Re: [Clamav-users] Clamav Engine upgrades?
Tomasz Kojm wrote: On Fri, 06 Aug 2004 00:08:55 +0200 Thomas Lamy <[EMAIL PROTECTED]> wrote: IIRC freshclam doesn't even update the local database if your local installation has a too small "functionality level". I guess it was Even if the f-level is smaller than required one freshclam still attempts to update the database. All *.cvd databases are backward compatible but older libclamav versions can't use some new features they provide. implemented with major database format changes in mind, like 0.72 simply won't load databeses with the new md5 hashes in it (it would die). Older versions just ignore internal hash databases in cvd files. Sorry for the false alarm then. Thomas --- This SF.Net email is sponsored by OSTG. Have you noticed the changes on Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now, one more big change to announce. We are now OSTG- Open Source Technology Group. Come see the changes on the new OSTG site. www.ostg.com ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Clamav Engine upgrades?
On Fri, 06 Aug 2004 00:08:55 +0200 Thomas Lamy <[EMAIL PROTECTED]> wrote: > IIRC freshclam doesn't even update the local database if your local > installation has a too small "functionality level". I guess it was Even if the f-level is smaller than required one freshclam still attempts to update the database. All *.cvd databases are backward compatible but older libclamav versions can't use some new features they provide. > implemented with major database format changes in mind, like 0.72 > simply won't load databeses with the new md5 hashes in it (it would > die). Older versions just ignore internal hash databases in cvd files. -- oo. Tomasz Kojm <[EMAIL PROTECTED]> (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Fri Aug 6 00:30:07 CEST 2004 pgpKpTpKZVcIz.pgp Description: PGP signature
Re: [Clamav-users] Clamav Engine upgrades?
Mitch (WebCob) wrote: Jeremy Kitchen wrote: On Thursday 05 August 2004 12:46 pm, Ryan Moore wrote: Such that if freshclam downloads a signature and if the signature has a 'engine version requirement' or some attribute that can be compared against the installed engine, if the installed engine isn't newer, give a nasty warning in the log. it already does this. search the archives for 'functionality level' WARNING: Your ClamAV installation is OUTDATED - please update immediately ! WARNING: Current functionality level = 1, required = 2 -Jeremy I didn't get any such warnings on any of my machines, they were all using clamav 0.72 with freshclam daemonized (with LogVerbose in freshclam.conf). Do you have to do anything special to get this sort of behavior? Also did anyone get these warnings when running a version previous to 0.75.1? Ryan Moore > This is predicated on the developers of the database incrementing the > "functionality level" when they make changes like this. > > I'm still not sure I get it, but there seems to be some resistance to doing > this consistantly. > > Some changes in detection seem to make it into CVS, and I think future > versions without a change in the db functionality level - so the code is > there, and maybe it was originally for MAJOR changes - not simply one or two > viruses that need the upgrade, but it doesn't seem to make sense for the way > people use this project... IIRC freshclam doesn't even update the local database if your local installation has a too small "functionality level". I guess it was implemented with major database format changes in mind, like 0.72 simply won't load databeses with the new md5 hashes in it (it would die). Just an educated guess though. Haven't looked at the sources. Thomas --- This SF.Net email is sponsored by OSTG. Have you noticed the changes on Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now, one more big change to announce. We are now OSTG- Open Source Technology Group. Come see the changes on the new OSTG site. www.ostg.com ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] Clamav Engine upgrades?
This is predicated on the developers of the database incrementing the "functionality level" when they make changes like this. I'm still not sure I get it, but there seems to be some resistance to doing this consistantly. Some changes in detection seem to make it into CVS, and I think future versions without a change in the db functionality level - so the code is there, and maybe it was originally for MAJOR changes - not simply one or two viruses that need the upgrade, but it doesn't seem to make sense for the way people use this project... my 2 cents. m/ > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Ryan Moore > Sent: Thursday, August 05, 2004 2:02 PM > To: [EMAIL PROTECTED] > Subject: Re: [Clamav-users] Clamav Engine upgrades? > > > Jeremy Kitchen wrote: > > On Thursday 05 August 2004 12:46 pm, Ryan Moore wrote: > > > >>Such that if freshclam downloads a signature and if the > >>signature has a 'engine version requirement' or some attribute that can > >>be compared against the installed engine, if the installed engine isn't > >>newer, give a nasty warning in the log. > > > > > > it already does this. search the archives for 'functionality level' > > > > > >>WARNING: Your ClamAV installation is OUTDATED - please update > immediately ! > >>WARNING: Current functionality level = 1, required = 2 > > > > > > -Jeremy > > > > I didn't get any such warnings on any of my machines, they were all > using clamav 0.72 with freshclam daemonized (with LogVerbose in > freshclam.conf). Do you have to do anything special to get this sort of > behavior? Also did anyone get these warnings when running a version > previous to 0.75.1? > > > Ryan Moore > -- > Perigee.net Corporation > 704-849-8355 (sales) > 704-849-8017 (tech) > www.perigee.net > > > > --- > This SF.Net email is sponsored by OSTG. Have you noticed the changes on > Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now, > one more big change to announce. We are now OSTG- Open Source Technology > Group. Come see the changes on the new OSTG site. www.ostg.com > ___ > Clamav-users mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/clamav-users > --- This SF.Net email is sponsored by OSTG. Have you noticed the changes on Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now, one more big change to announce. We are now OSTG- Open Source Technology Group. Come see the changes on the new OSTG site. www.ostg.com ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Clamav Engine upgrades?
