Re: [Clamav-users] Re: Any way to add a line to cleaned email?
Hi! 8--2005 12:18 [EMAIL PROTECTED] (Peter J. Holzer) wrote to ClamAV users ML clamav-users@lists.clamav.net: Infected machine _isn't_ _rare_ situation. PJH 1) I think real viruses which infect other programs are getting rare. For me, as victim of virus like CIH, is unimportant that this virus is rare. PJH Ah, first you claim that it isn't rare, now you don't care whether it is PJH rare. Where is contradiction? I state, that infected machines are not rare, but even _if_ they are rare, then for victims this is unimportant. BTW, CIH infects almost all executables in system. I fear to imagine, what happens, if ClamAV will be runned on such machine (and ClamAV removes almost all, including itself)... PJH Don't run a virus scanner on an already infected system - you can't There is not always possible to make scanning of infected system through (guaranteedly) clean environment, especialy when we say about home machine and/or near no other (clean) machine and/or near no bootable media with (Clam)AV and/or machine owned by beginner. PJH trust it (especially not if it has been infected itself). Boot from a This is one reason, why I will not mess myself with NT/XP, and from Windows family prefer Win98, which I may handle outside it (from DOS). Even if updates will not distributed through maillist officialy, I may download them from ftp (_if_ this access will be opened). PJH How is FTP an improvement over HTTP? ftpmail services are more stable and less restricted. PJH (Are there still FTP-Mail gateways? Many. PJH Seriously: Setting up different ways of distribution costs time and PJH money. Distributing updates via mail has been discussed on this list PJH and it was determined that the cost would be prohibitive (to be fair, Why? What and how much costs there? PJH 2) You don't need freshclam to do the updates, but if you update PJHmanually, you also have to restart clamd and check for errors PJHmanually. Which errors? PJH(And I guess most people here consider having to do this PJHabout once per day unacceptable - Unix sysadmins are lazy). This is my headache. ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Re: Any way to add a line to cleaned email?
You're missing the main point of ClamAV: it's a server-based virus scanner for e-mail. It's not a workstation AV solution. Just because some people try to shoe-horn it into a workstation AV solution does not mean that it is designed for that purpose. Look at the virus database for ClamAV: there's only ~22,000 viruses listed, 95% of which are all spread through e-mail. Compare that to a commercial, workstation AV solution that has over ~80,000 different viruses, from true file-borne viruses, to boot-sector viruses, to polymorphic Win32 viruses. These are two very different beasts. ClamAV is mainly used to prevent the spread of viruses. It's sole purpose, really, is to prevent viruses from entering your network through e-mail. If a virus does get through, it's up to you to find another AV solution to clean it off the individual workstations. Think of ClamAV as a plastic bubble around your house that prevents airborne viruses from entering your house. It keeps new viruses out, but you can't use it to clean a virus off your piano. -- Freddie Cash, CCNT CCLPHelpdesk / Network Support Tech. School District 73 (250) 377-HELP [377-4357] [EMAIL PROTECTED] ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Re: Any way to add a line to cleaned email?
On Mon, 2005-01-10 at 16:53, Freddie Cash wrote: You're missing the main point of ClamAV: it's a server-based virus scanner for e-mail. It's not a workstation AV solution. Just because some people try to shoe-horn it into a workstation AV solution does not mean that it is designed for that purpose. Look at the virus database for ClamAV: there's only ~22,000 viruses listed, 95% of which are all spread through e-mail. Compare that to a commercial, workstation AV solution that has over ~80,000 different viruses, from true file-borne viruses, to boot-sector viruses, to polymorphic Win32 viruses. To keep your numbers in perspective, there are only ~1500 viruses listed in the entire WildList. And I don't believe that 95% figure either. -trog signature.asc Description: This is a digitally signed message part ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Re: Any way to add a line to cleaned email?
