Mailing List Archive

1 2 3  View All
Re: Idea for more timely virusdb updates [ In reply to ]
Am Thursday 12 August 2004 15:16 schrieb Bart Silverstrim:

> > Abusing the DNS to directly transfer files etc is not appropriate as
> > the DNS
> > infrastructure is not ready for such kind of "abuse".
>
> Give it time...someone's going to do it.

Well, people have tried to abuse it before fortunately they can be rather
easily blocked because the DNS system is strictly hierarchical.

> I'm surprised someone hasn't found a hole in DNS that would allow it to
> act as a way to distribute viruses via DNS records yet...

Provided there is a bug in the resolver or DNS server code somewhere of course
you can attack systems using malicious DNS records. There have been several
examples in the past.

I will stop now in this thread because we are becoming seriously off topic.

Regards,
-- martin

Dipl.-Phys. Martin Konold

e r f r a k o n
Erlewein, Frank, Konold & Partner - Beratende Ingenieure und Physiker
Nobelstrasse 15, 70569 Stuttgart, Germany
fon: 0711 67400963, fax: 0711 67400959
email: martin.konold@erfrakon.de


-------------------------------------------------------
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift.
http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
_______________________________________________
Clamav-users mailing list
Clamav-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: Idea for more timely virusdb updates [ In reply to ]
On Wed, Aug 11, 2004 at 08:34:48PM +0200, Martin Konold wrote:
> The problem with bittorent is that bittorent addresses a different problem
> domain.
>
> clamav pattern update:
> - frequently changing small number of small files distributed from a single
> point to many
>
> bittorrent:
> - slowly changing high number of potentially very big files distributed from
> many sources to many destinations.

This isn't correct. You somehow confusingly assume all current
bittorrent downloads are related? They are not. Each individual .torrent
starts out as a one-to-many distribution.

The nice thing about bittorrent is that practically immediately after
a third client connects, it becomes a many-to-many transfer, utilising
the available upload capacity of all clients.

So each individual torrent you find on those popular websites that list
all torrents, started as a single-point-to-many distribution. And the
number of torrents available there isn't slowly changing, in fact, it's
often changing way faster than new virus definitions are released :)

The main difference is that most currently offered torrents comprise
many megabytes, while a virus definition file would only be a few
kilobytes. But that doesn't invalidate the protocol, certainly not with
a high number of downloaders.

If anyone has questions on how the bittorrent protocol works, there
is quite a bit of info on the official website:
http://www.bitconjurer.org/BitTorrent/
and there's a wiki FAQ: http://wiki.theory.org/index.php/BitTorrentFAQ

--
#!perl -wpl # mmfppfmpmmpp mmpffm <pmmppfmfpppppfmmmf@fpffmm4mmmpmfpmf.ppppmf>
$p=3-2*/[^\W\dmpf_]/i;s.[a-z]{$p}.vec($f=join('',$p-1?chr(sub{$_[0]*9+$_[1]*3+
$_[2]}->(map{/p|f/i+/f/i}split//,$&)+97):qw(m p f)[map{((ord$&)%32-1)/$_%3}(9,
3,1)]),5,1)='`'lt$&;$f.eig; # Jan-Pieter Cornet


-------------------------------------------------------
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift.
http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
_______________________________________________
Clamav-users mailing list
Clamav-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: Idea for more timely virusdb updates [ In reply to ]
On Wed, Aug 11, 2004 at 03:07:35PM +0200, Lionel Bouton wrote:
> The ideal setup would be to push updates instead of clients polling
> them. It would requires a separate architecture though (HTTP mirrors
> can't push things).
>
> Since some time I am thinking of a bittorrent approach too. Bittorrent
> i...

All this should fail for the *majority* of ClamAV sites!!

Push updates implies people have put "clam servers" out on the Internet so
that they are reachable - I don't think so! That's what firewalls were
invented for.

Similarly, BitTorrent *requires* "raw" Internet access in order to operate -
again - not a normal situation for an AV server.

DNS for serial numbers plus HTTP for actual data transfer still sounds best
to me... All outgoing connections only, all well established (nothing exotic)


--
Cheers

Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1


-------------------------------------------------------
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift.
http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
_______________________________________________
Clamav-users mailing list
Clamav-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: Idea for more timely virusdb updates [ In reply to ]
On Sat, 14 Aug 2004 08:02:51 +1200
Jason Haar <Jason.Haar@trimble.co.nz> wrote:

> DNS for serial numbers plus HTTP for actual data transfer still sounds

New version of freshclam will work in this way. Big thanks to all for
the interesting thread !

