if at all, too. > > So am I. And I'm a little uncomfortable that I didn't suggest other > ways to accomplish this when they first announced this and asked > for feedback. And I'm a lot uncomfortable about all the other people > who are so upset now who also never spoke up when asked to. It is > our fault for not speaking up when asked to, for not complaining when > this was announced, for keeping quiet each time they told us repeatedly > this was coming. It is not their fault for doing something they told > us they were going to do and we didn't have the smarts to reply to or > suggest alternative to. It is our fault, so lets own up and take the > responsibility, and not blame them for our failings. Maybe you're right. I too had to pay more attention to that messages. But I didn't. Is it only our fail, then? Isn't that there is also something wrong in the reasoning behind all this? We could at least hope that our late complains may help avoiding further cases like this. > It reminds me of the people who don't vote, then complain about who > was elected... Which, by the way, is allowed anyway (at least in my country). ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] The EOL tweets
> > This is not a matter of missing upgrades. This is a matter of > proactively > > breaking running systems. > > Exactly. They proactively broke the scanner so people would know why > it > broke, rather than letting it die with nothing more than an obscure > malformatted hexstring error. Wasn't it better to simply let these system go the way they were used to? What's the difference from the clamav standpoint? ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] The EOL tweets
> And you are free to do so, just as the developers are free to release > signatures that do not work with older versions. That is ALL that > happened. In doing so, clamd fails to be able to properly read the > database and fails. Things are a bit more complex, because I see the problem of long signatures was known to the team well before the 15. There were both time and capacity to avoid any unwanted side effect. But the team choose to disregard them. > >> There have been numerous pieces of software that I have used over > the > >> years that have died on the vine and no longer suitable for new > >> systems. Do I rant at them that they MUST provide me with a new > >> version, no, I deal with it. Either building my own from sources or > >> moving on to a new piece of software. > > > > This is not a matter of missing upgrades. This is a matter of > > proactively > > breaking running systems. > > They didn't, YOU did. You failed to properly configure your email to > handle a failure in clamd. > Were there many others like you who also failed to configure their > systems to handle a failure in clamd? Yes, but that again was their > decision as it was yours. Jim, you're still trying mudding me to stop what I'm saying. The fact that the team was aware of the implication of long signatures and the fact that they let things happen, doesn't mean anything to you? > > Jim, you keep adding apples and pears together. Aren't you starting > > feeling > > the importance of what the ClamAV team wanted and let happen? > > > > Yes, they were concerned that new signatures coming out are not > compatible with older versions, stated so, and sent one of them out. > You would be in exactly the same situation next month. No, the problem is that I'm not in this situation now (I would not be debating otherwise), but I don't want to be in troubles like these in the future, just because someone decides I'm not knowledgeable and responsible enough to run a mail server. Do you understand the implications of what you're saying? > The fact that they made a conscious decision to not have separate > signatures was THEIR decision to make and YOURS to ignore. > > > > >>> The way the clamav team managed this case hits the open software > >>> community > >>> as a whole, being the ClamAV project a well-known member of that > >>> community. > >> > >> Yes, but not necessarily in a negative way.. One of the MAJOR > >> problems with Microsoft software is their insane insistence on > >> backwards compatibility. Sometimes it does not make sense to do so > >> and > >> you just have to bite the bullet and let people know it will not > >> work. > >> In Microsoft's case they simply fail to let people know.. in > >> addition to breaking it. > > > > This is a good point of view which I can easily endorse. But we are > > still > > speaking of stopping working systems. We are not speaking about > > introducing > > a backward incompatibility. > > Yes we are, we are speaking of signatures that can not be handled by > versions older than 0.95. They decided to forego compatibility just as > YOU chose to ignore their warnings. They decided to forego empathy by people who like open-source stuff. This is what they did. And keeping saying the error is only by the sysadmins you aren't you to help them. > And before we get back to "I didn't know", as judges are quick to > point out, ignorance of the law (or in this case changes coming down > the pike) is no excuse. Ahahaha! This is the most silly thing I've ever heard from you! Hahahah! > We are not trying to say you shouldn't feel bad about it sneaking up > on you, but that does not change the fact that the ClamAV team put out > notices 6 months ago that this would happen. So what? This proves they were aware of the problem and that they let pass 6 months not moving a finger. According to your rules, if people ignoring door signs are bad admins, what are developers that in 6 months doesn't find a better solution among the many blatant ones? ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] The EOL tweets
> It isn't the software per se that is the problem, it is the virus > database subscription... If you want to maintain your own virus > database, you can run as old a version of clamav software as you want. > > Asking clamav to support definitions for old versions is like asking > other vendors to keep supplying updates for old versions. At some > point] > they stop providing updates. At some point, clamav stops providing > updates. > If you don't want the updates, you can keep using the software, in both > cases. ClamAV didn't have to provide any update for old systems. They could code in the 0.96 version a new DNS entry to check for updates (say, current.cvd1), and remove the old ones (current.cvd) from the zones. The crappy clamav wouldn't get updated anymore and wouldn't load the server (apart for the dns request). But they would be still running and nobody would be complaining (at least, not at same time...). > > This is not a matter of missing upgrades. This is a matter of > proactively > > breaking running systems. > > By using their database updates, you agree to their terms... This is > nothing > to do with the software. If it broke anything but the clamav software, > that is really your fault, not theirs. We are not in a court. It is not a matter of repaying damages. It is a matter of betrayed trust. > > This is a good point of view which I can easily endorse. But we are > still > > speaking of stopping working systems. We are not speaking about > introducing > > a backward incompatibility. > > Actually, we are talking about both (breaking working clamav services > because of a backward incompatibility with new signatures). You can > avoid > it by not using their new signatures, or by upgrading your clamav > software. > Your choice. Which isn't that bad. To have a choice, I mean... ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] The EOL tweets
> Obviously, you are choosing to be dense. The bottom line is that the > particulars regarding this event were published. Whether or not you > availed yourself of that notification is immaterial. There was not > anything nefarious in the ClamAV team's actions. You have obviously > bought into the shibboleth that software authors, distributors, etc > must > adhere to your specifications. Your rantings against them have turned > puerile. I'm not ranting against anybody. I'm asking if you pondered any other way to obtain the very same result, without putting your finger into somebody else's systems. That's it. I think you're ranting, not me. > Your server(s) are your responsibility. That responsibility includes > keeping abreast of events that might adversely affect them. Obviously, > at least to me, that would include the software installed on said > machines. I subscribe to every major software forum for the software > installed on my machines. It is part of my job description. If you are > too busy to keep abreast of the latest developments regarding your > system, or unwilling to do what is required to keep your system > fully functional and assuming others are dependent upon you doing so, > then perhaps it is time to start looking for a new line of work. This has nothing to do with the correct way a team of supposedly knowledgeable and professional people should follow to solve a problem. I don't believe the way the team choose was the best one, since I have the strong believe that other, equal-cost and less-damaging solution were simply available. I don't understand why you or other keep teaching (the art of) system administration to anybody. Everybody like to manage its own systems the way they like. Even SpamAssassin comes with its own update tool, but this tool doesn't commit the update if something smells wrong and SpamAssasin keeps running with old rules. There is people in the world to whom this is less than an issue. As long as nobody from outside stops their spamassassin, the fact the rules are old is unimportant. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] What mental midget shut down my server?