On January 10, 2005 08:58 am, Trog wrote: On Mon, 2005-01-10 at 16:53, Freddie Cash wrote: You're missing the main point of ClamAV: it's a server-based virus scanner for e-mail. It's not a workstation AV solution. Just because some people try to shoe-horn it into a workstation AV solution does not mean that it is designed for that purpose. Look at the virus database for ClamAV: there's only ~22,000 viruses listed, 95% of which are all spread through e-mail. Compare that to a commercial, workstation AV solution that has over ~80,000 different viruses, from true file-borne viruses, to boot-sector viruses, to polymorphic Win32 viruses. To keep your numbers in perspective, there are only ~1500 viruses listed in the entire WildList. And I don't believe that 95% figure either. I'm going by what freshclam reports for the number of virus signatures in the DB. Today's freshclam update shows 29,374 signatures in the database. The 95% I pretty much pulled out of the air based on all the docs on the ClamAV site that say ClamAV is mainly concerned with e-mail-borne viruses, and not old boot-sector, or file-based viruses and such. I think it was in a FAQ about why ClamAV only detects ~20,000 viruses while AV App X detects ~80,000. I can't find the reference now, but there was mention of it on the clamav.net website at one point. -- Freddie Cash, CCNT CCLPHelpdesk / Network Support Tech. School District 73 (250) 377-HELP [377-4357] [EMAIL PROTECTED] ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Re: Any way to add a line to cleaned email?
Hi! 10--2005 18:38 [EMAIL PROTECTED] (Peter J. Holzer) wrote to ClamAV users ML clamav-users@lists.clamav.net: This is one reason, why I will not mess myself with NT/XP, and from Windows family prefer Win98, which I may handle outside it (from DOS). PJH OTOH, the Windows NT family has a functional privilege system, so if you PJH are a bit careful (i.e., work as a non-privileged user) the chance of PJH being infected is a lot lower. If and when me will needed security reason, this is place for linux, not for NT family. PJH Seriously: Setting up different ways of distribution costs time and PJH money. Distributing updates via mail has been discussed on this list PJH and it was determined that the cost would be prohibitive (to be fair, Why? What and how much costs there? PJH Sending out daily (or sometimes even more frequent) updates per mail to PJH many thousands of people in a timely manner (i.e. within less than an PJH hour - the goal was to be faster than the polling method used by PJH freshclam at the that time) is not gratis. You need a fast server and a PJH lot of bandwidth. (As I understand, each new daily.cvd is a collection of all previous daily.cvd?) May be, this is another reason to revise updated files hierarhy? Let me remind Dr.Web's architecture: there is main database (4.32 - 997k; ie. much higher compressed, than for ClamAV) and weekly updates (each 7-15k in size), which are independent each other (ie. they are placed in one directory and not replace one by other). I think, 15k/week (read: 2k/day) requires not too much bandwith (this letter is more in size). This is just suggestion. PJH 2) You don't need freshclam to do the updates, but if you update PJHmanually, you also have to restart clamd and check for errors PJHmanually. Which errors? PJH You may retrieve a partial or garbled database file. Sounds reasonable and not unexpected. BTW, does this mean, that freshclam duplicates part of clamd functionality (by downloading base into temorary file, then checking base integrity, to moving base at it target place)? PJH Or maybe you get the updates in the wrong order ... Same as above - this not frighten me. :) I just hope, that there _is_ protection in clamd against broken and unordered bases. ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Re: Any way to add a line to cleaned email?
On 2005-01-08 03:06:56 +0300, Arkady V.Belousov wrote: 7-???-2005 21:32 [EMAIL PROTECTED] (Peter J. Holzer) wrote to ClamAV users ML clamav-users@lists.clamav.net: Infected machine _isn't_ _rare_ situation. PJH No, but PJH 1) I think real viruses which infect other programs are getting rare. For me, as victim of virus like CIH, is unimportant that this virus is rare. Ah, first you claim that it isn't rare, now you don't care whether it is rare. BTW, CIH infects almost all executables in system. I fear to imagine, what happens, if ClamAV will be runned on such machine (and ClamAV removes almost all, including itself)... Don't run a virus scanner on an already infected system - you can't trust it (especially not if it has been infected itself). Boot from a known clean medium (e.g. a CD-ROM) and run it from there. If almost every executable has been infected, wipe the machine clean, reinstall and restore the data from backup. Scan again to make sure you haven't restored the virus. But if you are already infected, you haven't used ClamAV as intended: It's job is to *prevent* infection by inspecting files *before* they are executed, not to clean up the mess after the damage has been done. It is a testing tool, not an antidote. If you find a mushroom in the