--
oo ..... Tomasz Kojm <tkojm@clamav.net>
(\/)\......... http://www.ClamAV.net/gpg/tkojm.gpg
\..........._ 0DCA5A08407D5288279DB43454822DC8985A444B
//\ /\ Fri Aug 13 22:26:46 CEST 2004
RE: Idea for more timely virusdb updates [ In reply to ]
> Similarly, BitTorrent *requires* "raw" Internet access in order
> to operate -
> again - not a normal situation for an AV server.
>

Don't know what exactly you meant by "raw" as opposed to sauteed, broiled,
baked or toasted, but BitTorrent does NOT require unfirewalled access. It
does require a small port range to be forwarded to it, BUT that port range
is not required to be the same on any two hosts.

When the host contacts the tracker, it tells the tracker which ports it is
listening on so the tracker can distribute load to it.

m/



-------------------------------------------------------
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift.
http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
_______________________________________________
Clamav-users mailing list
Clamav-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: Idea for more timely virusdb updates [ In reply to ]
> > DNS for serial numbers plus HTTP for actual data transfer still sounds
>
> New version of freshclam will work in this way. Big thanks to all for
> the interesting thread !
>

Sounds cool Tomasz! Be interested to hear if this helps reduce the load on
the mirrors at all. Once this is tested, an update to recommended polling
times would be appreciated (for anyone not running freshclam as a daemon)

Thanks!

m/



-------------------------------------------------------
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift.
http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
_______________________________________________
Clamav-users mailing list
Clamav-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: Idea for more timely virusdb updates [ In reply to ]
On Fri, 13 Aug 2004, Tomasz Kojm wrote:

> New version of freshclam will work in this way. Big thanks to all for
> the interesting thread !

That's C-a-n-d-r-e-v-a .

For the CHANGES file.
:-)

-Chris

==========================================================
Chris Candreva -- chris@westnet.com -- (914) 967-7816
WestNet Internet Services of Westchester
http://www.westnet.com/


-------------------------------------------------------
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift.
http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
_______________________________________________
Clamav-users mailing list
Clamav-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: Idea for more timely virusdb updates [ In reply to ]
On Fri, Aug 13, 2004 at 02:22:55PM -0700, Mitch (WebCob) wrote:
> Don't know what exactly you meant by "raw" as opposed to sauteed, broiled,
> baked or toasted, but BitTorrent does NOT require unfirewalled access. It
> does require a small port range to be forwarded to it, BUT that port range
> is not required to be the same on any two hosts.

Well that means "raw" :-) It means the *incoming* ports involved need to be
open to the Internet. Creating outgoing SMTP/HTTP/FTP from within a
firewalled network doesn't mean you have to open up your firewall for any
incoming ports - BitTorrent does require that.

That falls into the "must have really good business case - can we put you in
a standalone DMZ?" case for most largish companies.


--
Cheers

Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1


-------------------------------------------------------
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift.
http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
_______________________________________________
Clamav-users mailing list
Clamav-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: Idea for more timely virusdb updates [ In reply to ]
Am Friday 13 August 2004 23:23 schrieb Mitch (WebCob):

Hi,

> > > DNS for serial numbers plus HTTP for actual data transfer still sounds

> > New version of freshclam will work in this way.

> the mirrors at all. Once this is tested, an update to recommended polling
> times would be appreciated (for anyone not running freshclam as a daemon)

Actually this is not required. A very nice feature of DNS is that it not only
transports the information (serial number) but also the metainformation when
to refetch the data.

This means that the clamav nameserver control the TTL (time to live) of the
data.

A nice side effect of this is that it allows for a flexible _server_ based
control of the DNS retry intervals of the clients.

E.g. the virusdb people get a new signature/virus. While investigating the
data they might consider to already lower the TTL so that the clients check
the DNS more frequently. As soon as the new signature/virusdb is available
the clients notice this rather fast.

In addition by managing the TTL the server can control how hard it is hit when
a new signature is available. Shorter TTL means less smoothing but better
latency.

IMHO using the DNS intelligently helps not only for the QoS but also the
internet as a whole because it avoids unnecessary and unproductive load on
all systems involved.