> >>> NOBODY, BUT NOBODY, HAS THE RIGHT TO SHUT DOWN SOMEONE ELSES > >> SERVERS!!! > >> > >> They did not in any way shut down your server. No shutdown or > reboot > >> command was issued. They didn't turn off your power. Your server > is > >> up and running just fine, or if not, it isn't clamav's fault. > >> > >> They shut down your clamd daemon... Not your server. > > > > Come on, Eric. Your defense is ridiculous... > > > > Giampaolo > > > > Why is it ridiculous? You could have configured you server to send the > mail in case of ClamAV failure and yet you did not? Why? Know what? I didn't even need to. And you are still missing the point. Hope you don't do the same with your life. Giampaolo ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] The EOL tweets
> > The ClamAV team have commanded old versions of its product to stop > working. > > Not even Microsoft do this. > > I can't tell you how many support calls I've received over the years > with people saying "my Internet stopped working" and it was due to > their > Norton or McAfee license expiring. > > As someone so eloquently stated earlier, your clamav<0.95 license has > expired. It's as simple as that. > > If you felt other consequences, like mail stopped flowing, change your > mail config to fail-open rather than fail-closed. Your mail config is > simply not anyone else's responsibility. Most of us choose an open-source project exactly because it wouldn't work the way Norton or McAfee work. Or do you really think ClamAV is a big and smart monster against malware? Giampaolo ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] The EOL tweets
> > The ClamAV team have commanded old versions of its product to stop > working. > > I would not describe what they did that way. > > Older versions of clamd were going to crash on signatures that newer > versions would accept, and the devs have been prevented for at least 6 > months from using that type of signature. They have posted since then > for > people to upgrade. > > When they did was publish this type of signature (has to do with > length, > greater than about 900bytes), where the signature itself is an error > message, so when the program dumped the signature the error would be > displayed. > > That's all, not a kill switch as such, but using a known bug to deliver > a > message, rather than have it just bomb out with a hex dump when they > tried > to use a larger signature. They could prevent these old systems from being updated at all. It was really simple and nobody would get hurt. Giampaolo ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] The EOL tweets
> Pointing out that they are wrong, why they are wrong, and how they > should > do things instead _IS_ helping them. That is the way people work, that > is the way people learn, that is how wrong situations get corrected. The only "wrong situation" I see is the fact that bunch of people, urged by dangerous teaching needs, can cause trouble to thousands. > Now, should they do that in a nice, polite way. Yes. Do they often > do it in a rude or condescending way instead. Unfortunately yes. That > is perhaps the part that needs fixing. The problem is when they do wrong things in a nice, polite way. Not the contrary. We are not from the same planet... > >> Check the mailing list archives... > > > > Let me see: I subscribed to this list in Nov 2009. I need more time > to fetch > > it. > > If you subscribed to it in Nov. 2009 and have been reading it, then you > should have known about this issue, and how to avoid any problems. So > there > should be no problem. Infact I don't have any, apart the fact that I don't like a bunch of people to decide when my server should fail... Giampaolo ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] The EOL tweets
> >> > >> Check the mailing list archives... > > > > Let me see: I subscribed to this list in Nov 2009. I need more time > > to fetch > > it. > > > > > > Giampaolo > > > > > > Then how could you possibly have missed the announcement that clamd > installations will be disabled? Probably I didn't even pay attention to it. I'm used to keep software up to date, so I didn't care too much. Anyway, you keep thinking the wrong way. How would you feel if you two days ago had an old clamav which caused one of your mail servers to stop working? Why did you choose ClamAV? Only because of price? Or even because it is an open-source project? > Starting from 15 April 2010 our CVD will contain a special signature > which disables all clamd installations older than 0.95 - that is to say > older than 1 year. > This move is needed to push more people to upgrade to 0.95 . > We would like to keep on supporting all old versions of our engine, but > unfortunately this is no longer possible without causing a disservice > to > people running a recent release of ClamAV. > The traffic generated by a full CVD download, as opposed to an > incremental update, cannot be sustained by our mirrors. Well, the more I read it, the more I don't understand the need for shutting old clamd down. And the more I feel there was some management "dictact" behind it. Giampaolo ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] The EOL tweets
> > Err, it does have something to do with it. You made the assertion > > that no-one would spend money replacing a system rather than upgrade > > it. Two of us now have pointed out that real world PHB do exactly > > that sort of thing - and this issue with clamav getting the kill > > switch can be just the sort of excuse they need. It may not be a > > valid reason, but then so many business decisions are based on having > > enough excuses to do what you want rather than doing what would > > logically be right. As Giampaolo comments, some people (especially > > PHBs) simply see it as "that Linux stuff blew up, best go with > > Microsoft like everyone else". > > The two who have "pointed out that real world PHB do exactly that sort > of thing" now are operating broken systems. So much for credibility. See, Jerry. Credibility is something one have to gain. In my small domain, I already did it. What about you? I see you're quite far from it at the moment, since you are trying to drive people to think that complains are only from bad sysadms. I can't of course speak for others, but I'm complaining because of the bad light in which the ClamAV team put open-software with the 0.96 case. My systems, Jerry, work fine, thank you. But I had a couple of phone calls from some friend sysadmins (yes, I have friends colleagues. Do you?) who were in trouble due to ClamAV. Open software shouldn't behave this way. The ClamAV team should have implemented ways to not screw old installation while going for its own way. There were feasible ways to do this, but they chose not to follow them. Period. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] The EOL tweets