woods, you can use it to find out whether the mushroom is edible or poisonous. It is not intended to heal you if you eat the poisonous mushroom (although in some limited circumstances it may still help you). PJH non-internet methods of delivering updates. If you don't have internet PJH access, maybe you should ask whether someone could mail the updates to PJH you. Even if updates will not distributed through maillist officialy, I may download them from ftp (_if_ this access will be opened). How is FTP an improvement over HTTP? You need direct internet access for both, and FTP isn't friendly to firewalls (and therefore often blocked). Everybody who can use FTP can also use HTTP (unless their sysadmin was completely out of his mind), but the reverse is not true. (Are there still FTP-Mail gateways? I remember using them in the 1980's - if so they probably also handle HTTP these days). But how to inject updates without disturbing my (isolated) machine by fat error-prone pigs like IIS or Apache? That has been explained - just copy the files and restart clamd. It has also been explained why running a local http server (it doesn't have to be a fat error-prone pig like IIS or Apache, it can also be a lean error-prone pig like thttpd :-)) is a better idea. JM doing is attempting to make a program fit where it was not designed. I Hm. There was promotions, that ClamAV is comparable to other commercial _antiviruses_, and I, as free software preferer, was plan to use it as my (main) antivirus on my home machine. PJH Since ClamAV is advertised as a GPL anti-virus toolkit for UNIX Promotions, which I hear, lost suffix for UNIX. And, I download not for UNIX distributive. I don't know what promotions about ClamAV you get. I don't get any glossy flyers about ClamAV in my mail. I was quoting from the ClamAV home page - which is IMNSHO the most authoritative source for information about ClamAV. PJH Like any good tool, ClamAV is used for tasks for which it wasn't PJH designed. However, if you do that, you must be prepared to invest a PJH little work by yourself, and can't expect everything to work out of the PJH box. This is why I subscribed to this group and try to ask. But I get even answers with proposal to use carrier pigeons... :( You know RFC 1149? That has even been implemented :-) Seriously: Setting up different ways of distribution costs time and money. Distributing updates via mail has been discussed on this list and it was determined that the cost would be prohibitive (to be fair, the goal was to provide faster notifications, not to send updates to people who can't use HTTP - the latter would probably be a lot cheaper). So you have been told: 1) Updates are distributed officially only by HTTP 2) You don't need freshclam to do the updates, but if you update manually, you also have to restart clamd and check for errors manually. (And I guess most people here consider having to do this about once per day unacceptable - Unix sysadmins are lazy). It is now your problem to put this information together. But don't seem to want ClamAV - you want Dr.Web for free. hp -- _ | Peter J. Holzer| Je höher der Norden, desto weniger wird |_|_) | Sysadmin WSR | überhaupt gesprochen, also auch kein Dialekt. | | | [EMAIL PROTECTED] | Hallig Gröde ist fast gänzlich dialektfrei. __/ | http://www.hjp.at/ | -- Hannes Petersen in desd pgp0rjVI2E5qS.pgp Description: PGP signature ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Re: Any way to add a line to cleaned email?
On 2005-01-08 11:24:49 +, Brian Morrison wrote: On Sat, 8 Jan 2005 12:18:27 +0100 in [EMAIL PROTECTED] Peter J. Holzer [EMAIL PROTECTED] wrote: 2) You don't need freshclam to do the updates, but if you update manually, you also have to restart clamd and check for errors manually. (And I guess most people here consider having to do this about once per day unacceptable - Unix sysadmins are lazy). No, they just have the tools to make their lives easier :) And if they don't have them, they write them. The three principal virtues of a programmer are Laziness, Impatience, and Hubris -- Larry Wall hp -- _ | Peter J. Holzer| Je höher der Norden, desto weniger wird |_|_) | Sysadmin WSR | überhaupt gesprochen, also auch kein Dialekt. | | | [EMAIL PROTECTED] | Hallig Gröde ist fast gänzlich dialektfrei. __/ | http://www.hjp.at/ | -- Hannes Petersen in desd pgp8STaCSSfGX.pgp Description: PGP signature ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Re: Any way to add a line to cleaned email?
Hi! 6--2005 20:25 [EMAIL PROTECTED] (Jim Maul) wrote to ClamAV users ML clamav-users@lists.clamav.net: Ok, let me get this right. Clamav cannot clean? What good is it? JM What good is it? It detects viruses! I'd say thats pretty good. 1. When (I hope, not if) disinfection will be implemented? 2. How handled viruses, which affects not only files (there are a lot of ways: - boot-viruses; - modifying batch/scripts/source files; - adding Run keys in Windows registry; - modifying other vital Registry keys ). 3. How handled viruses, which doesn't modify files (like NIMDA)? ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Re: Any way to add a line to cleaned email?
