Mailing List Archive

Re: feature request for clam (STREAM mode)
On Mon, 18 Aug 2003 08:46:28 +0200
Stefan Kaltenbrunner <mm-mailinglist@madness.at> wrote:

> I really, really dislike this solution which reminds me in some way to
> the (br0ken) ftp-protocol. A solution like this make any kind of

Why do you think it's broken ? FTP has been designed to carry a really
big files and I think the design is quite good. Of course there are some
minuses of FTP (like a problems with a tunneling), but there's no
protocol without a defects.

> loadbalancing(using a standard TCP balancing solution) nearly
> impossible. Any chance that this design could be changed to using a
> single TCP-Port. This would allow use to loadbalance/failover clamd

I will implement the new "STREAM2" command which only will use a command
descriptor.

Best regards,
Tomasz Kojm
--
oo ..... zolw@konarski.edu.pl
(\/)\......... http://www.konarski.edu.pl/~zolw
\..........._ I nie zapomnij kliknac w brzuszek...
//\ /\\ <- C. Amboinensis www.pajacyk.pl
Re: Re: feature request for clam (STREAM mode) [ In reply to ]
(I can't find the predecessor to this posting in the archives, and
only recently subscribed, so I don't have the context, can't comment
on the original question).

2003-08-18T11:25:31 Tomasz Kojm:
> On Mon, 18 Aug 2003 08:46:28 +0200
> Stefan Kaltenbrunner <mm-mailinglist@madness.at> wrote:
>
> > I really, really dislike this solution which reminds me in some way to
> > the (br0ken) ftp-protocol. A solution like this make any kind of
>
> Why do you think it's broken ? FTP has been designed to carry a really
> big files and I think the design is quite good.

FTP is a famously broken protocol. The really essential rot comes in
two parts: it uses multiple independant TCP connections, and it
encodes endpoints of some of those connections in the payload of
another one. The only other protocol I know of in any kind of
widespread use that's as loathesome is H.323.

Whether it's firewalling, NATting, network traffic instrumentation
and management, VPNning, or whatever, these are the first to break,
and each require special-casing all over the place.

FTP has the reasonable excuse that it was born before TCP/IP; the
predecessor protocol it was built atop had half-duplex connections
where TCP/IP has full-duplex connections. There the plan of one
control connection managing the setup of separate data connections
for each file or "dir" data download really improved an unfortunate
situation. For use today, ftp is completely obsolete and deprecated,
and every current use of ftp should switch to something else --- for
most purposes, http.

-Bennett
Re: Re: feature request for clam (STREAM mode) [ In reply to ]
On Mon, 18 Aug 2003 12:44:54 -0400
Bennett Todd <bet@rahul.net> wrote:

Hi Bennett,

thanks for the detailed description - not being a system administrator,
my contact with FTP (I'm not familiar with the protocol itself) is via
the console ftp tool only. I do understand all the administrative
problems you described and must admit that the STREAM command is
vulnerable to them, too. I'm going to implement a new / enhanced
version of this command ASAP.

> situation. For use today, ftp is completely obsolete and deprecated,
> and every current use of ftp should switch to something else --- for
> most purposes, http.

Unfortunately FTP is extremely popular and there are small chances
people stop using it (unless all system administrators will burn it at
the stake, just like Intel did with ISA).

Best regards,
Tomasz Kojm
--
oo ..... zolw@konarski.edu.pl
(\/)\......... http://www.konarski.edu.pl/~zolw
\..........._ I nie zapomnij kliknac w brzuszek...
//\ /\\ <- C. Amboinensis www.pajacyk.pl
Re: Re: feature request for clam (STREAM mode) [ In reply to ]
Tomasz Kojm wrote:
> On Mon, 18 Aug 2003 12:44:54 -0400
> Bennett Todd <bet@rahul.net> wrote:
>
> Hi Bennett,
>
> thanks for the detailed description - not being a system administrator,
> my contact with FTP (I'm not familiar with the protocol itself) is via
> the console ftp tool only. I do understand all the administrative
> problems you described and must admit that the STREAM command is
> vulnerable to them, too. I'm going to implement a new / enhanced
> version of this command ASAP.

Bennett beat me to an answer (but his one was much better anyway *g*) -
it's nice to hear that you are considering a different implementation too.
I have not looked into it in more detail but sophie
(http://www.vanja.com/tools/sophie/) - the daemonaddon to the sophos
virusscanner does have some sort of networksupport - maybe it's useful
to take a look at this implementation.


Stefan
Re: Re: feature request for clam (STREAM mode) [ In reply to ]
On Tue, 19 Aug 2003 08:59:04 +0200
Stefan Kaltenbrunner <mm-mailinglist@madness.at> wrote:

> I have not looked into it in more detail but sophie
> (http://www.vanja.com/tools/sophie/) - the daemonaddon to the sophos

Oh, I don't think it's a good example ;) I know that Sophie works but
the code leaves a lot to be desired.

Best regards,
Tomasz Kojm
--
oo ..... zolw@konarski.edu.pl
(\/)\......... http://www.konarski.edu.pl/~zolw
\..........._ I nie zapomnij kliknac w brzuszek...
//\ /\\ <- C. Amboinensis www.pajacyk.pl
Re: Re: feature request for clam (STREAM mode) [ In reply to ]
Tomasz Kojm wrote:
> Oh, I don't think it's a good example ;) I know that Sophie works but
> the code leaves a lot to be desired.

hehe - I don't think it's a "problem" for me getting both - a good
virusscanner with a sane networking-implementation AND high quality
coding :-)


Stefan