> >I guess around 25-50% of the malware is old, well-known one. So it is > not > >that silly to have an outdated AV running to lower the received one. > > > >But anyway, we are speaking of stuff which worked. It wasn't perfect, > but it > >worked. And in this days the ClamAV staff decided to break it, without > a > >rationale close to the point. > > > >Isn't this weird? Is clamav a trustable project? This is what a > sysadmin may > >end thinking next time he/she installs a new system. > > If ClamAV went the other direction and just left people hanging with a > false sense of security, all the while happily returning a "yup, not > infected" to every file with modernish malware in it, there would be > just as much "can I trust 'em?" Dave, look. These are few files scanned with 0.96: 79504-Jesus.1.exe: 79504-Jesus.1.exe.UNOFFICIAL FOUND Contract.1.exe: Contract.1.exe.UNOFFICIAL FOUND Contract.2.exe: Contract.2.exe.UNOFFICIAL FOUND instructions.1.exe: instructions.1.exe.UNOFFICIAL FOUND Instructions.1.exe: Instructions.1.exe.UNOFFICIAL FOUND Instructions.2.exe: Instructions.2.exe.UNOFFICIAL FOUND Instructions.3.exe: Instructions.3.exe.UNOFFICIAL FOUND Instructions.4.exe: Instructions.5.exe.UNOFFICIAL FOUND Instructions.5.exe: Instructions.5.exe.UNOFFICIAL FOUND Instructions.6.exe: Instructions.6.exe.UNOFFICIAL FOUND officexp-KB910721-FullFile-ENU.1.exe: officexp-KB910721-FullFile-ENU.1.exe.UNOFFICIAL FOUND password.1.exe: password.1.exe.UNOFFICIAL FOUND settings.1.exe: settings.1.exe.UNOFFICIAL FOUND settings.2.exe: settings.2.exe.UNOFFICIAL FOUND settings.3.exe: settings.3.exe.UNOFFICIAL FOUND settings.5.exe: settings.5.exe.UNOFFICIAL FOUND settings.6.exe: settings.6.exe.UNOFFICIAL FOUND settings.7.exe: settings.7.exe.UNOFFICIAL FOUND settings.exe: settings.exe.UNOFFICIAL FOUND setup.1.exe: setup.1.exe.UNOFFICIAL FOUND setup.2.exe: setup.2.exe.UNOFFICIAL FOUND UPS_invoice_2794.1.exe: UPS_invoice_2794.1.exe.UNOFFICIAL FOUND I reported to ClamAV each of them. The oldest one is from February, 3. They are still not detected unless via an .hdb. This is F-Prot, intead: [Found security risk]Contract.1.exe [Found trojan] Contract.2.exe [Found trojan] instructions.1.exe [Found trojan]Instructions.1.exe [Found trojan]Instructions.2.exe [Found trojan] Instructions.3.exe [Found trojan]Instructions.4.exe [Found trojan]Instructions.5.exe [Found trojan] Instructions.6.exe [Found virus] officexp-KB910721-FullFile-ENU.1.exe [Found virus] settings.1.exe [Found trojan]settings.2.exe [Found trojan] settings.3.exe [Found downloader] settings.5.exe [Found trojan] settings.6.exe [Found security risk]settings.7.exe [Found downloader] settings.exe [Found trojan] setup.1.exe [Found trojan]UPS_invoice_2794.1.exe It detect all but the most recent ones. So, who should I trust the most with respect to this? Instead, I preferred ClamAV. And I'm still helping the way I can: I'm reporting malware, and now I'm debating on the 0.96 case. And I'm really sad when I discover that a move could put in danger the reputability of the whole project. Because I'm a bit old. And I like freedom. And I prefer to have to bother with mailing lists and bulletin reports and have the control of systems, instead of put my work in the hand of people who could change the rules at will. An open-source project is not supposed to change rules at will. The license itself of open source software is often oriented toward this view, such that it guarantees people to keep using software they already got, even when the project becomes a completely commercial one. A remote kill is very dangerous to a commercially-oriented product, but may be a real disaster to an open-source one. Because the open-source idea is all based on freedom. The ClamAV team can't act the way it did and not risk to be censured by the open-source community. If people blames you and feels betrayed by you, it is not a "sysadm matter"... Giampaolo > > As far as whether or not you can trust ClamAV, if this was sprung upon > server operators without notice, that might be a consideration. It > wasn't. > > The difference is that this screaming gets attention and gets the > attention of incompetently managed server operators so that things get > fixed. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] WTF?? all clamav just up and stops??
> > OK, who's the mental midget that decided to just up and kill all > > installations of clamav ??? I am flooded today with calls that email > > servers are not working! Every d*(n one of them is the same > > thing. ClamAV just died. Stupid I have never heard of a > > program that just because I did not update it, it shuts down?? This > > has got to be the stupidest thing ever OK, so the version is > > not updated and it is probably not catching all the viri that is > > should. SO WHAT That's my responsibility/fault. But don't go > > shutting everything down and killing corporate email all > > together!! Retards... > > > > Off to find a replacement... > > Happy hunting! > > Your use of mailing lists is only match by your management of servers! Ok, Jim. You're the best sysadm in the world, right? Now, can we speak of freedom in the usage of open software? Giampaolo ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] The EOL tweets
> >> The sysadmins could have done this by turning off freshclam.. > and > >> saved themselves from having to deal with the upgrade. > > > > Who is the sysadmin of an unmanaged box? > > The owner of the box. They may not be qualified to manage the machine, > but computers don't plug themselves into the network-- every machine > belongs to someone who pays for electrical power and network > connectivity. What if your PS3 stops working because the maker thinks it is a too-old model to still go? > > If nobody had to turn off freshclam, why clamscan had to stop > working? > > Sufficiently old versions of ClamAV don't work with all of the current > signatures, and bugs in these old versions prevent the ClamAV team from > writing more complex signatures that they would like to use. Just prevent old versions from upgrading. It is not that difficult. > ClamAV isn't different from other anti-virus software or security > mechanisms in general. If the software is too old, it doesn't provide > useful protection from current malware. If you've ever administered an > older Windows box at some client site, it's not uncommon to find a 3- > year out-of-date antivirus install that either has been logging > complaints for ages, or has been disabled completely because the local > user got tired of being nagged about the outdated version. Infact I did find stuff like that. I also found expired Norton AVs that messed the OS when uninstalled (probably the uninstaller didn't made a very clean job)... I was very happy to find an open-source AV product in internet, because I had the feeling that it was the right solution to avoid that crap in mission critical applications. I'm know a bit uncomfortable with the idea that the ClamAV team can so easily "unplug the wire". When there are other ways to do the same with few more effort, if at all, too. > It's also not uncommon to find such machines infected six ways from Sunday. If one can't afford the upgrade, let him/her live the way he/she can. Come on... Giampaolo ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] The EOL tweets
> >> Then that is their choice and when it fails, they can bitch to the > >> developers of that system and switch to another vendor ... > > > > Apart the fact that open software is not yet-another-vendor. It is a > > culture. > > > > No, ClamAV is a VENDOR that happens to be part of the open software > community. So ClamAV should obey to the rules governing the open-software community. One is that everybody is free to run it own copy of the software, in whichever shape he/she likes it. > There have been numerous pieces of software that I have used over the > years that have died on the vine and no longer suitable for new > systems. Do I rant at them that they MUST provide me with a new > version, no, I deal with it. Either building my own from sources or > moving on to a new piece of software. This is not a matter of missing upgrades. This is a matter of proactively breaking running systems. Jim, you keep adding apples and pears together. Aren't you starting feeling the importance of what the ClamAV team wanted and let happen? > > The way the clamav team managed this case hits the open software > > community > > as a whole, being the ClamAV project a well-known member of that > > community. > > Yes, but not necessarily in a negative way.. One of the MAJOR > problems with Microsoft software is their insane insistence on > backwards compatibility. Sometimes it does not make sense to do so and > you just have to bite the bullet and let people know it will not work. > In Microsoft's case they simply fail to let people know.. in > addition to breaking it. This is a good point of view which I can easily endorse. But we are still speaking of stopping working systems. We are not speaking about introducing a backward incompatibility. Giampaolo ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] What mental midget shut down my server?