Jeremy Kitchen wrote: On Thursday 05 August 2004 12:46 pm, Ryan Moore wrote: Such that if freshclam downloads a signature and if the signature has a 'engine version requirement' or some attribute that can be compared against the installed engine, if the installed engine isn't newer, give a nasty warning in the log. it already does this. search the archives for 'functionality level' WARNING: Your ClamAV installation is OUTDATED - please update immediately ! WARNING: Current functionality level = 1, required = 2 -Jeremy I didn't get any such warnings on any of my machines, they were all using clamav 0.72 with freshclam daemonized (with LogVerbose in freshclam.conf). Do you have to do anything special to get this sort of behavior? Also did anyone get these warnings when running a version previous to 0.75.1? Ryan Moore -- Perigee.net Corporation 704-849-8355 (sales) 704-849-8017 (tech) www.perigee.net --- This SF.Net email is sponsored by OSTG. Have you noticed the changes on Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now, one more big change to announce. We are now OSTG- Open Source Technology Group. Come see the changes on the new OSTG site. www.ostg.com ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Clamav Engine upgrades?
On Thursday 05 August 2004 12:46 pm, Ryan Moore wrote: > Such that if freshclam downloads a signature and if the > signature has a 'engine version requirement' or some attribute that can > be compared against the installed engine, if the installed engine isn't > newer, give a nasty warning in the log. it already does this. search the archives for 'functionality level' > WARNING: Your ClamAV installation is OUTDATED - please update immediately ! > WARNING: Current functionality level = 1, required = 2 -Jeremy -- Jeremy Kitchen ++ Systems Administrator ++ Inter7 Internet Technologies, Inc. [EMAIL PROTECTED] ++ www.inter7.com ++ 866.528.3530 ++ 847.492.0470 int'l kitchen @ #qmail #gentoo on EFnet ++ scriptkitchen.com/qmail --- This SF.Net email is sponsored by OSTG. Have you noticed the changes on Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now, one more big change to announce. We are now OSTG- Open Source Technology Group. Come see the changes on the new OSTG site. www.ostg.com ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Clamav Engine upgrades?
On Thu, 5 Aug 2004, Ryan Moore wrote: > Over the past few days I've had a few reports of a virus getting > through, and while the sig database has that virus listed (sigtool -l), > I don't see any blocks in my messages log. I'm still running a slightly > older version of clamav on most my boxes (0.72) since there were some > issues with the newer versions over the past few weeks, though I'm > thinking they may have been resolved? Versions older than 0.75 will not catch all variants of Mydoom.M. Version 0.75.1 was released to resolve the stability issues, and seems to be working well for me. > My main question is, that with some of these new signatures that have > been released, do they need an upgrade of the scanning engine > (libclamav?) itself? I'm guessing the answer is yes, and also wondering > if there is a way to include automated notification when freshclam runs > perhaps. Such that if freshclam downloads a signature and if the > signature has a 'engine version requirement' or some attribute that can > be compared against the installed engine, if the installed engine isn't > newer, give a nasty warning in the log. That's a good idea. Not sure how they would add support for that, though, without having the version numbers change _very_ frequently. Not that having them change is a bad thing > Not sure if this has been discussed before, if so I appologize as I must > have missed the thread. It should probably be a FAQ. Damian Menscher -- -=#| Physics Grad Student & SysAdmin @ U Illinois Urbana-Champaign |#=- -=#| 488 LLP, 1110 W. Green St, Urbana, IL 61801 Ofc:(217)333-0038 |#=- -=#| 4602 Beckman, VMIL/MS, Imaging Technology Group:(217)244-3074 |#=- -=#| <[EMAIL PROTECTED]> www.uiuc.edu/~menscher/ Fax:(217)333-9819 |#=- -=#| The above opinions are not necessarily those of my employers. |#=- --- This SF.Net email is sponsored by OSTG. Have you noticed the changes on Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now, one more big change to announce. We are now OSTG- Open Source Technology Group. Come see the changes on the new OSTG site. www.ostg.com ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Clamav Engine upgrades?
Over the past few days I've had a few reports of a virus getting through, and while the sig database has that virus listed (sigtool -l), I don't see any blocks in my messages log. I'm still running a slightly older version of clamav on most my boxes (0.72) since there were some issues with the newer versions over the past few weeks, though I'm thinking they may have been resolved? My main question is, that with some of these new signatures that have been released, do they need an upgrade of the scanning engine (libclamav?) itself? I'm guessing the answer is yes, and also wondering if there is a way to include automated notification when freshclam runs perhaps. Such that if freshclam downloads a signature and if the signature has a 'engine version requirement' or some attribute that can be compared against the installed engine, if the installed engine isn't newer, give a nasty warning in the log. Not sure if this has been discussed before, if so I appologize as I must have missed the thread. -- Ryan Moore -- Perigee.net Corporation 704-849-8355 (sales) 704-849-8017 (tech) www.perigee.net --- This SF.Net email is sponsored by OSTG. Have you noticed the changes on Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now, one more big change to announce. We are now OSTG- Open Source Technology Group. Come see the changes on the new OSTG site. www.ostg.com ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users