Side note: Lets hope that no 1$107 gets the idea to patent such a mechanism as
it just happend recently to us KDE people. (A KDE person had a UI idea and
presented it on a KDE ml. KDE implemented this idea in the following months
but MS took the idea, added the obvious and patented it :-(. MS even cites
the KDE ml as the source of the initial idea.....)

Regards,
-- martin

Dipl.-Phys. Martin Konold

e r f r a k o n
Erlewein, Frank, Konold & Partner - Beratende Ingenieure und Physiker
Nobelstrasse 15, 70569 Stuttgart, Germany
fon: 0711 67400963, fax: 0711 67400959
email: martin.konold@erfrakon.de


-------------------------------------------------------
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift.
http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
_______________________________________________
Clamav-users mailing list
Clamav-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: Idea for more timely virusdb updates [ In reply to ]
On Fri, 13 Aug 2004 22:34:43 +0200
Tomasz Kojm <tkojm@clamav.net> wrote:
>On Sat, 14 Aug 2004 08:02:51 +1200
>Jason Haar <Jason.Haar@trimble.co.nz> wrote:
>
>> DNS for serial numbers plus HTTP for actual data
>>transfer still sounds

>
>New version of freshclam will work in this way. Big
>thanks to all for
>the interesting thread !
>

How about incremental updates? Can it possibly make way to
next freshclam versions too?

Checking serial number (or version) via DNS will certainly
reduce some traffic on the mirrors, but I'm not sure how
much of the 91.53 GB (last month traffic here for *.cvd)
will be reduced. Version checking (assuming most clients
use the new freshclam) in my raw calculation uses 173840
(cvd hit) * 512 bytes = 85 MB. Not much.

If we can use incremental update, for each database update
we'll be distributing small ammount of data (say ... 1 - 5
kB) instead of the 162kB daily.cvd (or more) that we have
now.

If we distribute the incremental update via DNS (I still
have a thing for DNS), ISPs will cache this too so mirror
traffic will be much much much reduced.

I have a Linode with 25 GB monthly bandwidth on a fast
datacenter, and I'll be happy to contribute half of it for
clamav db mirror. But since mirror bandwidth requirement
is SOOO high, I can't do that can I? I'm sure that with
lower bandwidth requirement many people will be happy to
pinch in.

Regards,

Fajar


-------------------------------------------------------
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift.
http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
_______________________________________________
Clamav-users mailing list
Clamav-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: Idea for more timely virusdb updates [ In reply to ]
On Sat, Aug 14, 2004 at 01:07:06PM +0700, Fajar Nugraha wrote:
> How about incremental updates? Can it possibly make way to
> next freshclam versions too?

Too true. Some commercial AVs separate "patterns" into a library (large)
plus incremental files (small).

Typically the next "library" release contains the previous incremental
patterns, and the actual incremental files are deleted - stopping crustiness
from developing...

daily.cvd is 160K at the moment, and will be totally re-downloaded the next
time it's updated. However, this fiddling around trying to remember which
old one-off pattern files can now be deleted/ignored does add complexity -
something "daily.cvd" doesn't have to worry about...

I suspect the digital signing of those files might be screwing up
alternative options on this? After all, you don't want to be checking sigs
on 12 files before actually being able to start doing AV! Perhaps a
different way could be brought into play...

Can the digital sig be separated from the daily file, and have the current
CVD file changed into a better format that rsync could do a good job of
incrementing/appended it? That way an update would in effect be appending
some lines to the "daily.RAW" file, plus downloading the new (tiny) digital
signature of that file?


Just a thought

-
Cheers

Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1


-------------------------------------------------------
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift.
http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
_______________________________________________
Clamav-users mailing list
Clamav-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: Idea for more timely virusdb updates [ In reply to ]
On Saturday 14 August 2004 07:11 am, Jason Haar wrote:
> On Sat, Aug 14, 2004 at 01:07:06PM +0700, Fajar Nugraha wrote:
> > How about incremental updates? Can it possibly make way to
> > next freshclam versions too?
>
> Too true. Some commercial AVs separate "patterns" into a library (large)
> plus incremental files (small).
>
> Typically the next "library" release contains the previous incremental
> patterns, and the actual incremental files are deleted - stopping
> crustiness from developing...

I still don't see why rsync can't be used here. It can easily do incremental
updates.