> > NOBODY, BUT NOBODY, HAS THE RIGHT TO SHUT DOWN SOMEONE ELSES > SERVERS!!! > > They did not in any way shut down your server. No shutdown or reboot > command was issued. They didn't turn off your power. Your server is > up and running just fine, or if not, it isn't clamav's fault. > > They shut down your clamd daemon... Not your server. Come on, Eric. Your defense is ridiculous... Giampaolo ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] The EOL tweets
> > If nobody had to turn off freshclam, why clamscan had to stop > working? > > Have you actually been reading and comprehending what has been stated > in this thread? Yes, I did. Did you? If you know, just tell me why. > > In this thread I'm seeing a lot of people blaming the sysadmin. Is it > > crowded by sysadmins who like to show they are much more competent > > than their colleagues? > > Who should I blame, my barber? The SA has primary responsibility for > his/her system. It would be ludicrous to attempt to pass the blame onto > someone else. The ClamAV team have commanded old versions of its product to stop working. Not even Microsoft do this. And an inexistent SA has to be blamed for this? It maybe, but because it trusted the ClamAV project, not because he/she didn't manage something that he/she didn't have to... But imagine that the SA is a horrible and ugly person, who takes the money and don't care to give a decent work in return. Even in that case the ClamAV team should have refrained from stopping that working system. I can't understand why you have difficulties in understanding this. One can't simply go and turn stuff off at will. > > Why nobody from the ClamAV team likes to explain to *users* why they > > decided to stop their own working clamscan, when there were tons of > > suitable alternatives? > > They have explained it, you just choose to not listen or accept their > explanation. Nono. They haven't. There is no single work about the rationale which drove to the 0.96 case. I mean, a technical reason which says that the way this was handled was the only feasible way to do it. It had been said this was to alleviate the servers load (play with dns, then!), it had been said that the ClamAV team don't owe anything to its users. It had been a lot of things against bad sysadmins as opposed to good ones. All, but the rationale. > > Nobody here gave a serious rationale about it. The way "sysadmins" > are > > attacked here, seems to me that the 0.96 case has nothing to do with > > open software, but instead with marketing. > > Who has been attacked? Certainly not competent SAs. Conversely, SAs who > would rather procrastinate than keep their systems up-to-date are > openly > criticizing the ClamAV team for a decision that was theirs to make. In > today's culture, blaming others for our mistakes does seem to be the > norm. Oh, came on. Proactively shutting down software is not something like "you knew that could happen"... > > So please, the genius in the management who came out with this smart > > idea may please came out and explain to us the why? Many people > > already know the when... > > They all ready have explained their reasoning. How many times must they > reiterate it before you comprehend what they are saying? It has come to > the point now that all you are doing is "beating a dead horse." Do, you mean management is behind this? Giampaolo ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] The EOL tweets
> > If nobody had to turn off freshclam, why clamscan had to stop > working? > > > > In this thread I'm seeing a lot of people blaming the sysadmin. Is it > > crowded by sysadmins who like to show they are much more competent > > than > > their colleagues? > > Why, because all the whiners on the list have gotten the ire up listen > to people whine that their (making an analogy here) 10 year old car > they have not changed the oil or air filter or spark plugs in since > they bought from the dealer has not stopped working. (Entering analogy more me too, then) If that car stops working because it has enough, it is fine. If it stops because somebody put the sugar in the reservoir, that's another. A remote 'kill' is like putting sugar in the reservoir of an almost exhausted car. It is sabotage, not natural death... > > > > Why nobody from the ClamAV team likes to explain to *users* why they > > decided > > to stop their own working clamscan, when there were tons of suitable > > alternatives? > > > > Because they used this solution to the problem which is their choice. > I personally do not let my ClamAV get more than 1 major revision > behind. And before you go on as say that is because I run new hardware > and distributions, I do not. My current OS is has not been supported > by the vendor in a LONG time. What does this mean to me? It means that > I AM responsible now for making sure all is well and requires more > attention from me. If owners want "unmanaged" systems, they should use > the money they are saving on management and upgrade the hardware / > software every couple of years. Then the systems can remain happily > unmanaged. If they want to have unmanaged systems AND no > responsiblilty well I want to be a billionaire but I do not > believe it is just going to happen.. This is fine if age causes failure. It is not if someone purposely causes the failure. And, by the way, I still have to understand the real purpose of all this. Giampaolo > > Nobody here gave a serious rationale about it. The way "sysadmins" > are > > attacked here, seems to me that the 0.96 case has nothing to do with > > open > > software, but instead with marketing. > > > > So please, the genius in the management who came out with this smart > > idea > > may please came out and explain to us the why? Many people already > > know the > > when... > > > > Giampaolo > > > > ___ > > Help us build a comprehensive ClamAV guide: visit > http://wiki.clamav.net > > http://www.clamav.net/support/ml > > ___ > Help us build a comprehensive ClamAV guide: visit > http://wiki.clamav.net > http://www.clamav.net/support/ml ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] The EOL tweets
> Quoting Giampaolo Tomassoni : > > >> The sysadmins could have done this by turning off freshclam.. > and > >> saved themselves from having to deal with the upgrade. > > > > Who is the sysadmin of an unmanaged box? > > There should be no un-managed boxes on the network... There shouldn't even be syadmin. But then? Show me an RFC that states that no un-managed box can be in the 'net: I'll show you one which prohibits the presence of sysadmins in the world... > > If nobody had to turn off freshclam, why clamscan had to stop > working? > > Did clamscan stop working, or only clamd? I don't know it for sure. I know clamd stopped working, but I guess also clamscan, since in the troubled installs I heard they use amavisd-new. Maybe I'm wrong, but the amavisd-new's default config has clamd as primary scanner and clamscan as backup one. > > In this thread I'm seeing a lot of people blaming the sysadmin. Is it > > crowded by sysadmins who like to show they are much more competent > than > > their colleagues? > > Yes, of course it is. Which is wrong, anyway. Since nobody is perfect, instead of pointing out the other's mistake (if any) sysadmins should co-operate. Otherwise others may gain some advantages by adopting the "divide et impera" paradigm... > > Why nobody from the ClamAV team likes to explain to *users* why they > decided > > to stop their own working clamscan, when there were tons of suitable > > alternatives? > > They did. Right here on this list. Starting about 6 months ago. > > Why didn't these *users* bother to read and comment on it during the > last 6 months? > > > So please, the genius in the management who came out with this smart > idea > > may please came out and explain to us the why? Many people already > know the > > when... > > Check the mailing list archives... Let me see: I subscribed to this list in Nov 2009. I need more time to fetch it. Giampaolo ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] The EOL tweets
> > The fact that old clamscans stop working because of a remote "kill" > > update, > > is grave as it would be for Microsoft to stop 2000 from working with > > an > > update. Yes, 2000 is a dangerous thing nowadays. But nevertheless > > who are > > you to shut my computer? > > I guess you have never had a Microsoft update that broke your Windows > installation... It happened, of course. First, it wasn't the purpose of the update anyway: the system was probably already compromised. Second, it happened with workstations: most of the time the used had simply to seat to another table to get back to work. Also, if one has a couple of clustered servers and one gets scrambled, the other may keep working. If you send a remote kill to a clustered system, every and each member of the cluster stop working. See how's different? You are putting at the same level an occasional, unwanted broke and a targeted kill, but they are not the same thing. Giampaolo ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] The EOL tweets