On Friday 07 Jan 2005 17:30, Arkady V.Belousov wrote: 1. When (I hope, not if) disinfection will be implemented? http://www.clamav.net/faq.htm, answer 26. -- Nigel Horne. Arranger, Composer, Typesetter. NJH Music, Barnsley, UK. ICQ#20252325 [EMAIL PROTECTED] http://www.bandsman.co.uk ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Re: Any way to add a line to cleaned email?
* Nigel Horne [EMAIL PROTECTED] [050107 10:46]: On Friday 07 Jan 2005 17:30, Arkady V.Belousov wrote: 1. When (I hope, not if) disinfection will be implemented? http://www.clamav.net/faq.htm, answer 26. For records it is, http://www.clamav.net/faq.html i.e. faq.html and not faq.htm Shantanu -- ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Re: Any way to add a line to cleaned email?
Arkady V.Belousov wrote the following on 01/07/2005 06:30 PM : Hi! 6--2005 20:25 [EMAIL PROTECTED] (Jim Maul) wrote to ClamAV users ML clamav-users@lists.clamav.net: Ok, let me get this right. Clamav cannot clean? What good is it? JM What good is it? It detects viruses! I'd say thats pretty good. 1. When (I hope, not if) disinfection will be implemented? disinfection is implemented by your backup software, just restore the last backup to restore infected files clamav will delete. If you don't have any backup you have huge problems nobody can help you with... 2. How handled viruses, which affects not only files (there are a lot of ways: - boot-viruses; they don't work with windows. Your PC won't boot anymore : restore backups or use fdisk /mbr. - modifying batch/scripts/source files; detected. - adding Run keys in Windows registry; restore backups. - modifying other vital Registry keys restore backups. ). 3. How handled viruses, which doesn't modify files (like NIMDA)? Use a firewall, apply security fixes. From what I read in your post, you seem to be mistaking AV solutions with a full fledge security policy involving AV solutions as an item among others. Best regards, -- Lionel Bouton - inet6 - o Siege social: 51, rue de Verdun - 92158 Suresnes / _ __ _ Acces Bureaux: 33 rue Benoit Malon - 92150 Suresnes / /\ /_ / /_ France \/ \/_ / /_/ Tel. +33 (0) 1 41 44 85 36 Inetsys S.A.Fax +33 (0) 1 46 97 20 10 ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Re: Any way to add a line to cleaned email?
Hi! 6--2005 21:37 [EMAIL PROTECTED] (Noel Jones) wrote to clamav-users@lists.clamav.net: NJ Cleaning of viruses is a marketing ploy. Not agreed. We use antiviruses from middle of 80th, and they save us many programs, which else be losted... NJ after cleaning but a corrupted file. The days when a virus would NJ simply add x number of bytes to the end of a file are long gone. This not mean, that there is impossible to restore programs, archives and other files after some viruses. (Again: I was very swear, when ClamAV removes archive with bases for F-PROT, where was present EACAR-test file). BTW, is there exists heuristic search in ClamAV? How ClamAV performs scan for polymorhic viruses? NJ The sysadmin tells the glue program what to do when a virus is found NJ according to local policy - 550 reject during SMTP, discard, What about home users? NJ Future versions of clamav may be able to disinfect MS Office NJ documents, but I don't see any point in even trying to disinfect an NJ executable file. The commercial products get this wrong often enough Yes, _sometime_ curing of document/executable may be wrong, but (in present days) this is rarely (at least, if restoring is possible at all). NJ that anyone with an infected executable would be well advised to NJ restore from a known good source ...which may be nonexisten. :( NJ rather than trust the file is back in its original condition. ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Re: Any way to add a line to cleaned email?