-Jeremy

--
Jeremy Kitchen ++ Systems Administrator ++ Inter7 Internet Technologies, Inc.
jeremy@inter7.com ++ www.inter7.com ++ 866.528.3530 ++ 847.492.0470 int'l
kitchen @ #qmail #gentoo on EFnet ++ scriptkitchen.com/qmail



-------------------------------------------------------
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift.
http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
_______________________________________________
Clamav-users mailing list
Clamav-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: Idea for more timely virusdb updates [ In reply to ]
On Sun, 15 Aug 2004 08:25:36 -0500
Jeremy Kitchen <kitchen@scriptkitchen.com> wrote:
>On Saturday 14 August 2004 07:11 am, Jason Haar wrote:
>> On Sat, Aug 14, 2004 at 01:07:06PM +0700, Fajar Nugraha
>>wrote:
>> > How about incremental updates?

>I still don't see why rsync can't be used here. It can
>easily do incremental
>updates.

True. However,
(1) many firewall admins allow outgoing HTTP and DNS
ports; I cannot say the same for rsync port.
(2) The uncompressed signature (viruses.db*) files is a
good candidate for rsync (or even a simple diff command).
I don't know how well rsync or diff performs on the
compressed-signed *.cvd.

Regards,

Fajar


-------------------------------------------------------
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift.
http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
_______________________________________________
Clamav-users mailing list
Clamav-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: Idea for more timely virusdb updates [ In reply to ]
At 18:40 15.08.2004, Fajar Nugraha wrote:
>On Sun, 15 Aug 2004 08:25:36 -0500
> Jeremy Kitchen <kitchen@scriptkitchen.com> wrote:
>>On Saturday 14 August 2004 07:11 am, Jason Haar wrote:
>>>On Sat, Aug 14, 2004 at 01:07:06PM +0700, Fajar Nugraha wrote:
>>> > How about incremental updates?
>
>>I still don't see why rsync can't be used here. It can easily do
>>incremental updates.
>
>True. However, (1) many firewall admins allow outgoing HTTP and DNS ports;
>I cannot say the same for rsync port.
>(2) The uncompressed signature (viruses.db*) files is a good candidate for
>rsync (or even a simple diff command). I don't know how well rsync or diff
>performs on the compressed-signed *.cvd.

badly....., unless you make those incremental too, e.g. daily.454.cvd and
provide means to join those.

cheers
Erich


THINK
P√ľntenstrasse 39
8143 Stallikon
mailto:erich.titl@think.ch
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16




-------------------------------------------------------
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift.
http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
_______________________________________________
Clamav-users mailing list
Clamav-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: Idea for more timely virusdb updates [ In reply to ]
> >I still don't see why rsync can't be used here. It can
> >easily do incremental
> >updates.
>
> True. However,
> (1) many firewall admins allow outgoing HTTP and DNS
> ports; I cannot say the same for rsync port.
> (2) The uncompressed signature (viruses.db*) files is a
> good candidate for rsync (or even a simple diff command).
> I don't know how well rsync or diff performs on the
> compressed-signed *.cvd.

Hmmm... interesting points... but what about this option?

Rsync and diff are generic "patching" mechanisms meant to accomodate data
without a known format - we don't have that problem here.

My understanding is that for the most part database updates are additions,
though sometimes there may be deletions or updates to preexisting keys....

Lets say on the SERVER side, those updates were kept in something of the
form:

version|status|signature|md5

Where version is the version number containing the change...
status is + (new sig), - (remove sig), or = (update sig) (the sematics are
important, the values of the enum are not of course)
and signature contains whatever the current fields of the database are...
md5 would be the checksum of a database if all patches applied to this point
are sucessful

Then, any freshclam could connect, something like:

http://somemirror.db?version=xxx

The server would then return all updates > xxx, which would allow the
freshclam to patch it's local database, and verify the last md5 is a match
for the md5 of the updated local db. If the update fails to produce a
matching checksum, freshclam could then pull a fresh copy in it's entirety.


This would mean the mirrors would have to support basic scripting (PHP?) but
we could trade a significant portion of the bandwidth for a few cpu
cycles...

m/



-------------------------------------------------------
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift.
http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
_______________________________________________
Clamav-users mailing list
Clamav-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: Idea for more timely virusdb updates [ In reply to ]
Hi,

new freshclam is ready for testing:

Sun Aug 22 02:07:13 CEST 2004 (tk)
----------------------------------
* freshclam: Support version verification through DNS (DNSDatabaseInfo).
Based on idea by Christopher X. Candreva <chris*westnet.com>,
see http://www.gossamer-threads.com/lists/clamav/users/11102

Because most users are happy with hourly checks we didn't decide to use
a ttl-related instant checking (i.e. sleep(ttl); check; slep(ttl)...) in
daemon mode but removed the limit of maximal checks instead (only in
DNSDatabaseInfo mode).