> And if the server owners / sysadmins feel that sending mail is more > IMPORTANT than sending clean mail, they do not not need to install any > AV software and their mail system will happily send out all it's > mail I guess around 25-50% of the malware is old, well-known one. So it is not that silly to have an outdated AV running to lower the received one. But anyway, we are speaking of stuff which worked. It wasn't perfect, but it worked. And in this days the ClamAV staff decided to break it, without a rationale close to the point. Isn't this weird? Is clamav a trustable project? This is what a sysadmin may end thinking next time he/she installs a new system. Giampaolo ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] The EOL tweets
> > Unfortunately, the net result will be that the management of the > small > > companies running their crappy and old mailing systems will have to > > hardly > > face the fact their mailing box doesn't work anymore because a free > > component in it unreasonably stopped working. This will decrease > > their trust > > about free software: they are going to buy a new computer running > > Microsoft > > Exchange Server backed by something else then ClamAV... > > > > Then they are free to do so and get what they pay for.. Ok. ClamAV likes this way... Everybody happy, then. Giampaolo ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] The EOL tweets
> > Was this the purpose? > > > > Giampaolo > > > > Then that is their choice and when it fails, they can bitch to the > developers of that system and switch to another vendor ... Apart the fact that open software is not yet-another-vendor. It is a culture. The way the clamav team managed this case hits the open software community as a whole, being the ClamAV project a well-known member of that community. Giampaolo ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] The EOL tweets
> The sysadmins could have done this by turning off freshclam.. and > saved themselves from having to deal with the upgrade. Who is the sysadmin of an unmanaged box? If nobody had to turn off freshclam, why clamscan had to stop working? In this thread I'm seeing a lot of people blaming the sysadmin. Is it crowded by sysadmins who like to show they are much more competent than their colleagues? Why nobody from the ClamAV team likes to explain to *users* why they decided to stop their own working clamscan, when there were tons of suitable alternatives? Nobody here gave a serious rationale about it. The way "sysadmins" are attacked here, seems to me that the 0.96 case has nothing to do with open software, but instead with marketing. So please, the genius in the management who came out with this smart idea may please came out and explain to us the why? Many people already know the when... Giampaolo ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] The EOL tweets
> > It is not something to do know, but instead something that could have > been > > done introducing 0.96... > > Giampaolo: There are lots of things that COULD be done, but it is not > the > philosophy of the ClamAV project. > > As I said, the devs have made it clear in the past that they feel clamd > should fail to run on any problem. They also, it seems to me, have made > it > clear they do not think people should run older versions, ever, for any > reason. > > Therefor, this is my own statement and I don't want to put words in the > devs > mouth, but the clear message I get from them is if you aren't the type > of > admin who always installs the latest, then don't run Clamav. Period. > It's > not the right thing for you. Let me say first that the systems I manage, i.e.: the ones of my direct clients, didn't even noticed this problem since they are all running 0.96 from a Gentoo distro. I'm driven into this thread by a very different reason, which I believe is a bit wider in meaning than ranting against imaginary culprits of my own troubles. It is about open software and respect of the (mis?)use people do of it. The fact that old clamscans stop working because of a remote "kill" update, is grave as it would be for Microsoft to stop 2000 from working with an update. Yes, 2000 is a dangerous thing nowadays. But nevertheless who are you to shut my computer? Christopher, you may or may not be the ClamAV spokesman. Nevertheless I would like to let the team know that the 0.96 case didn't create trouble to administrators (whether or not "responsible"), but to open-software users. I believe by the way a lot of "irresponsible" administrators are really happy with the ClamAV team right now, since they are going to be hired to fix troubles around or -even better- to install new stuff. That said, please note it is not a matter of administration: most small systems are basically unmanaged and owners do know they are not up-to-date and that occasionally viruses may slip in. Owners simply feel this is worth the fact they don't have to pay for any assistance. When too many viruses gets to their mailbox, then they call somebody to fix things. But if you stop their crappy mailing systems, they will switch to something else. Are developers willing this? I hope they're not. Giampaolo ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] The EOL tweets
> > Obviously this is not a retroactive solution, but now that they know > > this may be necessary, something can be changed so that it can be > dealt > > with more smoothly in the future. > > It already has been. 0.95 recognizes signatures which can tell > freshclam to not update anymore. So if in the future a new type of > signature is added that is completely incompatible with 0.95 or later > freshclam will no integrate any further updates into the DB. > > What is also being missed is that anyone running 0.94 has been placing > an undue load on the update servers. Has prevented the maintainers > from > releasing more effective signatures for the 0.96 users. If these > advanced signatures were to be released without a kill signature it > would have made clamav choke anyway. This kill was an explicit method > of what would happen if the new features were enabled. Instead of a > random death loading what looks like a normal signature, a message was > delivered spelling out what needs to be done. > > I've seen commercial AV scanners go into non-functioning mode when an > incompatible signature was released. Of course having a GUI meant that > I was told to download the new update. Clamav on a server has no GUI, > it method of informing the user is it's log file. Anyone running 0.94 > has been warned for over two years that they're out of date. Today > that > warning became a requirement. There were other ways to stop 0.94 from loading the server. Playing with dns entries, in example. Giampaolo ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] The EOL tweets
> > Unfortunately, the net result will be that the management of the > small > > companies running their crappy and old mailing systems will have to > > hardly face the fact their mailing box doesn't work anymore because a > > free component in it unreasonably stopped working. This will decrease > > their trust about free software: they are going to buy a new computer > > running Microsoft Exchange Server backed by something else then > > ClamAV... > > So, rather than update ClamAV and/or their OS, which in the majority of > cases would involve no monetary expense, users will purchase new > servers and flock en masse to Microsoft, spend thousands more on > Microsoft Windows Server 2010, Exchange, etc and learn new skills to > administer said network. A crappy and old system can't be easily upgraded: you have to re-install it from scratch in the best cases. In the worst, better "reset and restart" with new hardware too. When that kind of system get stuck, management tend to renew it from scratch anyway. Since the management itself was bitten by the clamav problem and knowing how management often thinks, believe me it won't be too difficult to know how things will go in most cases. The manager (because you only get one person in the management in very small companies) will shout: "I don't want to get into these troubles anymore! The company of my friend X runs Microsoft and they didn't experience this!" Because for the management the matter will simply be Linux vs. Microsoft: these are probably the only two words they know about software (and they may even believe Linux is a company). > Could I ask you a personal question; are you on drugs and if so, can > I have some because that is one hell of a trip you are on? If you were running an old, outdated version of clamav and spamassassin, you could get some by replying to one of that slippery e-mails... > Furthermore, why wouldn't these small companies running their > crappy and old mailing systems install updated versions of the > OS, etc they all ready have installed? Lets face facts, you obviously > have not thought this through. Post back when you have a factually > correct idea of what you are disseminating. The only thing I'm trying to disseminate here is that running a successful open-software project demands for a very responsible approach to users, otherwise you may put in danger your project and the open software acceptability. Giampaolo > Jerry > clamav.u...@seibercom.net ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] The EOL tweets