Arkady V.Belousov wrote: Hi! 6--2005 20:25 [EMAIL PROTECTED] (Jim Maul) wrote to ClamAV users ML clamav-users@lists.clamav.net: Ok, let me get this right. Clamav cannot clean? What good is it? JM What good is it? It detects viruses! I'd say thats pretty good. 1. When (I hope, not if) disinfection will be implemented? Disinfection (with the exception of ole2) is not planned. 2. How handled viruses, which affects not only files (there are a lot of ways: - boot-viruses; - modifying batch/scripts/source files; - adding Run keys in Windows registry; - modifying other vital Registry keys Regardless of what the virus itself does, the virus has to be received from somewhere. What ClamAV does is detect viruses in email which can then be blocked by some other means before they even have the chance to make it into a users mailbox. ClamAV is not intended to be run after the fact on an already infected machine. ). 3. How handled viruses, which doesn't modify files (like NIMDA)? See answer above. I really dont see what the issue is here. You appear to be in a rare situation and for this i feel your pain, but what you also seem to be doing is attempting to make a program fit where it was not designed. I posted this earlier but perhaps it needs to be repeated. ClamAV is intended to be run on mailservers to detect viruses in internet email. It is even used in situations that stray from this quite a bit and as other users have suggested, there are ways around things. But you seem to be on some sort of mission to turn clamav into drweb or whatever product to appear to like so much. BBSes?? I ran one of those when i was 12... -Jim ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Re: Any way to add a line to cleaned email?
Hi! 7--2005 13:27 [EMAIL PROTECTED] (Jim Maul) wrote to ClamAV users ML clamav-users@lists.clamav.net: JM make it into a users mailbox. ClamAV is not intended to be run after JM the fact on an already infected machine. JM I really dont see what the issue is here. You appear to be in a rare JM situation Infected machine _isn't_ _rare_ situation. JM and for this i feel your pain, but what you also seem to be JM doing is attempting to make a program fit where it was not designed. I Hm. There was promotions, that ClamAV is comparable to other commercial _antiviruses_, and I, as free software preferer, was plan to use it as my (main) antivirus on my home machine. Now you say, that I have no free alternative for commercial antiviruses on home machine... B-\ :( I have no words... JM BBSes?? I ran one of those when i was 12... This is only one example, that there is exists ways outside internet. ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Re: Any way to add a line to cleaned email?
On Fri, 7 Jan 2005 22:22:56 +0300 (MSK) in [EMAIL PROTECTED] Arkady V.Belousov [EMAIL PROTECTED] wrote: This is only one example, that there is exists ways outside internet. Those alternatives have been out-evolved in the main -- Brian Morrison bdm at fenrir dot org dot uk GnuPG key ID DE32E5C5 - http://wwwkeys.uk.pgp.net/pgpnet/wwwkeys.html ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Re: Any way to add a line to cleaned email?
Arkady V.Belousov wrote: Hi! 7--2005 13:27 [EMAIL PROTECTED] (Jim Maul) wrote to ClamAV users ML clamav-users@lists.clamav.net: JM make it into a users mailbox. ClamAV is not intended to be run after JM the fact on an already infected machine. JM I really dont see what the issue is here. You appear to be in a rare JM situation Infected machine _isn't_ _rare_ situation. No an infected machine isnt rare. An infected machine with no internet access is however. JM and for this i feel your pain, but what you also seem to be JM doing is attempting to make a program fit where it was not designed. I Hm. There was promotions, that ClamAV is comparable to other commercial _antiviruses_, and I, as free software preferer, was plan to use it as my (main) antivirus on my home machine. And thats the problem. ClamAV wasnt really designed to be an av solution on a home machine. It doesnt disinfect, quaratine, or have a fancy gui like some other commercial av solutions. What it does do is detect viruses. And on average it catches new outbreaks before many other commercial av solutions. Now you say, that I have no free alternative for commercial antiviruses on home machine... B-\ :( I have no words... I never said there was no free alternative for you. Im simply suggesting that perhaps clamav is not what you are looking for. This is neither your fault nor the clamav team's. Its simply not the right tool for the job. JM BBSes?? I ran one of those when i was 12... This is only one example, that there is exists ways outside internet. Of course, but for open source software, how many methods can you really expect? They have to be set up and maintained and this takes time and money. Personally i'd rather have that time and money focused into making the best av solution for the majority of the people. You can't please everyone all the time. -Jim ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Re: Any way to add a line to cleaned email?
Calvin Dodge wrote: On Fri, Jan 07, 2005 at 03:38:41PM -0500, Jim Maul wrote: Arkady V.Belousov wrote: And thats the problem. ClamAV wasnt really designed to be an av solution on a home machine. It doesnt disinfect, quaratine, or have a fancy gui like some other commercial av solutions. What it does do is Actually, that's no longer the case. Check out clamwin (http://www.clamwin.com/) Calvin Yes, there are other options available now, however, clamav still wasnt designed to be an av solution on a home machine. Options exist which use clamav, but not clamav itself. -Jim ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Re: Any way to add a line to cleaned email?
Hi! 7--2005 18:46 [EMAIL PROTECTED] (Lionel Bouton) wrote to ClamAV users ML clamav-users@lists.clamav.net: 1. When (I hope, not if) disinfection will be implemented? LB disinfection is implemented by your backup software, just restore the LB last backup to restore infected files clamav will delete. If you don't LB have any backup you have huge problems nobody can help you with... Let me rephrase: ClamAV currently miss useful feature and will never implement it? :( Of course, backup is a good thing, but what happens, for example, if ClamAV removes (instead disinfection) backup program itself? Also, there are some law-related things, that some countries (like USA, with DMCA) _prohibit_ backuping... Well, I see your point. I wholeheartly not agreed with it (for us, life prove that you mistake here), but I will not (currently) debate this (even though this will remain a lot of users unfortunate). 2. How handled viruses, which affects not only files (there are a lot of ways: - boot-viruses; LB they don't work with windows. At least, they work with DOS. Win9x/ME runs over DOS. LB Your PC won't boot anymore : Wrong. PC _will_ boot with (most) boot-viruses (like it boots with programs, like drive overlay from Ontrack). LB restore backups or use fdisk /mbr. won't boot ... use fdisk. As I understand ClamAV doesn't cures (and this never possible with present ideology) OneHalf virus? - modifying batch/scripts/source files; LB detected. - adding Run keys in Windows registry; LB restore backups. :( - modifying other vital Registry keys LB restore backups. Especially, when after ClamAV removes infected file, Windows will not be booted/works correctly (because vital keys in given case)... Fine proposal. :( ). 3. How handled viruses, which doesn't modify files (like NIMDA)? LB Use a firewall, apply security fixes. There will be too late, when virus already infects system (for example, through newly discovered hole in system, which not yet protected by any firewall/fix). LB From what I read in your post, you LB seem to be mistaking AV solutions with a full fledge security policy LB involving AV solutions as an item among others. Antivirus, as in real life (from where programs called), should detect and remove virus. Will be strange, if drug instead curing you, will kill you, as virus medium, which is impossible to cure into original state. On the other side, backup may complement AV, but can't _replace_ it - for example, you can't (in current real life) backup _immediately_ any change in your programs and documents (which, thanks to MS, also may be infected, also as many other _data_ formats). So, _very probable_, that even with backups you cure from backup far not very recent edition. Same for firewalls and other security things: they can't replace full-featured AV, which is last level of defence and protect you, when virus pass around above levels. Strange, that I should explain such trivial concepts here. Sorry, may be, I was mistaken by program name (antivirus), which, probably, used instead something like mail-scanner with rudiments of independent AV program (at least, I get tripple mentioning, that ClamAV oriented only for scanning mail). ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Re: Any way to add a line to cleaned email?
Hi! 7--2005 21:32 [EMAIL PROTECTED] (Peter J. Holzer) wrote to ClamAV users ML clamav-users@lists.clamav.net: Infected machine _isn't_ _rare_ situation. PJH No, but PJH 1) I think real viruses which infect other programs are getting rare. For me, as victim of virus like CIH, is unimportant that this virus is rare. BTW, CIH infects almost all executables in system. I fear to imagine, what happens, if ClamAV will be runned on such machine (and ClamAV removes almost all, including itself)... PJH I certainly can't remember when I've seen the last one :-) These _I_ seen infected machines, and not in too distant days. PJH non-internet methods of delivering updates. If you don't have internet PJH access, maybe you should ask whether someone could mail the updates to PJH you. Even if updates will not distributed through maillist officialy, I may download them from ftp (_if_ this access will be opened). But how to inject updates without disturbing my (isolated) machine by fat error-prone pigs like IIS or Apache? JM doing is attempting to make a program fit where it was not designed. I Hm. There was promotions, that ClamAV is comparable to other commercial _antiviruses_, and I, as free software preferer, was plan to use it as my (main) antivirus on my home machine. PJH Since ClamAV is advertised as a GPL anti-virus toolkit for UNIX Promotions, which I hear, lost suffix for UNIX. And, I download not for UNIX distributive. PJH Like any good tool, ClamAV is used for tasks for which it wasn't PJH designed. However, if you do that, you must be prepared to invest a PJH little work by yourself, and can't expect everything to work out of the PJH box. This is why I subscribed to this group and try to ask. But I get even answers with proposal to use carrier pigeons... :( ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Re: Any way to add a line to cleaned email?
Top posting because the guy below me did What good is it? It detects viruses! I'd say thats pretty good. -Jim Ok, let me get this right. Clamav cannot clean? What good is it? Noel Jones [EMAIL PROTECTED] wrote in news:[EMAIL PROTECTED]: At 03:03 PM 1/6/2005, Thalador Du'Fosnee wrote: It is not deleting the message, only the attachment with the infected file. I got 24 messages yesterday that were cleaned. Is there a way to either add the line or tell it to delete the message instead of clean and deliver? In that case, whatever program you are using (MIMEDefang??, MailScanner?? anomy?? Some other AV scanner?? whatever...) is removing the infected attachment. Clam cannot disinfect mail or any file, it only reports infection. Any configuration changes, such as telling it to add Cleaned headers or better just drop the message, will need to be made in that program. ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Re: Any way to add a line to cleaned email?
Ok, let me get this right. Clamav cannot clean? What good is it? I guess I wonder how much I trust a piece of software to decide what the pre-infected package looked like. I guess it would be a good trick for it to know every combination of every virus and every infected attachment that can be sent. I'd use it to solve the lottery right away if it is truely all knowing, all seeing. It would be a great trick to sort out a virus that has infected a virus that is attached to a holiday greeting exe file. Oh yeah, that I'd trust. As for what good ClamAV is, it prevents thousands of viruses from entering my domain each week. The sending MTA is provided a DSN response as the filtering happens during the connection. I really don't care if there was anything else in the message of value, but if so, the sender will have an opportunity to send another message, assuming the sender exists at all. ClamAV does this by telling my milter there is a problem, btw, and the miter passes that along to SendMail. dp ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Re: Any way to add a line to cleaned email?
On Fri, Jan 07, 2005 at 01:12:02AM +, Thalador Du'Fosnee wrote: Ok, let me get this right. Clamav cannot clean? What good is it? Cleaning of viruses is a marketing ploy. Very few viruses in recent years infect files, they overwrite the good data in the file with their own code. There is nothing left after cleaning but a corrupted file. The days when a virus would simply add x number of bytes to the end of a file are long gone. The vast majority of email-borne viruses exist only to create more emails containing copies of itself. There is nothing to clean, and no point in delivering a we saved you from another virus notice to the recipient, certainly no notice should be sent to the forged sender address. So a lightweight, dependable, free program that detects viruses so you can take whatever action you see fit is very valuable - especially when you consider the impressive response time of the virus database maintainers. This is most effective when used with some glue program that decides what to do when a virus is found. With email, clamav-milter, amavisd-new, qmail-scanner are some popular choices. The sysadmin tells the glue program what to do when a virus is found according to local policy - 550 reject during SMTP, discard, quarantine, all these options are available within popular glue programs. Future versions of clamav may be able to disinfect MS Office documents, but I don't see any point in even trying to disinfect an executable file. The commercial products get this wrong often enough that anyone with an infected executable would be well advised to restore from a known good source rather than trust the file is back in its original condition. -- Noel Jones ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Re: Any way to add a line to cleaned email?
Noel Jones wrote: On Fri, Jan 07, 2005 at 01:12:02AM +, Thalador Du'Fosnee wrote: Ok, let me get this right. Clamav cannot clean? What good is it? Cleaning of viruses is a marketing ploy. Very few viruses in recent years infect files, they overwrite the good data in the file with their own code. There is nothing left after cleaning but a corrupted file. The days when a virus would simply add x number of bytes to the end of a file are long gone. Excellent point! 99.9% of todays email borne viruses contain absolutely nothing but the virus. If clamav were to clean the files, there would be nothing left but a few lines of text - what good is that? Prevention is the preferred medicine of choice, in my humble opinion, and ClamAV is doing a superb job! Vernon ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Re: Any way to add a line to cleaned email?
On Fri, 7 Jan 2005 01:12:02 + (UTC) Thalador Du'Fosnee [EMAIL PROTECTED] wrote: Ok, let me get this right. Clamav cannot clean? What good is it? It sounds like you are implying that you want to receive mail that contains a virus. What good is that? I want nothing to do with infected mail. Just chuck it, as it is trash. Alex ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