We're not willing to use DNS for database updates. On September 1, the
databases will be restructured and the size of daily.cvd limited.

Thanks,

--
oo ..... Tomasz Kojm <tkojm@clamav.net>
(\/)\......... http://www.ClamAV.net/gpg/tkojm.gpg
\..........._ 0DCA5A08407D5288279DB43454822DC8985A444B
//\ /\ Sun Aug 22 02:28:48 CEST 2004
Re: Idea for more timely virusdb updates [ In reply to ]
libresolv don't exist on FreeBSD.

Regards

gmake[2]: Entering directory
`/usr/ports/security/clamav-devel/work/clamav-devel-20040822/clamdscan'
/bin/sh ../libtool --mode=link cc -O3 -pipe -funroll-loops -ffast-math
-march=pentiumpro -I/usr/local/include -L/usr/local/lib -lcipher -o
clamdscan output.o cfgparser.o memory.o clamdscan.o client.o
../clamscan/options.o ../clamscan/getopt.o ../libclamav/libclamav.la
-lresolv
cc -O3 -pipe -funroll-loops -ffast-math -march=pentiumpro
-I/usr/local/include -o .libs/clamdscan output.o cfgparser.o memory.o
clamdscan.o client.o ../clamscan/options.o ../clamscan/getopt.o
-L/usr/local/lib ../libclamav/.libs/libclamav.so -lcipher -lz -lgmp
-lc_r -lresolv -Wl,--rpath -Wl,/usr/local/lib
/usr/libexec/elf/ld: cannot find -lresolv

Tomasz Kojm wrote:
> Hi,
>
> new freshclam is ready for testing:
>
> Sun Aug 22 02:07:13 CEST 2004 (tk)
> ----------------------------------
> * freshclam: Support version verification through DNS (DNSDatabaseInfo).
> Based on idea by Christopher X. Candreva <chris*westnet.com>,
> see http://www.gossamer-threads.com/lists/clamav/users/11102
>
> Because most users are happy with hourly checks we didn't decide to use
> a ttl-related instant checking (i.e. sleep(ttl); check; slep(ttl)...) in
> daemon mode but removed the limit of maximal checks instead (only in
> DNSDatabaseInfo mode).
>
> We're not willing to use DNS for database updates. On September 1, the
> databases will be restructured and the size of daily.cvd limited.
>
> Thanks,
>

--
Marcus Grando
Grupos Internet S/A
marcus(at)corp.grupos.com.br



-------------------------------------------------------
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift.
http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
_______________________________________________
Clamav-users mailing list
Clamav-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: Idea for more timely virusdb updates [ In reply to ]
Tomasz Kojm wrote:

>Hi,
>
>new freshclam is ready for testing:
>
>
>
[snip]

>We're not willing to use DNS for database updates.
>
Ouch ...

>On September 1, the
>databases will be restructured and the size of daily.cvd limited.
>
>
>
Well, at least there's that :)
I'm concerned about the fact that you only use one NS for cvd.clamav.net
though.
Is there a fallback scenario (automagically revert to HTTP GETs) if that
NS fails?

Regards,

Fajar



-------------------------------------------------------
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift.
http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
_______________________________________________
Clamav-users mailing list
Clamav-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: Idea for more timely virusdb updates [ In reply to ]
On Tue, 24 Aug 2004 10:26:50 +0700
"Fajar A. Nugraha" <fajar@telkom.co.id> wrote:

> I'm concerned about the fact that you only use one NS for
> cvd.clamav.net though.

There will be at least 6 when the testing period is over.

> Is there a fallback scenario (automagically revert to HTTP GETs) if
> that NS fails?

Yes, it's already implemented.

--
oo ..... Tomasz Kojm <tkojm@clamav.net>
(\/)\......... http://www.ClamAV.net/gpg/tkojm.gpg
\..........._ 0DCA5A08407D5288279DB43454822DC8985A444B
//\ /\ Thu Aug 26 03:16:16 CEST 2004

1 2 3  View All