> Quoting Giampaolo Tomassoni : > > > What if this DNS name stops responding (and be propagated to mirrors) > and > > instead a new current1.cvd.clamav.net (or maybe > current.cvd1.clamav.net if > > you dislike the first) start working? Clamav's 0.96 could issue > requests to > > that brand new name to get updates, while old clamav installations - > which > > are unaware of it- would simply fail updating. > > So instead of breaking only the really old clamav installs, you've > broken > ALL the non-0.96 installs? Why break the 0.95 installs as well? It is not something to do know, but instead something that could have been done introducing 0.96... Did you read all the post? You didn't, right? > And again, if the old versions keep running, but don't get updates, it > is > a dis-service to those who think they are being protected but are not. Most of them know exactly their AV is not up-to-date. Nevertheless, their mail server works and only have to be careful opening new mail. Can they prefer to take some risk and not pay someone to update their systems? Giampaolo ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] The EOL tweets
> The philosophy of the ClamAV team has always been, when in doubt clamd > will not run. There are many people, myself included, who disagree with > this. We have made our objections known, and this is not how the devs > choose to run their project. > > It is their right. I choose to run ClamAV anyway. > > Rant on if it makes you feel better, but you aren't going to change > their view. > > What you SHOULD take from this is that you may want to change how your > milter is set up, so that if clamd dies, unscanned mail is passed > rather than rejected or temp-failed. > > Because if ever a signature database is corrupted, clamd won't run. If > there is an empty signature db file, clamd won't run. There are probably > other situations I can't think of right now that mean clamd won't run. > I think even if the databases are older than a week, clamd won't run. Mmmh, no: this happened to a client of mine and clamscan kept working. > Now, in the realm of my opinion: If you are running open-source > software then you better be on a mailing list for it, your distro if > not the packages themselves. To my opinion, it wasn't that clear that old installation would have stopped working. Also because it is difficult to find a reason > > Because the Clam team, frankly, owes you nothing. Literally, > absolutely, nothing. They are not only giving you free software, but > daily, hourly, and sometimes MINUTELY updates to the database. Free. > If you stop using it, not only won't it hurt them one bit, it will save > them bandwidth costs. I don't see it this way. I know the team owes us nothing, but a wrong move may hurt them anyway: users may start moving to something else, possibly "smoother" in its reasoning. Other free AV project could stem from this kind of *mistakes*, the ClamAV user-base would decrease and signature updates (which I guess are a function of the virus reported by users) would decrease in effectiveness, too. In summary, the team working on a open-software project has after all some rules to respect in order to keep their own project alive. One of these is: keep the number of users you put in trouble low. Maybe this happened, but I had two calls in the morning about this, for maybe five mailing systems which stopped working. Most of them are not easily upgradeable. After all, I can't care it the less. But what about the five small companies running these systems? > Is it too much to ask that we take the initiative and keep up with what > is available ? If they told us we had to check notes posted on their > front door for updates, it would STILL be more than we deserve. > > I'm sorry, but I literally have no sympathy for people who use something > for free, don't look at announcements for 6 months, then complain things > stopped working. > > And if you think for a minute it would be any better with Microsoft or > Norton or anyone else -- try dealing with a server that just decided > it's now unlicensed for who knows what reason. > > The traffic on this is ridiculous. You don't like it, buy something, > but stop whining already. One of the advantages of free and open software is that one doesn't have to fear for somebody deciding to discontinue service. Even if the ClamAV team decided to stop producing its nice package as well as any cvd update, the problem could have been discovered on the live system (when possible, no hurry) and eventually fixed (again, when possible, no hurry). In this case, instead, the Team proactively stopped any old clamav installation from working. They don't owe anything to their users, but after all even users don't owe their systems to the clamav team... Giampaolo ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] The EOL tweets
> > this is the first time, in SEVERAL years that i work with IT, > > that i've seen a software publisher pushing a 'kill' signature to its > > own software. > > Could you please qualify that statement. Do you mean that this is the > first instance of this kind you have experienced in several years, > meaning of course that there is a precedence for it, or that it is the > fist time in the several years you have worked at your profession that > you have observed this behavior? Your statement, as it now stands, is > ambiguous. He is CLEARLY stating that he is several years he is working in IT, and that during his multi-year professional work he never saw a software publisher pushing a kill signature. What do you have to disambiguate? > > it's VERY common in the software industry to stop supporting old > > versions, but they simply stay working. They're outdated, > > unsupported, but they keep working. I have a working Redhat 9 machine > > running until today, despite the fact it's SEVERAL years unsupported > > and deprecated. Is this the best thing to do ? No, absolutely not, i > > dont want credits for that. But hey, it simply continue working. > > Many of use have taken that route as a 'stop gap' measure. However, to > instigate it as an official protocol is just asking for trouble. > (Reread > this thread for further details) Was the 'stop gap' really useful? To which purpose? Did the ClamAV team meant to stop old installations to work, in order to silence competitors? Perhaps to teach to clamav users about the very complex nature of today systems and services? Unfortunately, the net result will be that the management of the small companies running their crappy and old mailing systems will have to hardly face the fact their mailing box doesn't work anymore because a free component in it unreasonably stopped working. This will decrease their trust about free software: they are going to buy a new computer running Microsoft Exchange Server backed by something else then ClamAV... > > clamav took a VERY bad move, there's absolutely no doubt on > > that. This will surely affect the software credibility, as you can be > > sure that LOTS and LOTS of email servers are broken since the > > signature was published. > > Whether or not they make a bad decision is your unqualified opinion. It was blatantly a very bad move, because it assumed that the whole clamav user-base was diligently upgrading their clamav installations. Which can't be. > In addition, would you please be so kind as to qualify the "LOTS and LOTS" > with some actual documentation. Why? He got into this trouble but was knowledgeable enough to report his story to this mailing list. A lot of small, almost unattended mail servers run into the very same troubles. Their admin have already upgraded their installations or are unwilling/incapable to report here their story. So multiply 1 by at least 10 and you get an idea... There are now at least 10 people which are regarding clamav and (which is worst) open software less respectfully, now. > > despite the fact there's was good reasons for doing that, it WAS > > a VERY bad move IMHO. > > That statement is diabolically opposed to itself, although you did > qualify it with a "IMHO" disclaimer. > > The bottom line is you did not pay for or (to the best of my knowledge) > develop this software. You have no standing on the matter of how the > ClamAV team distributes it product. > > The ClamAV team choose to take the advice of Ricky Nelson, "You can't > please everyone so you have got to please yourself." Now that is the > bottom line. The bottom line is that there were very simple ways to circumvent the problem (see my previous posts). This time, it seems to me that the ClamAV team was a bit too lazy to implement them... Giampaolo ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] The EOL tweets
> >> If I run a ssh service on my machine, and yes I do, I keep track of > the > >> ssh announce list. > >> Why because I hate it to find my root password changed because there > >> was a security update I didn't updated 6 months ago because an apt- > get > >> update/upgrade didn't work anymore. > > > > So you're subscribed also to all the linux kernel maillists? You > know, your sshd is running on top of a linux kernel... > > If you are a Debian user it suffices to subscribe to > debian-security-announce (the ClamAV EOL was announced there). > Other distributions probably have similar mailing lists. > > If not, you can subscribe to the *-announce mailing lists, which should > be very low traffic, or follow new releases using RSS feeds, or some > other method. Török, I meant you can't do this for every and each piece of software running in your systems. To my opinio, it was instead possible for the ClamAV project to work-around the possible implications of remotely disabling all that old-and-crappy ClamAV installation around the world... Giampaolo ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] The EOL tweets
> Not a bad idea. It could be generalized to something like: > >0.95.3.cvd.clamav.net >0.96.cvd.clamav.net > > Each version would have it's own DNS name for updates. All of them > would point to the same group of servers. (Maybe just make them cnames > for current.cvd...) Then, when you want to disable updates for a > version, just drop the name from the DNS. There is already something in the TXT record announcing the facility level needed to get the best from the cvd update. The problem here seems to me that the new cvd format is so deeply incompatible with the old one that new CVDs are mostly useless to old clamav intallations. This is not going to happen often, I guess. So a kind of "cvd format version" in the DNS name (1 in my example) would probably suffice. Giampaolo ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] The EOL tweets
> If I run a ssh service on my machine, and yes I do, I keep track of the > ssh announce list. > Why because I hate it to find my root password changed because there > was a security update I didn't updated 6 months ago because an apt-get > update/upgrade didn't work anymore. So you're subscribed also to all the linux kernel maillists? You know, your sshd is running on top of a linux kernel... You end being busy reading instead of busy working, this way... Giampaolo ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] The EOL tweets
> If you don't have the time, knowledge, or whatever. Don't be a > sysadmin. > > Being a sysadmin for a PRODUCTION server is a real job. > I hire someone to fix my car and repair my roof. It is decades now I'm a sysadmin, but I don't agree with your statement. I keep repairing my car by myself (when possible) and I don't trust people who doesn't like to have a look its surroundings or to try to understand how a things do what is does. > Why because I could > try and fix something but I know I can't complain if I break something. This may also mean "don't use free products because you can't complain if something breaks". Which is right, but then why successful open-source projects are often so inclined to listen to their users? > > despite of all the warnings, the EOL signature was a bad move in > > my opinion. > > We are talking about a message send to everyone who cares for there > system of October 5th, 2009. > An old version of ClamAV can't find the newest viruses. The really old > ones don't run in the wild anymore. They find a lot of old viruses and the fact they stopped working at all is the problem, not the fact that new viruses may slip through. This move surely made ClamAV boxes safer: they aren't passing viruses anymore... Giampaolo ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] The EOL tweets
> >> I don't know of any way to stop freshclam from updating. > >> Some mirrors can blacklist old versions, but not most/all. > > > > Using a new DNS tree, such that old freshclam versions were unable to > > perform the job? > > The DNS servers don't receive any information about the version of > freshclam used to perform the query. > The DNS request can go through many DNS caches... So what? I see the old freshclam issues DNS request like these: current.cvd.clamav.net. What if this DNS name stops responding (and be propagated to mirrors) and instead a new current1.cvd.clamav.net (or maybe current.cvd1.clamav.net if you dislike the first) start working? Clamav's 0.96 could issue requests to that brand new name to get updates, while old clamav installations -which are unaware of it- would simply fail updating. They would probably scream error messages in big letters in their logs, but their clamscan would keep running... Please also note that the fact that "[clamscan will stop working] was clearly stated" (if any) may have a meaning in a lawsuit. But it is not an excuse (in the world of the open software) if any other way to have a forward- and backward-compatible solution is available... I personally I'm sure I'm not going to file a lawsuit against anybody, since I have cutes 0.96 up and running in the servers I directly manage. Nor I'm going to switch, also because I often have more than one AV running in my mail servers. Nevertheless, a *lot* of people will abandon clamav in favor of some pay-per-clean solution (which may even not be a 3D System, after all). Was this the purpose? Giampaolo ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] The EOL tweets
> > Wasn't it better to instead have freshclam to stop updating the > database? > > I don't know of any way to stop freshclam from updating. > Some mirrors can blacklist old versions, but not most/all. Using a new DNS tree, such that old freshclam versions were unable to perform the job? Giampaolo ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] The EOL tweets
> It was explicitly stated that clamd will be disabled. In which language? Giampaolo ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] The EOL tweets
> > > Hi, > > > > > > Just for interest.. feedback on EOL... > > > > > > http://search.twitter.com/search?q=clamav > > > > Indeed, an EOL on the previous minor version is quite an hazard and > may be > > regarded as a self-destructive behavior: it could easily became an > > End-Of-(product-)Line, meaning that people will switch to something > more > > "serious"... > > > > Was that the purpose? > > > > Why is there so much bitching about this ? The original announcement > was > made on the 6th October last year. > http://lists.clamav.net/lurker/message/20091006.143601.d27bbd20.en.html > along > with multiple reminders so people > have had over 6 months to upgrade. > > Any proactive admin should be monitoring their software mailing lists > so the > excuse of "We weren't told" or "Why all of > a sudden" are null and void. > > To the clamav team, thanks for an awesome product :) Nevertheless, many people aren't so "proactive". If you put them in trouble, they will not blame themselves: they will instead switch to something else... I'm having a couple of "help me!" calls from some clients of mine (system vendors and installers) who never even subscribed to this list and were absolutely unaware of the EOL. Also, there are cases in which upgrading is not so easy: it may mean a whole system upgrade. In example, SuSE 10.1 up-to-date installations have gcc 4.1.0. Clamav 0.96 doesn't even ./configure there. You need to find some suitable binaries or switch to a newer distribution. Is there a 5 months early alert enough? Maybe. Maybe not: clamav often is not the only piece of software running on a box... The problem here is that old clamav versions have stopped working at all. Wasn't it better to instead have freshclam to stop updating the database? Please note freshclam is very used to issue alerts when new clamav versions are available, but this didn't ever stop clamav from working. People may have assumed that this would have been the clamav behavior at EOL deadline, thereby underestimating the matter. Giampaolo ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] The EOL tweets
> Hi, > > Just for interest.. feedback on EOL... > > http://search.twitter.com/search?q=clamav Indeed, an EOL on the previous minor version is quite an hazard and may be regarded as a self-destructive behavior: it could easily became an End-Of-(product-)Line, meaning that people will switch to something more "serious"... Was that the purpose? Giampaolo > Cheers, > > Steve > Sanesecurity > > ___ > Help us build a comprehensive ClamAV guide: visit > http://wiki.clamav.net > http://www.clamav.net/support/ml ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] infos
> Ok, sorry for language. > For security reason I can't open the firewall port to download the > latest > virus db upgrade directly from the clamAV web site. I need to access to > the > site from my work station, download the update locally and finally put > it on > the HPUX server. > > Do you think that's possible to do it? > > Thanks in advances, > > Paolo It is a bit weird that security-conscious environments don't allow the update of security components. But anyway, you could install freshclam in your workstation and then use some kind of periodic script to copy/rsync the content of you local clamav db content to the server. Regards, Giampaolo > -Original Message- > From: clamav-users-boun...@lists.clamav.net > [mailto:clamav-users-boun...@lists.clamav.net]on Behalf Of Dino > Ciuffetti > Sent: mercoledì 24 marzo 2010 14.17 > To: clamav-users@lists.clamav.net > Subject: Re: [Clamav-users] infos > > > > > Buongiorno, > > Ho da poco installato clamAV su un server hpux B11.31 con > architettura > > itanium: > > > > ixClamAV,r=A.14.00-0.95.3.001,a=HP-UX_B.11.23_IA/PA,v=HP > > > > Ho necessità di sapere se è possibile fare update del db antivirus in > modo > > non automatico ma manuale e se si dove posso scaricarmi gli > aggiornamenti. > > > > Grazie in anticipo, > > > > Paolo > > Ciao. > Devi avere accesso a internet ed utilizzare l'utility freshclam > configurandola in modalita' manuale. Freshclam aggiorna le signature > dei > virus e le installa nel path corretto. > > Per evitare che gli utenti della lista si arrabbiano e per permettere a > tutti di capire, e' opportuno scrivere sempre in lingua inglese qui. > > > In english: to download signatures you have to use the freshclam > utility. > > Ciao, Dino. > > -- > Dino Ciuffetti > Linux System Administrator and Architect > > ___ > Help us build a comprehensive ClamAV guide: visit > http://wiki.clamav.net > http://www.clamav.net/support/ml > ___ > Help us build a comprehensive ClamAV guide: visit > http://wiki.clamav.net > http://www.clamav.net/support/ml ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Add a specific disclaimer for zip file with password
> Another disclaimer?! What a complete waste of time and energy... > > > Ce message est prot?g? par les r?gles relatives au secret des > > correspondances. Il est donc ?tabli ? destination exclusive de son > > destinataire. Celui-ci peut donc contenir des informations > > confidentielles. La divulgation de ces informations est ? ce titre > > rigoureusement interdite. Si vous avez re?u ce message par erreur, > > merci de le renvoyer ? l'exp?diteur dont l'adresse e-mail figure > > ci-dessus et de d?truire le message ainsi que toute pi?ce jointe. > > This message is protected by the secrecy of correspondence > > rules. Therefore, this message is intended solely for the attention > > of the addressee. This message may contain privileged or > > confidential information, as such the disclosure of these > > informations is strictly forbidden. If, by mistake, you have > > received this message, please return this message to the addressser > > whose e-mail address is written above and destroy this message and > > all files attached. Oh, is it a disclaimer? I had the feeling it was the main body of the message... Giampaolo ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Submission policies
> The answer is very simply, resources. > > The submission interface receives around 20,000 unique samples a day, > which > exceeds the number of signatures that can be produced in a day by the > sigmakers. This forces us to prioritize by what we are seeing the > most of > in a given time period, as those are most likely the prevalent threats. > > If you, or anyone else in the ClamAV community is interested in writing > signatures to help improve some of the response times feel free to > contact > me off list. > > Cheers > -matt Concise and clear. Matt, thank you very much: this wipes my doubts about submission policies and the like. Giampaolo > > On Mon, Sep 14, 2009 at 12:51 PM, Giampaolo Tomassoni < > giampa...@tomassoni.biz> wrote: > > > Hi, > > > > I occasionally submit virus samples to ClamAV through the official > > submission page. > > > > Before submission I also check these viruses with VirusTotal, where > at > > least > > a bunch of AV products do often detect my samples as malware. > > > > If this happens, I also add a link to the VirusTotal's analysis page > > regarding the sample I'm submitting in the "Enter a short description > of > > the > > virus" field of the submission form. > > > > This was used to work, and soon or later I was used to be notified of > the > > inclusion in the ClamAV database of a new detection pattern suitable > for my > > sample. > > > > It is months, however, that I don't receive notifications anymore > regarding > > my submissions. Also, it seems to me that recently submissions are > quite > > ignored. In example, in September 9 I reported to ClamAV a malware > which is > > still not recognized, while it is by 30 out of 41 AV products in > > VirusTotal... > > > > See: > > > > > http://www.virustotal.com/analisis/716704eb975160cf84c110e6510bb45ce983 > 7a774 > > dcdee6136867b4c03f4981e- > 1252908923<http://www.virustotal.com/analisis/716704eb975160cf84c110e65 > 10bb45ce9837a774%0Adcdee6136867b4c03f4981e-1252908923>. > > > > Anybody could explain what's going on with submissions? I can't find > any > > reliable reference to changes in the submission policies or the like. > I > > could only find this thread from this ML > > > > > http://lurker.clamav.net/message/20081025.142726.40535408.en.html > > > > in which basically Bräckelmann is trying to figure out the same I am. > But > > no > > reply to his question... > > > > Thank you, > > > > Giampaolo > > > > ___ > > Help us build a comprehensive ClamAV guide: visit > http://wiki.clamav.net > > http://www.clamav.net/support/ml > > > > > > -- > Matthew Watchinski > Sr. Director Vulnerability Research Team (VRT) > Sourcefire, Inc. > Office: 410-423-1928 > http://vrt-sourcefire.blogspot.com && http://www.snort.org/vrt/ > ___ > Help us build a comprehensive ClamAV guide: visit > http://wiki.clamav.net > http://www.clamav.net/support/ml ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
[Clamav-users] Submission policies
Hi, I occasionally submit virus samples to ClamAV through the official submission page. Before submission I also check these viruses with VirusTotal, where at least a bunch of AV products do often detect my samples as malware. If this happens, I also add a link to the VirusTotal's analysis page regarding the sample I'm submitting in the "Enter a short description of the virus" field of the submission form. This was used to work, and soon or later I was used to be notified of the inclusion in the ClamAV database of a new detection pattern suitable for my sample. It is months, however, that I don't receive notifications anymore regarding my submissions. Also, it seems to me that recently submissions are quite ignored. In example, in September 9 I reported to ClamAV a malware which is still not recognized, while it is by 30 out of 41 AV products in VirusTotal... See: http://www.virustotal.com/analisis/716704eb975160cf84c110e6510bb45ce9837a774 dcdee6136867b4c03f4981e-1252908923 . Anybody could explain what's going on with submissions? I can't find any reliable reference to changes in the submission policies or the like. I could only find this thread from this ML http://lurker.clamav.net/message/20081025.142726.40535408.en.html in which basically Bräckelmann is trying to figure out the same I am. But no reply to his question... Thank you, Giampaolo ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml