Mailing List Archive

(no subject)
Lucas G. Obredor
Sistemas División Banda Ancha
Tel. 4469-7455 Int. 2130
RE: (no subject) [ In reply to ]
From what I gather from google, signal 6 is the Abort trap. why is it
doing that ?

Can I see the output of stdout/stderr please.

-Nigel
RE: (no subject) [ In reply to ]
how do i go abt doing that ? not too good on all these things... in
process of learning ..
--
Fear not death itself, but how death would come.

<quote who="Nigel Horne">
>>From what I gather from google, signal 6 is the Abort trap. why is it
> doing that ?
>
> Can I see the output of stdout/stderr please.
>
> -Nigel
>
>
>
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf
> _______________________________________________
> Clamav-users mailing list
> Clamav-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/clamav-users
>
Re: (no subject) [ In reply to ]
On Wednesday 24 Sep 2003 1:41 pm, Christopher Tan wrote:
> how do i go abt doing that ? not too good on all these things... in
> process of learning ..

What operating system are you running? What command did you use to start clamd?

-Nigel

--
Nigel Horne. Arranger, Composer, Typesetter.
NJH Music, Barnsley, UK. ICQ#20252325
njh@despammed.com http://www.bandsman.co.uk
Re: (no subject) [ In reply to ]
command :
/usr/local/sbin/clamd --config-file=/usr/local/etc/clamav.conf
/usr/local/sbin/clamav-milter -blo /var/run/clmilter.sock

OS : freebsd 4.9 pre-release
clamav 20020829

--
Fear not death itself, but how death would come.

<quote who="Nigel Horne">
> On Wednesday 24 Sep 2003 1:41 pm, Christopher Tan wrote:
>> how do i go abt doing that ? not too good on all these things... in
>> process of learning ..
>
> What operating system are you running? What command did you use to start
> clamd?
>
> -Nigel
>
> --
> Nigel Horne. Arranger, Composer, Typesetter.
> NJH Music, Barnsley, UK. ICQ#20252325
> njh@despammed.com http://www.bandsman.co.uk
>
>
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf
> _______________________________________________
> Clamav-users mailing list
> Clamav-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/clamav-users
>
Re: (no subject) [ In reply to ]
On Wednesday 24 Sep 2003 7:28 pm, Christopher Tan wrote:
> command :
> /usr/local/sbin/clamd --config-file=/usr/local/etc/clamav.conf
> /usr/local/sbin/clamav-milter -blo /var/run/clmilter.sock

In that case stdout and stderr will be on the terminal that you were at when you typed in the command.

> OS : freebsd 4.9 pre-release
> clamav 20020829

-Nigel

--
Nigel Horne. Arranger, Composer, Typesetter.
NJH Music, Barnsley, UK. ICQ#20252325
njh@despammed.com http://www.bandsman.co.uk
Re: (no subject) [ In reply to ]
it didnt show anything .. ps -aux | grep clam showed both the processes
running, but it wasnt filtering anyhting .. killed both the procs and
restarted it ... been working since then. clamd.log didnt show any signs
of probs .

out of curiosity, i made clean in the 20030829 folder stopped all
processes , then downloaded the new clamav-devel-20030924.tar.gz and did
the installation ..but clamd -V still shows it as 20030829, why does it
still show as this ?
--
Fear not death itself, but how death would come.

<quote who="Nigel Horne">
> On Wednesday 24 Sep 2003 7:28 pm, Christopher Tan wrote:
>> command :
>> /usr/local/sbin/clamd --config-file=/usr/local/etc/clamav.conf
>> /usr/local/sbin/clamav-milter -blo /var/run/clmilter.sock
>
> In that case stdout and stderr will be on the terminal that you were at
> when you typed in the command.
>
>> OS : freebsd 4.9 pre-release
>> clamav 20020829
>
> -Nigel
>
> --
> Nigel Horne. Arranger, Composer, Typesetter.
> NJH Music, Barnsley, UK. ICQ#20252325
> njh@despammed.com http://www.bandsman.co.uk
>
>
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf
> _______________________________________________
> Clamav-users mailing list
> Clamav-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/clamav-users
>
Re: (no subject) [ In reply to ]
On Tue, 10 Feb 2004 12:05:04 +0100
Balzi Andrea <andrea.balzi@arthis.it> wrote:

> Hi
>
> I'm a new user.
> I've install by a debian package from this source "deb
> http://clamav.catt.com/debian stable main".
> I'm using exim-4.30 with exiscan-acl patch on a debian stable.
>
> 2004-02-10 11:48:05 1AqVQu-0001B0-5g malware acl condition: clamd:
> ClamAV returned
> /var/spool/exim/scan/1AqVQu-0001B0-5g/1AqVQu-0001B0-5g-00000.zip: File
> size limit exceeded. ERROR

This is already fixed in CVS. You can wait for a stable version - we're
going to release 0.66 in a few hours.

Best regards,
Tomasz Kojm
--
oo ..... tkojm@clamav.net www.ClamAV.net
(\/)\......... http://www.clamav.net/gpg/tkojm.gpg
\..........._ 0DCA5A08407D5288279DB43454822DC8985A444B
//\ /\ Tue Feb 10 14:02:44 CET 2004
RE: (no subject) [ In reply to ]
> From: clamav-users-admin@lists.sourceforge.net
It fails and leaves me with this error in my /var/log/messages
>
> Feb 26 14:50:45 xcon5 clamav-milter: ClamAv: Unable to bind to port
> /var/run/clmilter.sock: Address already in use

Try adding FixStaleSocket in clamav.conf.

> Marc S. Brooks

-Nigel
RE: (no subject) [ In reply to ]
On Thu, 2004-02-26 at 18:33, Nigel Horne wrote:
> > From: clamav-users-admin@lists.sourceforge.net
> It fails and leaves me with this error in my /var/log/messages
> >
> > Feb 26 14:50:45 xcon5 clamav-milter: ClamAv: Unable to bind to port
> > /var/run/clmilter.sock: Address already in use
>
> Try adding FixStaleSocket in clamav.conf.
>
> > Marc S. Brooks
>
> -Nigel
>

Typically a permissioning problem IF you are running as non-root.
Re: (no subject) [ In reply to ]
On Wednesday 11 August 2004 9:13 pm, junkmail@phoenix-blaze.com wrote:

> Hi,
>
> I was wondering prior to version .05 (feb 10, 2004) what the real virus
> installed with mail clam av was.

Please can you rephrase your question?

Version 0.05 of what?
ClamAV does not install any viruses.

Regards,

Antony.

--
"640 kilobytes (of RAM) should be enough for anybody."

- Bill Gates

Please reply to the list;
please don't CC me.



-------------------------------------------------------
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift.
http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
_______________________________________________
Clamav-users mailing list
Clamav-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: Mail-ClamAV installed virus [ In reply to ]
Hi,
Sorry for he confusion. The virus I'm referring to is found in a CPAN
module archive Mail-ClamAV-0.01.tgz < Mail-ClamAV-0.05.tgz
http://www.cpan.org/modules/by-authors/id/S/SA/SABECK/

The change log in 0.05 mentions that the "real" virus was replaced by the
ecair virus signature. A virus scan of the file virus.eml will show up
positive.

I understand the chances of someone on a windows machine downloading the
old version of the file, unarchiving it, and then opening the virus.eml and
executing the update.exe attachment is pretty minuet. This is really more
for documentation purposes, and I just wanted to verify if the Swen virus
contained within the email was a wild and unmodified one.


If this is the wrong list to post this or these CPAN modules have nothing
to do with the clamav project I apologize for the interruption.

Thanks for your help.

Ted


> On Wednesday 11 August 2004 9:13 pm, junkmail@phoenix-blaze.com wrote:
>
>> Hi,
>>
>> I was wondering prior to version .05 (feb 10, 2004) what the real
>> virus installed with mail clam av was.
>
> Please can you rephrase your question?
>
> Version 0.05 of what?
> ClamAV does not install any viruses.
>
> Regards,
>
> Antony.
>
> --
> "640 kilobytes (of RAM) should be enough for anybody."
>
> - Bill Gates
>
> Please reply to the
> list;
> please don't
> CC me.
>
>
>
> -------------------------------------------------------
> SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
> 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
> Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift.
> http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
> _______________________________________________
> Clamav-users mailing list
> Clamav-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/clamav-users





-------------------------------------------------------
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift.
http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
_______________________________________________
Clamav-users mailing list
Clamav-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: Mail-ClamAV installed virus [ In reply to ]
On Thu, 2004-08-12 at 15:07, junkmail@phoenix-blaze.com wrote:

>
> If this is the wrong list to post this or these CPAN modules have nothing
> to do with the clamav project I apologize for the interruption.

The second of those two options.

-trog
Re: (no subject) [ In reply to ]
You start a new message by replying to a very old one.
Don't do this.

You send html formatted to a mailing list.
Don't do this, see the nomime url in my sig.

On 9/7/2004 5:19 PM +0200, Erick Dantas Rotole wrote:

> Postfix, clamav, amavisd-new and spamassassin is not detecting the virus
> W32/Zafi.b@MM <mailto:W32/Zafi.b@MM> detected by mcafee.
> I discovered that clamav already detect this virus. What is happening?
>
>
>
> Thanks

Are you using the latest clamav version (0.75.1) ?
If so, are you definitions up to date ?

Maybe clamav doesn't detect it, because mcafee already detected it
and removed the virus from the email ?

If the above do not apply, read the FAQ on http://www.clamav.net
to check out what you can do next (have it scanned online, submit the sample.

Regards,
Niek Baakman
--
_______________________________________________________________________
Read about mime: http://www.geoapps.com/nomime.shtml
Read about quoting: http://www.netmeister.org/news/learn2quote.html
Read about disclaimers: http://www.goldmark.org/jeff/stupid-disclaimers


-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=5047&alloc_id=10808&op=click
_______________________________________________
Clamav-users mailing list
Clamav-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: (no subject) [ In reply to ]
On 9/7/2004 6:07 PM +0200, Niek wrote:

> You start a new message by replying to a very old one.
> Don't do this.

Sorry, this was not the case.
My mua seems to be threading messages with the same subject.

Regards,
Niek Baakman
--
_______________________________________________________________________
Read about mime: http://www.geoapps.com/nomime.shtml
Read about quoting: http://www.netmeister.org/news/learn2quote.html
Read about disclaimers: http://www.goldmark.org/jeff/stupid-disclaimers


-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=5047&alloc_id=10808&op=click
_______________________________________________
Clamav-users mailing list
Clamav-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: (no subject) [ In reply to ]
I just run a few mail test from www.gfi.com/emailsecuritytest and my clam
antivirus failed miserably.


--------------------

I ran the above tests from gfi.com also, and I caught 11 of them. I'm also
running CLAMD (0.75.1) with the --mbox option. (ScanMail option in
clamav.conf)

Steve

_______________________________________________
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: (no subject) [ In reply to ]
On Tuesday 05 Oct 2004 14:11, Brent Clark wrote:
> Hi all

> I too ran the tests from testvirus.org, this second test was ok, only two
> got through.

Two will get through (24 and 25), but since they don't contain any virus there's
nothing to find and therefore nothing to stop.

> Brent Clark

-Nigel

--
Nigel Horne. Arranger, Composer, Typesetter.
NJH Music, Barnsley, UK. ICQ#20252325
njh@despammed.com http://www.bandsman.co.uk
_______________________________________________
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: (no subject) [ In reply to ]
On Tuesday 05 Oct 2004 14:11, Brent Clark wrote:
> Hi all
>
> I just run a few mail test from www.gfi.com/emailsecuritytest and my clam
> antivirus failed miserably.

You haven't said what version of clamAV you're using, so I can't advise you.

> Brent Clark

-Nigel

--
Nigel Horne. Arranger, Composer, Typesetter.
NJH Music, Barnsley, UK. ICQ#20252325
njh@despammed.com http://www.bandsman.co.uk
_______________________________________________
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: (no subject) [ In reply to ]
Hi, I use 0.75.1 .. test with testvirus.org are full ok but with gfi.com/emailsecuritytest are failed eicar.com and hide.hta in fact the attached pass through mail server and it arrive on mail client, but the file but gfi-test.txt not is created on pc.

----------

Salvatore.

----- Original Message -----
From: "Nigel Horne" <njh@bandsman.co.uk>
To: "ClamAV users ML" <clamav-users@lists.clamav.net>
Sent: Tuesday, October 05, 2004 3:22 PM
Subject: Re: [Clamav-users] (no subject)


> On Tuesday 05 Oct 2004 14:11, Brent Clark wrote:
> > Hi all
> >
> > I just run a few mail test from www.gfi.com/emailsecuritytest and my clam
> > antivirus failed miserably.
>
> You haven't said what version of clamAV you're using, so I can't advise you.
>
> > Brent Clark
>
> -Nigel
>
> --
> Nigel Horne. Arranger, Composer, Typesetter.
> NJH Music, Barnsley, UK. ICQ#20252325
> njh@despammed.com http://www.bandsman.co.uk
> _______________________________________________
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> ---
> [This E-mail scanned for viruses by Declude Virus]
>
>
---
[This E-mail scanned for viruses by Declude Virus]

_______________________________________________
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: (no subject) [ In reply to ]
On Tuesday 05 Oct 2004 14:11, Brent Clark wrote:
> Hi all
>
> I just run a few mail test from www.gfi.com/emailsecuritytest and my clam
> antivirus failed miserably.

What do you mean by "failed miserably". I can only assume you mean that 100%
of the emails got through.

I've just tried this test. Some exploits that actually contain no malicious code so
there's nothing to worry about got through (by definition clamAV only
traps malicious code). With latest development version
in a configuration of sendmail->clamav-milter->clamd everything else was trapped,
i.e. I got lots of emails like this:

The message i95DOMK8008397 sent from <emailtesting@gfi.com> to
<njh@bandsman.co.uk>
contained GFI.VBS.Test and has not been delivered.

The infected machine is likely to be here:
from localhost.localdomain ([192.168.1.132]) by S44374 with Microsoft SMTPSVC(6.0.3790.0);
Tue, 5 Oct 2004 15:23:47 +0200

> Brent Clark

-Nigel

--
Nigel Horne. Arranger, Composer, Typesetter.
NJH Music, Barnsley, UK. ICQ#20252325
njh@despammed.com http://www.bandsman.co.uk
_______________________________________________
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
RE: (no subject) [ In reply to ]
Hi

mail:~# clamscan -V
clamscan / ClamAV version 0.75-1
mail:~#


Im using this with my Exim Mail server

Thanks for your help
_______________________________________________
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: (no subject) [ In reply to ]
Brent Clark wrote:

> Hi
>
> mail:~# clamscan -V
> clamscan / ClamAV version 0.75-1
> mail:~#
>
>
> Im using this with my Exim Mail server
>

Remember that a lot of the GFI tests are for Outlook vulnerablities, no
malicious code per se. How many did you trap?

Matt
_______________________________________________
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: (no subject) [ In reply to ]
Brent Clark wrote:
> Hi all
>
> I just run a few mail test from www.gfi.com/emailsecuritytest and my clam
> antivirus failed miserably.
> I too ran the tests from testvirus.org, this second test was ok, only two
> got through.
>
> Could someone please share some help with this,

Both gfi and antivirus.org have some tests which are theorical tests
using some malformed MIME tags and trying to detect if the scanner is
able to detect some tricks.

I don't know what's about testvirus.org, but behind gfi, there is a
software editor trying to say : Na, na, na, the antivirus you're using
is vulnerable, but not the mine one.

But some of this "vulnerabilities" are more theorical vulnerabilities
than something you can really find in the wild.

Best regards

Jose-Marcio

>
> Kind Regards
> Brent Clark


--
---------------------------------------------------------------
Jose Marcio MARTINS DA CRUZ Tel. :(33) 01.40.51.93.41
Ecole des Mines de Paris http://j-chkmail.ensmp.fr
60, bd Saint Michel http://www.ensmp.fr/~martins
75272 - PARIS CEDEX 06 mailto:Jose-Marcio.Martins@ensmp.fr

_______________________________________________
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
RE: (no subject) [ In reply to ]
> Remember that a lot of the GFI tests are for Outlook vulnerablities, no
>malicious code per se. How many did you trap?

Only 6
Which I suppose aint to bad, but still.
But your right, because 5 were (more an Exim issue):

========================================================================
2004-10-05 13:48:22 1CEnnq-0001aT-Fv demime acl condition: 'message/partial'
MIME type
2004-10-05 13:48:22 1CEnnq-0001aT-Fv H=(name) [ipaddress] U=root
F=<emailtesting@gfi.com> rejected after DATA: This message contains
malformed MIME (demime acl condition: 'message/partial' MIME type).
=========================================================================

and 6 got through.

Kind Regards
Brent Clark

_______________________________________________
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: (no subject) [ In reply to ]
I just ran it against mine (.80rc3) and it worked pretty good...I did
have the 2 come through...however I had 5 of them that I was getting the
stream: Bad format or broken data ERROR message on them and my server
was rejecting with a Milter: data, reject=451 4.3.2 Please try again
later...

Dunno what is up with that really...and I am curious if others are
rejecting some as well with the same error.

Shane

Brent Clark wrote:
> Hi all
>
> I just run a few mail test from www.gfi.com/emailsecuritytest and my clam
> antivirus failed miserably.
> I too ran the tests from testvirus.org, this second test was ok, only two
> got through.
>
> Could someone please share some help with this,
>
> Kind Regards
> Brent Clark
>
> _______________________________________________
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
_______________________________________________
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: (no subject) [ In reply to ]
Shane Wise wrote:

> I just ran it against mine (.80rc3) and it worked pretty good...I did
> have the 2 come through...however I had 5 of them that I was getting the
>
> stream: Bad format or broken data ERROR message on them and my server
> was rejecting with a Milter: data, reject=451 4.3.2 Please try again
> later...
>


Would those happen to have been partial message tests?

Matt
_______________________________________________
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: (no subject) [ In reply to ]
Brent Clark wrote:

> Only 6
> Which I suppose aint to bad, but still.
> But your right, because 5 were (more an Exim issue):


There are five that I know of which should definitely be picked up by
virus scanning, so that's about right. The rest are down to scanning, by
some other means, for attachments and exploitable message composition.

Matt
_______________________________________________
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: (no subject) [ In reply to ]
May have been...looked like it was like eicar 1/5 through 5/5

Matt wrote:
> Shane Wise wrote:
>
>
>>I just ran it against mine (.80rc3) and it worked pretty good...I did
>>have the 2 come through...however I had 5 of them that I was getting the
>>
>>stream: Bad format or broken data ERROR message on them and my server
>>was rejecting with a Milter: data, reject=451 4.3.2 Please try again
>>later...
>>
>
>
>
> Would those happen to have been partial message tests?
>
> Matt
> _______________________________________________
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
_______________________________________________
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: (no subject) [ In reply to ]
On Tuesday 05 Oct 2004 16:27, Shane Wise wrote:
> May have been...looked like it was like eicar 1/5 through 5/5

I am uploading *TEST* code to handle this to CVS as we speak.

-Nigel

--
Nigel Horne. Arranger, Composer, Typesetter.
NJH Music, Barnsley, UK. ICQ#20252325
njh@despammed.com http://www.bandsman.co.uk
_______________________________________________
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: (no subject) [ In reply to ]
I wrote:

> I am uploading *TEST* code to handle this to CVS as we speak.

Yes, before anyone says it, I know I've been maintaining for sometime that
(a) it's not possible and (b) it's not the job of clamAV anyway. But I had a
brainwave on how to do it...

It is EXPERIMENTAL code, not compiled by default. Instructions for enabling
it are in the ChangeLog.

-Nigel

--
Nigel Horne. Arranger, Composer, Typesetter.
NJH Music, Barnsley, UK. ICQ#20252325
njh@despammed.com http://www.bandsman.co.uk

_______________________________________________
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: (no subject) [ In reply to ]
Daniel A. Deitch wrote:
> I have ClamAV 0.82 installed on a Verio VPSv2 FreeBSD server ... works fine ... scans, cleans, deletes ... the works.
>
>
>
> My problem is with freshclam ... the problem has been occurring since 0.80, 0.81, 0.82 and 0.82_1
>
>
>
> I have the following flag in my /etc/rc.conf file:
>
> clamav_freshclam_flags="--config-file=/usr/local/etc/freshclam.conf --checks=12 --datadir=/usr/local/share/clamav --daemon-notify=/usr/local/etc/clamav.conf --log=/var/log/clamav/freshclam.log"

I can't say for sure, but I've got the same setup and I've always
noticed that if I hadn't upgraded to the latest release yet, I would get
the same error messages in the log files after a certain period of time.
I assumed that the update servers were blacklisting IPs that had out
of date versions after a certain point, as they did when they required
you switch to the new DNS configuration options in the freshclam.conf
file around version .81 or so. Upgrading to the latest ported version
always got it working for me. Not much help, but that was what worked
for me.



_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
Re: (no subject) [ In reply to ]
On Fri, 25 Feb 2005 10:24:46 -0500
Scott Plumee <clamav-users@plumlee.org> wrote:

> I can't say for sure, but I've got the same setup and I've always
> noticed that if I hadn't upgraded to the latest release yet, I would
> get the same error messages in the log files after a certain period of
> time.
> I assumed that the update servers were blacklisting IPs that had out
> of date versions after a certain point, as they did when they required

You're completely wrong.

--
oo ..... Tomasz Kojm <tkojm@clamav.net>
(\/)\......... http://www.ClamAV.net/gpg/tkojm.gpg
\..........._ 0DCA5A08407D5288279DB43454822DC8985A444B
//\ /\ Fri Feb 25 16:30:09 CET 2005
Re: (no subject) [ In reply to ]
On Fri, 25 Feb 2005 10:24:46 -0500 in 421F433E.6000500@plumlee.org Scott
Plumee <clamav-users@plumlee.org> wrote:

> Daniel A. Deitch wrote:
> > I have ClamAV 0.82 installed on a Verio VPSv2 FreeBSD server ...
> > works fine ... scans, cleans, deletes ... the works.
> >
> >
> >
> > My problem is with freshclam ... the problem has been occurring
> > since 0.80, 0.81, 0.82 and 0.82_1
> >
> >
> >
> > I have the following flag in my /etc/rc.conf file:
> >
> > clamav_freshclam_flags="--config-file=/usr/local/etc/freshclam.conf
> > --checks=12 --datadir=/usr/local/share/clamav
> > --daemon-notify=/usr/local/etc/clamav.conf
> > --log=/var/log/clamav/freshclam.log"
>
> I can't say for sure, but I've got the same setup and I've always
> noticed that if I hadn't upgraded to the latest release yet, I would
> get the same error messages in the log files after a certain period of
> time.
> I assumed that the update servers were blacklisting IPs that had out
> of date versions after a certain point, as they did when they required
> you switch to the new DNS configuration options in the freshclam.conf
> file around version .81 or so. Upgrading to the latest ported version
> always got it working for me. Not much help, but that was what worked
> for me.

Looks to me like the OP has either an odd DNS problem or a permissions
problem somewhere. I think the upgrade advice has only worked by
coincidence.

--

Brian Morrison

bdm at fenrir dot org dot uk

GnuPG key ID DE32E5C5 - http://wwwkeys.uk.pgp.net/pgpnet/wwwkeys.html
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
Re: (no subject) [ In reply to ]
Tomasz Kojm wrote:
> On Fri, 25 Feb 2005 10:24:46 -0500
> Scott Plumee <clamav-users@plumlee.org> wrote:
>
>
>>I can't say for sure, but I've got the same setup and I've always
>>noticed that if I hadn't upgraded to the latest release yet, I would
>>get the same error messages in the log files after a certain period of
>>time.
>> I assumed that the update servers were blacklisting IPs that had out
>>of date versions after a certain point, as they did when they required
>
>
> You're completely wrong.

I learn something new every day <grin>. I've not put any time into
nailing down the problem, as the upgrade took care of it each time.
Thanks for the correction, and I'll see what I have set up incorrectly
and post back to the list for future use by anyone else. Terrific product.

_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
Re: (no subject) [ In reply to ]
Brian Morrison wrote:
> On Fri, 25 Feb 2005 10:24:46 -0500 in 421F433E.6000500@plumlee.org Scott
> Plumee <clamav-users@plumlee.org> wrote:
>
>
>>Daniel A. Deitch wrote:
>>
>>>I have ClamAV 0.82 installed on a Verio VPSv2 FreeBSD server ...
>>>works fine ... scans, cleans, deletes ... the works.
>>>
>>>
>>>
>>>My problem is with freshclam ... the problem has been occurring
>>>since 0.80, 0.81, 0.82 and 0.82_1
>>>
>>>
>>>
>>>I have the following flag in my /etc/rc.conf file:
>>>
>>>clamav_freshclam_flags="--config-file=/usr/local/etc/freshclam.conf
>>>--checks=12 --datadir=/usr/local/share/clamav
>>>--daemon-notify=/usr/local/etc/clamav.conf
>>>--log=/var/log/clamav/freshclam.log"
>>
>>I can't say for sure, but I've got the same setup and I've always
>>noticed that if I hadn't upgraded to the latest release yet, I would
>>get the same error messages in the log files after a certain period of
>>time.
>> I assumed that the update servers were blacklisting IPs that had out
>>of date versions after a certain point, as they did when they required
>>you switch to the new DNS configuration options in the freshclam.conf
>>file around version .81 or so. Upgrading to the latest ported version
>>always got it working for me. Not much help, but that was what worked
>>for me.
>
>
> Looks to me like the OP has either an odd DNS problem or a permissions
> problem somewhere. I think the upgrade advice has only worked by
> coincidence.
>

You were correct. I have not set permissions on the /var/db/clamav
directory to be writeable by the user clamav was running as. Enabled
verbose logging, saw the problem, made the change, and now I'm happy as
a clam.

I should probably get kicked off the list for that pun. Thanks again
for the help.

_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
RE: (no subject) [ In reply to ]
That would explain why root can update, but not the clamav user.

I'll try that and see what happens.

Thanks.

Daniel



________________________________

Daniel A. Deitch, President * iTrain Technologies, Ltd.
po box 13833 * atlanta, ga 30324-0833 * 404-876-1929 (o)
404-935-5005 (f) * www.goitrain.com

-----Original Message-----
From: clamav-users-bounces@lists.clamav.net
[mailto:clamav-users-bounces@lists.clamav.net] On Behalf Of Scott Plumee
Sent: Friday, February 25, 2005 12:48 PM
To: ClamAV users ML
Subject: Re: [Clamav-users] (no subject)

Brian Morrison wrote:
> On Fri, 25 Feb 2005 10:24:46 -0500 in 421F433E.6000500@plumlee.org
Scott
> Plumee <clamav-users@plumlee.org> wrote:
>
>
>>Daniel A. Deitch wrote:
>>
>>>I have ClamAV 0.82 installed on a Verio VPSv2 FreeBSD server ...
>>>works fine ... scans, cleans, deletes ... the works.
>>>
>>>
>>>
>>>My problem is with freshclam ... the problem has been occurring
>>>since 0.80, 0.81, 0.82 and 0.82_1
>>>
>>>
>>>
>>>I have the following flag in my /etc/rc.conf file:
>>>
>>>clamav_freshclam_flags="--config-file=/usr/local/etc/freshclam.conf
>>>--checks=12 --datadir=/usr/local/share/clamav
>>>--daemon-notify=/usr/local/etc/clamav.conf
>>>--log=/var/log/clamav/freshclam.log"
>>
>>I can't say for sure, but I've got the same setup and I've always
>>noticed that if I hadn't upgraded to the latest release yet, I would
>>get the same error messages in the log files after a certain period of
>>time.
>> I assumed that the update servers were blacklisting IPs that had out
>>of date versions after a certain point, as they did when they required
>>you switch to the new DNS configuration options in the freshclam.conf
>>file around version .81 or so. Upgrading to the latest ported version
>>always got it working for me. Not much help, but that was what worked
>>for me.
>
>
> Looks to me like the OP has either an odd DNS problem or a permissions
> problem somewhere. I think the upgrade advice has only worked by
> coincidence.
>

You were correct. I have not set permissions on the /var/db/clamav
directory to be writeable by the user clamav was running as. Enabled
verbose logging, saw the problem, made the change, and now I'm happy as
a clam.

I should probably get kicked off the list for that pun. Thanks again
for the help.

_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
RE: (no subject) [ In reply to ]
Ok. Checked the permissions and it still doesn't want to work. I'm
trying to upgrade to 0.83 (having a problem with that too apparently),
but this problem has been happening through multiple versions now.

Can someone give me specifics to check .. just in case I'm being an
idiot and didn't check what I needed to.

Thanks,

Daniel



________________________________

Daniel A. Deitch, President * iTrain Technologies, Ltd.
po box 13833 * atlanta, ga 30324-0833 * 404-876-1929 (o)
404-935-5005 (f) * www.goitrain.com


-----Original Message-----
From: clamav-users-bounces@lists.clamav.net
[mailto:clamav-users-bounces@lists.clamav.net] On Behalf Of Daniel A.
Deitch
Sent: Friday, February 25, 2005 2:44 PM
To: ClamAV users ML
Subject: RE: [Clamav-users] (no subject)

That would explain why root can update, but not the clamav user.

I'll try that and see what happens.

Thanks.

Daniel



________________________________

Daniel A. Deitch, President * iTrain Technologies, Ltd.
po box 13833 * atlanta, ga 30324-0833 * 404-876-1929 (o)
404-935-5005 (f) * www.goitrain.com

-----Original Message-----
From: clamav-users-bounces@lists.clamav.net
[mailto:clamav-users-bounces@lists.clamav.net] On Behalf Of Scott Plumee
Sent: Friday, February 25, 2005 12:48 PM
To: ClamAV users ML
Subject: Re: [Clamav-users] (no subject)

Brian Morrison wrote:
> On Fri, 25 Feb 2005 10:24:46 -0500 in 421F433E.6000500@plumlee.org
Scott
> Plumee <clamav-users@plumlee.org> wrote:
>
>
>>Daniel A. Deitch wrote:
>>
>>>I have ClamAV 0.82 installed on a Verio VPSv2 FreeBSD server ...
>>>works fine ... scans, cleans, deletes ... the works.
>>>
>>>
>>>
>>>My problem is with freshclam ... the problem has been occurring
>>>since 0.80, 0.81, 0.82 and 0.82_1
>>>
>>>
>>>
>>>I have the following flag in my /etc/rc.conf file:
>>>
>>>clamav_freshclam_flags="--config-file=/usr/local/etc/freshclam.conf
>>>--checks=12 --datadir=/usr/local/share/clamav
>>>--daemon-notify=/usr/local/etc/clamav.conf
>>>--log=/var/log/clamav/freshclam.log"
>>
>>I can't say for sure, but I've got the same setup and I've always
>>noticed that if I hadn't upgraded to the latest release yet, I would
>>get the same error messages in the log files after a certain period of
>>time.
>> I assumed that the update servers were blacklisting IPs that had out
>>of date versions after a certain point, as they did when they required
>>you switch to the new DNS configuration options in the freshclam.conf
>>file around version .81 or so. Upgrading to the latest ported version
>>always got it working for me. Not much help, but that was what worked
>>for me.
>
>
> Looks to me like the OP has either an odd DNS problem or a permissions
> problem somewhere. I think the upgrade advice has only worked by
> coincidence.
>

You were correct. I have not set permissions on the /var/db/clamav
directory to be writeable by the user clamav was running as. Enabled
verbose logging, saw the problem, made the change, and now I'm happy as
a clam.

I should probably get kicked off the list for that pun. Thanks again
for the help.

_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
RE: (no subject) [ In reply to ]
Daniel A. Deitch said:
> That would explain why root can update, but not the clamav user.
>
> I'll try that and see what happens.
>
> Thanks.
>
> Daniel

Piggybacking - don't take offense...

Is there a possibility there could be separate ClamAV mail lists for Linux
and Windows newbies, and another for Email professionals? I can't be the
only one who senses a need.

dp
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
Re: (no subject) [ In reply to ]
Daniel A. Deitch wrote:
> Ok. Checked the permissions and it still doesn't want to work. I'm
> trying to upgrade to 0.83 (having a problem with that too apparently),
> but this problem has been happening through multiple versions now.
>
> Can someone give me specifics to check .. just in case I'm being an
> idiot and didn't check what I needed to.

Just suggestions:

Check that the user/group that clamav runs under is the owner of the
freshclam.conf and clamd.conf files in /usr/local/etc, as well as the db
files (sounds like you already did that).

Enable the verbose logging in the conf files.

Make sure that the log files and the pid files already exist.

I don't have my notes from the last installation so I can't remember
what else. Did you run a make deinstall before installing the current
version port, or was this not a port install? I had kepy my old conf
files and I didn't have everything correct in there. Deleted those and
used the default conf files as a start, made my adjustments, and
everything worked.
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
RE: Clueless Newbies [was: (no subject)] [ In reply to ]
On Fri, 2005-02-25 at 22:58 -0800, Dennis Peterson wrote:

>
> Is there a possibility there could be separate ClamAV mail lists for Linux
> and Windows newbies, and another for Email professionals? I can't be the
> only one who senses a need.

I'd recommend against splitting:

1. Who is going to sign up for clamav-clueless-newbie?

2. Part of your responsibility in using open source tools is to provide
support to others. That's a key difference between an open-source model
and a proprietary model: nobody pays for support, so everyone who does
have a clue is responsible for providing it. That's also how we keep
the developers focused on the task of keeping clamav the best
virus-protection in the world - by offloading the job of educating
newcomers to those of us who aren't involved in the development.

--
Daniel J McDonald, CCIE # 2495, CNX
Austin Energy

dan.mcdonald@austinenergy.com

There are many things a user should never C.

_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
RE: Clueless Newbies [was: (no subject)] [ In reply to ]
> On Fri, 2005-02-25 at 22:58 -0800, Dennis Peterson wrote:
>
>>
>> Is there a possibility there could be separate ClamAV mail lists for
>> Linux
>> and Windows newbies, and another for Email professionals? I can't be the
>> only one who senses a need.
>
> I'd recommend against splitting:
>
> 1. Who is going to sign up for clamav-clueless-newbie?
>

I can confirm that this has been the bane of many lug lists I have been on
- you split the list normally into technical and chat sections, all the
newbies sit on chat and all the knowledge sits in technical. What normally
happens is 3 months down the line the technical list is fully subscribed
and the chat list falls away.

thanks
Evan
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
RE: Clueless Newbies [was: (no subject)] [ In reply to ]
Daniel J McDonald said:
> On Fri, 2005-02-25 at 22:58 -0800, Dennis Peterson wrote:
>
>>
>> Is there a possibility there could be separate ClamAV mail lists for
>> Linux
>> and Windows newbies, and another for Email professionals? I can't be the
>> only one who senses a need.
>
> I'd recommend against splitting:
>
> 1. Who is going to sign up for clamav-clueless-newbie?
>
> 2. Part of your responsibility in using open source tools is to provide
> support to others. That's a key difference between an open-source model
> and a proprietary model: nobody pays for support, so everyone who does
> have a clue is responsible for providing it. That's also how we keep
> the developers focused on the task of keeping clamav the best
> virus-protection in the world - by offloading the job of educating
> newcomers to those of us who aren't involved in the development.
>
> --
> Daniel J McDonald, CCIE # 2495, CNX
> Austin Energy

I'm not buying it, and to infer the list for the inexperienced admin be
named something offensive is absurd. I think you're pulling my chain,
there, Daniel. A new list, Clamav-Advanced, on the other hand, could be
self-filtering. But not likley to happen. So I'll suggest what I suggested
on the old VNC list: voluntarily place [Windows] or [Linux] or [BSD], etc
in the subject line so we can pre-filter what is not important to each of
us. I'm certain Windows users' eyes roll back in their heads when some
heavy Solaris discussions are going on, and if I never read about a
stunned and helpless admin who can't find an RPM distro of the latest
release of ClamAV again I'll be one happy camper.

There isn't time to wade through all the jabber about OS specific topics
for which I am not the solution nor an interested party. It is a simple
matter of efficiency and goes to effectivity as well.

dp
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
RE: Clueless Newbies [was: (no subject)] [ In reply to ]
evan@pierce.co.za said:
>> On Fri, 2005-02-25 at 22:58 -0800, Dennis Peterson wrote:
>>
>>>
>>> Is there a possibility there could be separate ClamAV mail lists for
>>> Linux
>>> and Windows newbies, and another for Email professionals? I can't be
>>> the
>>> only one who senses a need.
>>
>> I'd recommend against splitting:
>>
>> 1. Who is going to sign up for clamav-clueless-newbie?
>>
>
> I can confirm that this has been the bane of many lug lists I have been on
> - you split the list normally into technical and chat sections, all the
> newbies sit on chat and all the knowledge sits in technical. What normally
> happens is 3 months down the line the technical list is fully subscribed
> and the chat list falls away.
>
> thanks
> Evan

This is a list administration problem, not a user problem. That's why the
clue bat was invented.

dp
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
Re: Clueless Newbies [was: (no subject)] [ In reply to ]
I'd like to see one list, for similar reasons. I run Solaris but I can
see that a lot of folks here run Linux, and if they were on a separate
list probably all their general Q&A's would end up on that list, and
I'd end up reading it anyway. And if most of the users migrated over
there, it would be harder to ask questions on the Solaris list. It's
often hard to tell whether something is an OS-specific question
anyway.
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
Re: Clueless Newbies [was: (no subject)] [ In reply to ]
Elizabeth Schwartz wrote:

> I'd like to see one list, for similar reasons. I run Solaris but I can
> see that a lot of folks here run Linux, and if they were on a separate
> list probably all their general Q&A's would end up on that list, and
> I'd end up reading it anyway. And if most of the users migrated over
> there, it would be harder to ask questions on the Solaris list. It's
> often hard to tell whether something is an OS-specific question
> anyway.

Personally, I totally agree :)

With regards to Dennis's reply, (relevant section below):

> There isn't time to wade through all the jabber about OS specific topics
> for which I am not the solution nor an interested party. It is a simple
> matter of efficiency and goes to effectivity as well.

No offense intended, but the above is a very blinkered opinion. What you
think is relevant, or irrelevant for that matter, is your opinion, and
different for each person.

I run BSD, and have no interest in Linux specific problems, but that
does not mean that there is no information to be gleaned from reading
a post which has a problem affecting a Linux system. A problem tends to be
a problem, irrelevant of OS type, in a majority of cases, and to 'split'
anything, list wise, would be nothing short of a crime, with regards to
knowledge building.

You do not have to wade through anything. The first post on a subject
gives you an indication of the topic. If it is a subject of no interest, I
am sure you have a keyboard with a delete key like the rest of us for the
replies to that thread.

Efficiency and effectiveness obviously have vastly different meanings in
my book to yours.


Matt
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
Re: Clueless Newbies [was: (no subject)] [ In reply to ]
Matt Fretwell said:
> Elizabeth Schwartz wrote:
>
>> I'd like to see one list, for similar reasons. I run Solaris but I can
>> see that a lot of folks here run Linux, and if they were on a separate
>> list probably all their general Q&A's would end up on that list, and
>> I'd end up reading it anyway. And if most of the users migrated over
>> there, it would be harder to ask questions on the Solaris list. It's
>> often hard to tell whether something is an OS-specific question
>> anyway.
>
> Personally, I totally agree :)
>
> With regards to Dennis's reply, (relevant section below):
>
>> There isn't time to wade through all the jabber about OS specific topics
>> for which I am not the solution nor an interested party. It is a simple
>> matter of efficiency and goes to effectivity as well.
>
> No offense intended, but the above is a very blinkered opinion. What you
> think is relevant, or irrelevant for that matter, is your opinion, and
> different for each person.

And what is quoted of what I said is totally out of context. I never
suggested to break up the list into os-oriented lists. I suggested a
second list for advanced users, but I also suggested that was unlikely to
happen but we could voluntarily add a tag to the subject line that
indicates the OS, such as [windows]. With that in place I would cheerfully
delete it and the entire thread. It is otherwise harmless to everyone else
in the world. How bad is that?

>
> I run BSD, and have no interest in Linux specific problems, but that
> does not mean that there is no information to be gleaned from reading
> a post which has a problem affecting a Linux system. A problem tends to be
> a problem, irrelevant of OS type, in a majority of cases, and to 'split'
> anything, list wise, would be nothing short of a crime, with regards to
> knowledge building.

I give it a 10 for drama. As for problems, please observe the great many
repeat questions from newbies regarding sources of rmp files, "my
freshclam log says my version is out of date - is my version out of date
then??", questions about winclam, cygwin, etc. These are related to
experience, or lack of it, or subjects that have no value to me and my
environment, and it is these that I'd like to avoid if possible.

>
> You do not have to wade through anything. The first post on a subject
> gives you an indication of the topic. If it is a subject of no interest, I
> am sure you have a keyboard with a delete key like the rest of us for the
> replies to that thread.

Reading this list daily from a variety of systems and using elm, webmail,
etc. as I do there is not always a first post from a thread on a given
day. In fact it would be very rare. On that point, btw, the threading on
the nntp server is pretty wacked, so you never know what you're going to
find in a thread.

>
> Efficiency and effectiveness obviously have vastly different meanings in
> my book to yours.

We work in different worlds, Matt. We will just have to agree as gentlemen
to disagree.

dp

_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
Re: (no subject) [ In reply to ]
Dwayne Hottinger wrote:

> Viruses are being detected. clamd is running. The mails are being
> processed correctly through procmail. Its just this particular virus
> that isnt getting detected (Trojan.Ascetic.C). Sorry to be so vague.
> Its my first post to the list. If any more info is needed just let me
> know. Im just wondering why the emails arent getting flagged.


Have you tried it with the online-scanner, to see if that detects it?

http://test-clamav.power-netz.de/


Matt
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
Re: (no subject) [ In reply to ]
Dwayne Hottinger said:
> So sorry,
> Viruses are being detected. clamd is running. The mails are being
> processed
> correctly through procmail. Its just this particular virus that isnt
> getting
> detected (Trojan.Ascetic.C). Sorry to be so vague. Its my first post to
> the
> list. If any more info is needed just let me know. Im just wondering why
> the
> emails arent getting flagged.

Is it possible you are configured so that you are not scanning files above
a certain size and that this file is above that size?

dp
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
Re: (no subject) [ In reply to ]
On Sun, 9 Oct 2005 05:42:26 -0700 (PDT) in
48932.192.168.1.1.1128861746.squirrel@mail.waywegos.com
webmaster@kf6plh.com wrote:

> I am running Fedora Core 4. I have been trying to upgrade my clamav
> from ver 86.2 to 87.1 for a while now. When I use yum with the
> crash-hat repo it installs fine but then I have problems with my email
> server. I look for the clamd.conf file and it is not there in /etc. I
> check to see if clamd is running, it is not. I try to restart clamd,
> it tells me bad command. I then uninstall clamav 87 and reinstall 86
> and every thing is fine. If I download the rpm directly and open it
> with an archive manager I do not see clamd.conf any where.

If you look at the Crash Hat repository you'll see that there is also a
clamav-server rpm for 0.87, you need to install this as well as the
clamav rpm as it contains the clamd.conf file and the init.d scripts for
clamd as well as the logrotate files.

I don't know when Petr changed this, but that's what is there now.

--

Brian Morrison

bdm at fenrir dot org dot uk

GnuPG key ID DE32E5C5 - http://wwwkeys.uk.pgp.net/pgpnet/wwwkeys.html
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
Re: (no subject) [ In reply to ]
> On Sun, 9 Oct 2005 05:42:26 -0700 (PDT) in
> 48932.192.168.1.1.1128861746.squirrel@mail.waywegos.com
> webmaster@kf6plh.com wrote:
>
>> I am running Fedora Core 4. I have been trying to upgrade my clamav
>> from ver 86.2 to 87.1 for a while now. When I use yum with the
>> crash-hat repo it installs fine but then I have problems with my email
>> server. I look for the clamd.conf file and it is not there in /etc. I
>> check to see if clamd is running, it is not. I try to restart clamd,
>> it tells me bad command. I then uninstall clamav 87 and reinstall 86
>> and every thing is fine. If I download the rpm directly and open it
>> with an archive manager I do not see clamd.conf any where.
>
> If you look at the Crash Hat repository you'll see that there is also a
> clamav-server rpm for 0.87, you need to install this as well as the
> clamav rpm as it contains the clamd.conf file and the init.d scripts for
> clamd as well as the logrotate files.
>
> I don't know when Petr changed this, but that's what is there now.
>
> --
>
> Brian Morrison
>
> bdm at fenrir dot org dot uk
>
> GnuPG key ID DE32E5C5 - http://wwwkeys.uk.pgp.net/pgpnet/wwwkeys.html
> _______________________________________________
> http://lurker.clamav.net/list/clamav-users.html
>

That was it!!

I am a bit confused. In his repository's the only version of Fedora to use
this server rpm is FC4.

Oh well!
Thanks Brian

Ken

_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
Re: (no subject) [ In reply to ]
On Sun, 9 Oct 2005 09:45:46 -0700 (PDT) in
44539.192.168.1.1.1128876346.squirrel@mail.waywegos.com
webmaster@kf6plh.com wrote:

> I am a bit confused. In his repository's the only version of Fedora
> to use this server rpm is FC4.

Yes, this is the case, I looked in the spec file for the rpms and he has
simply provided a server rpm so that installations that don't need clamd
don't install it.

You need it, hence the need to install both rpms now.

--

Brian Morrison

bdm at fenrir dot org dot uk

GnuPG key ID DE32E5C5 - http://wwwkeys.uk.pgp.net/pgpnet/wwwkeys.html
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
Re: (no subject) [ In reply to ]
Tim Jordan wrote:
> Is this really a virus?
>

No, but thats debatable.

> HTML.Phishing.Pay-157
>
> I think its junk mail but CLAMAV reports it as a virus.

What else would clamav report it as? Its a virus scanner. Call it junk
mail, spam, just plain garbage, etc. The point is, its potentially
harmful and as such, clamav detects it.

>
> Thank you,
>
> Tim

-Jim
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
Re: (no subject) [ In reply to ]
On Jul 26, 2006, at 1:29 PM, Tim Jordan wrote:
> Is this really a virus?
>
> HTML.Phishing.Pay-157
>
> I think its junk mail but CLAMAV reports it as a virus.

It's a phishing scam carried via email which is about as malicious as
a virus is....

--
-Chuck

_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
Re: (no subject) [ In reply to ]
On Wed, July 26, 2006 1:29 pm, Tim Jordan said:
> Is this really a virus?
>
> HTML.Phishing.Pay-157
>
> I think its junk mail but CLAMAV reports it as a virus.

CLAMAV detects phishing spam, and reports it. Since it can only report as
a virus, that's all it can report as.

The next version is scheduled to allow you to turn off the 'phishing'
scans as a run-time option, but until then the only way to disable them is
to remove the signatures from your database file.

Daniel T. Staal

---------------------------------------------------------------
This email copyright the author. Unless otherwise noted, you
are expressly allowed to retransmit, quote, or otherwise use
the contents for non-commercial purposes. This copyright will
expire 5 years after the author's death, or in 30 years,
whichever is longer, unless such a period is in excess of
local copyright law.
---------------------------------------------------------------

_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
Re: (no subject) [ In reply to ]
Tim Jordan wrote:
> Is this really a virus?
>
> HTML.Phishing.Pay-157
>
> I think its junk mail but CLAMAV reports it as a virus.

tom-ay-to, tom-ah-toe :-)

I'm glad clamAV does flag these.... I use a procmail receipe on my mail
server to change the subject accordingly, and a dd a couple of X-
headers to the message...

Keep up the great detection work :-)


_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
Re: (no subject) [ In reply to ]
> On 10/16/07, oboltus <oboltus@bigmir.net> wrote:
>> Hello!
>> I address with a question, the answer on which could not find in FAQ. whether can clamav check on viruses outcoming mail? If yes, as it to realize?
>> thank you in advance.

> Yes - the solution of course will depend on your mail server, which
> you make no mention of.

OS - Linux RedHat 7.3
MTA - sendmail


mailto:oboltus@bigmir.net

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
Re: (no subject) [ In reply to ]
On 10/23/07, oboltus <oboltus@bigmir.net> wrote:
>
> > Yes - the solution of course will depend on your mail server, which
> > you make no mention of.
>
> OS - Linux RedHat 7.3
> MTA - sendmail

Then you have a range of options, including clamav-milter, MIMEDefang
and amavisd-new, to name but a few.

--
Please keep list traffic on the list.

Rob MacGregor
Whoever fights monsters should see to it that in the process he
doesn't become a monster. Friedrich Nietzsche
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
Re: (no subject) [ In reply to ]
>> Hello!
>> I address with a question, the answer on which could not find in FAQ. whether can clamav check on viruses outcoming
>> mail? If yes, as it to realize?
>> thank you in advance.

> Yes - the solution of course will depend on your mail server, which
> you make no mention of.

>>OS - Linux RedHat 7.3
>>MTA - sendmail

> Then you have a range of options, including clamav-milter, MIMEDefang
> and amavisd-new, to name but a few.

Could You set an example of practical realization with use clamav-milter?



mailto:oboltus@bigmir.net

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
Re: (no subject) [ In reply to ]
On 10/23/07, oboltus <oboltus@bigmir.net> wrote:
>
> Could You set an example of practical realization with use clamav-milter?

See the documentation/man page/google.

--
Please keep list traffic on the list.

Rob MacGregor
Whoever fights monsters should see to it that in the process he
doesn't become a monster. Friedrich Nietzsche
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
Re: (no subject) [ In reply to ]
On 04/16/2010 10:21 AM, Dima wrote:
> Hello
>
> Today, after the next regular virus database update antivirus stopped
> working. The following quote log database update and response program.


> Fri Apr 16 10:12:14 2010 -> clamd daemon 0.92.1 (OS: linux-gnu, ARCH:
> i386, CPU: i386)

http://www.clamav.net/eol-clamav-094/

>
> What can you advise?

Upgrade it.
If you use Debian add the volatile repository.

Best regards,
--Edwin
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: (no subject) [ In reply to ]
On Fri, 2010-04-16 at 10:37 +0300, Török Edwin wrote:
> On 04/16/2010 10:21 AM, Dima wrote:
> > Hello
> >
> > Today, after the next regular virus database update antivirus stopped
> > working. The following quote log database update and response program.
>
>
> > Fri Apr 16 10:12:14 2010 -> clamd daemon 0.92.1 (OS: linux-gnu, ARCH:
> > i386, CPU: i386)
>
> http://www.clamav.net/eol-clamav-094/
>
> >
> > What can you advise?
>
> Upgrade it.
> If you use Debian add the volatile repository.
>
> Best regards,
> --Edwin
Shame you haven't talked to to others - like havp for example - before
doing this.
Re: (no subject) [ In reply to ]
On Fri, 16 Apr 2010 11:58:29 +0300
"Dima" <clamuser@visaginas.net> wrote:

> Hit http://archive.debian.org sarge/volatile/non-free Packages
> Hit http://archive.debian.org sarge/volatile/non-free Release
> Reading Package Lists... Done
> server:/# LANG=C apt-get install clamav clamav-base clamav-daemon
> clamav-freshclam clamav-milter libclamav1 libclamav3
> Reading Package Lists... Done
> Building Dependency Tree... Done
> clamav is already the newest version.
> clamav-base is already the newest version.
> clamav-daemon is already the newest version.
> clamav-freshclam is already the newest version.
> clamav-milter is already the newest version.
> libclamav1 is already the newest version.
> libclamav3 is already the newest version.
> 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
>
> There is still a proposal?

Sarge is 5 years old and no longer maintained (including security fixes!)
since 2008. You should really update your OS first.

--
oo ..... Tomasz Kojm <tkojm@clamav.net>
(\/)\......... http://www.ClamAV.net/gpg/tkojm.gpg
\..........._ 0DCA5A08407D5288279DB43454822DC8985A444B
//\ /\ Fri Apr 16 11:06:50 CEST 2010
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: (no subject) [ In reply to ]
On Fri, 16 Apr 2010 11:58:29 +0300, "Dima" <clamuser@visaginas.net> wrote:
>> Upgrade it. If you use Debian add the volatile repository.
> Hit http://archive.debian.org sarge/main Packages
> Hit http://archive.debian.org sarge/main Release
> Hit http://archive.debian.org sarge/contrib Packages
> Hit http://archive.debian.org sarge/contrib Release
> Hit http://archive.debian.org sarge/non-free Packages

> Reading Package Lists... Done
> Building Dependency Tree... Done
> clamav is already the newest version.

> There is still a proposal?

You are running Debian Sarge! That's been EOL and unsupported for over 2
years (March 2008). See here - http://www.debian.org/releases/sarge/

Your best bet is to upgrade to Debian etch:

1) Backup your system (this might break)
2) Edit /etc/apt/sources.list - replace anything that says 'sarge' with
'etch'
3) Run apt-get update
4) Run apt-get dist-upgrade

This chap has a helpful guide:
http://rimuhosting.com/knowledgebase/linux/distros/debian-sarge-to-etch

Hope this helps. You really can't complain at the ClamAV team if you're
running old, outdated systems. They have been warning us for months that
this was going to happen.


Regards


Richard

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: (no subject) [ In reply to ]
On Fri, 16 Apr 2010 12:28:44 +0300
"Dima" <clamuser@visaginas.net> wrote:

> There is a small problem - until this morning me and tens of thousands of
> other users of this operating system is fully suited for more than 5
> years. Update your operating system is now quick and painless can not
> perform because of very many reasons, such as your - incompatibility (eg
> convert MySQL databases hundreds of thousands of tables in utf8).
> Your suggestion - remove clamav and forget about the antivirus?

You can always try to compile from source

--
oo ..... Tomasz Kojm <tkojm@clamav.net>
(\/)\......... http://www.ClamAV.net/gpg/tkojm.gpg
\..........._ 0DCA5A08407D5288279DB43454822DC8985A444B
//\ /\ Fri Apr 16 11:30:49 CEST 2010
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: (no subject) [ In reply to ]
On 04/16/2010 01:07 PM, Dima wrote:
> I have something very much doubt that this can be done on the old compiler
> using libraries of those times.

People have successfully built ClamAV on various old systems, maybe not
with all the features, but it surely built and run.

Just give it a try.

Best regards,
--Edwin
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: (no subject) [ In reply to ]
Richard Bishop wrote:

>You are running Debian Sarge! That's been EOL and unsupported for over 2
>years (March 2008). See here - http://www.debian.org/releases/sarge/

Yes, I am as well - and for several good reasons.

1) If it aint broke, don't fix it. It works, has worked reliably for
several years, and was working fine yesterday. It's uptime is
currently 405 days, and then the last downtime was to physically move
the server.

2) If it aint broke - don't fix it. There's no way I'd attempt a
major upgrade in-place when it's a live server used 24*7. For various
internal reasons (which I'm sure you can guess) I don't have the
resources to do anything but an in-place upgrade if I want to upgrade.

3) I can accept that software will go out of support - but I never
expected a Miscrosoft-esque remote shutdown.


Recognising that Sarge is quite old, I have in fact got a new server
about ready to go - and I've taken the opportunity to roll in some
better features that the current live one. However, I don't have the
hardware to deploy it with yet - and I probably won't for several
months.

--
Simon Hobson

Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
author Gladys Hobson. Novels - poetry - short stories - ideal as
Christmas stocking fillers. Some available as e-books.
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: (no subject) [ In reply to ]
Em 16/04/2010 07:22, Török Edwin escreveu:
> On 04/16/2010 01:07 PM, Dima wrote:
>> I have something very much doubt that this can be done on the old
>> compiler
>> using libraries of those times.
>
> People have successfully built ClamAV on various old systems, maybe
> not with all the features, but it surely built and run.

just as example, i could successfully built and get clamav 0.95.3
on a redhat 9 box with GCC 3.2.2. Thats surely an example of OLD system
! It was released in 2003 and its EOL was 2004-04-30.

havent tried clamav 0.96 because i had 0.95 confs ready and had to
upgrade quickly after the kill signature was published yesterday.

[root@correio root]# cat /etc/redhat-release
Red Hat Linux release 9 (Shrike)

[root@correio root]# gcc --version
gcc (GCC) 3.2.2 20030222 (Red Hat Linux 3.2.2-5)
Copyright (C) 2002 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.


[root@correio root]# clamd --version
ClamAV 0.95.3-exp/10751/Thu Apr 15 23:23:45 2010


--


Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertrudes@solutti.com.br
My SPAMTRAP, do not email it




_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: (no subject) [ In reply to ]
Leonardo Rodrigues wrote:
> Em 16/04/2010 07:22, Török Edwin escreveu:
>> On 04/16/2010 01:07 PM, Dima wrote:
>>> I have something very much doubt that this can be done on the old
>>> compiler
>>> using libraries of those times.
>>
>> People have successfully built ClamAV on various old systems, maybe
>> not with all the features, but it surely built and run.
>
> just as example, i could successfully built and get clamav 0.95.3 on a
> redhat 9 box with GCC 3.2.2. Thats surely an example of OLD system ! It
> was released in 2003 and its EOL was 2004-04-30.

I've even managed to build 0.96 on a Redhat 7.2 based system, gcc 2.96
(Redhat patched version), though I did have to update zlib manually to
get "make check" to pass.

>
> havent tried clamav 0.96 because i had 0.95 confs ready and had to
> upgrade quickly after the kill signature was published yesterday.
>
> [root@correio root]# cat /etc/redhat-release
> Red Hat Linux release 9 (Shrike)
>
> [root@correio root]# gcc --version
> gcc (GCC) 3.2.2 20030222 (Red Hat Linux 3.2.2-5)
> Copyright (C) 2002 Free Software Foundation, Inc.
> This is free software; see the source for copying conditions. There is NO
> warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
>
>
> [root@correio root]# clamd --version
> ClamAV 0.95.3-exp/10751/Thu Apr 15 23:23:45 2010
>
>
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: (no subject) [ In reply to ]
> Shame you haven't talked to to others - like havp for example - before
> doing this.

The announcement to EOL the old releases was made at the start of
october last year. If people using clam as an integral part of their
software don't read announcements, what fault is that of the clam
developers?

They had 6 months to sort it out.

--
Spiro Harvey Knossos Networks Ltd
021-295-1923 www.knossos.net.nz
Re: (no subject) [ In reply to ]
> 1) If it aint broke, don't fix it. It works, has worked reliably for
> several years, and was working fine yesterday. It's uptime is

And now it's broken. So you have to fix it. Life on the edge is scary
for some sysadmins, eh?

> currently 405 days, and then the last downtime was to physically move
> the server.

So for 405 days you've done no kernel patches? Awesome. I bet that
server's a bunch of remote exploits waiting to happen (if they haven't
already).

Using massive uptimes to prove how cool your server is actually just
shows that you're not doing the right maintenance.

> 2) If it aint broke - don't fix it. There's no way I'd attempt a
> major upgrade in-place when it's a live server used 24*7. For various
> internal reasons (which I'm sure you can guess) I don't have the
> resources to do anything but an in-place upgrade if I want to upgrade.

Well if they don't want patches on it, and they're not prepared to give
you money to have a backup server to do upgrades on, then it can't be
as critical as they're telling you.

> 3) I can accept that software will go out of support - but I never
> expected a Miscrosoft-esque remote shutdown.

You should have expected it 6 months ago when the announcement was made.
Re: (no subject) [ In reply to ]
Shhhhh

They've simmered down, I don't need the issue stirred up again

Spiro Harvey wrote:
>> Shame you haven't talked to to others - like havp for example - before
>> doing this.
>>
>
> The announcement to EOL the old releases was made at the start of
> october last year. If people using clam as an integral part of their
> software don't read announcements, what fault is that of the clam
> developers?
>
> They had 6 months to sort it out.
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
> http://www.clamav.net/support/ml
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: (no subject) [ In reply to ]
On 4/18/10 1:27 PM, Spiro Harvey wrote:
>> Shame you haven't talked to to others - like havp for example - before
>> doing this.
>
> The announcement to EOL the old releases was made at the start of
> october last year. If people using clam as an integral part of their
> software don't read announcements, what fault is that of the clam
> developers?
>
> They had 6 months to sort it out.

The people that had problems probably download signatures straight into the
signature directory that clamd uses. I drop mine into a holding directory where
I can test them first. Yes, I know that is all built into freshclam, but I'd
rather know ahead of time if a sig is going to be harmful. I use the exact same
process for checking SaneSecurity and other third-party signatures. I didn't
need it this time because I'd upgraded long ago, but it's not a bad process.

dp
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: (no subject) [ In reply to ]
On Apr 18, 2010, at 1:40 PM, Ken Campney wrote:

> Shhhhh
>
> They've simmered down, I don't need the issue stirred up again
>
> Spiro Harvey wrote:
>>> Shame you haven't talked to to others - like havp for example -
>>> before
>>> doing this.
>>>
>>
>> The announcement to EOL the old releases was made at the start of
>> october last year. If people using clam as an integral part of their
>> software don't read announcements, what fault is that of the clam
>> developers?
>>
>> They had 6 months to sort it out.
>>
>>
>> ------------------------------------------------------------------------
>>

And you run the risk of being called the "most arrogant and ignorant
person on the Internet"....... Oh my....

Jim
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: (no subject) [ In reply to ]
yup, that's me, though in all honesty the comment was supposed to read
"They've simmered down, I don't "think the issue needs stirring up again"

Proof reading is a wonderful thing when not practiced in moderation :\

>
> And you run the risk of being called the "most arrogant and ignorant
> person on the Internet"....... Oh my....
>
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: (no subject) [ In reply to ]
On Apr 18, 2010, at 2:39 PM, Ken Campney wrote:

> yup, that's me, though in all honesty the comment was supposed to
> read "They've simmered down, I don't "think the issue needs stirring
> up again"
>
> Proof reading is a wonderful thing when not practiced in moderation :\
>
>>
>> And you run the risk of being called the "most arrogant and
>> ignorant person on the Internet"....... Oh my....
>>

No, I was referring to personal attacks against me and my
contributions to the fray Fri and Sat....

Jim

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: (no subject) [ In reply to ]
Spiro Harvey wrote:

>So for 405 days you've done no kernel patches? Awesome. I bet that
>server's a bunch of remote exploits waiting to happen (if they haven't
>already).
>
>Using massive uptimes to prove how cool your server is actually just
>shows that you're not doing the right maintenance.

Or it could just be that applying a layered approach to security
means that those vulnerabilities that are there, aren't exploitable.
But then just running a fully up to date system is no guarantee - on
a different server we did get caught by a problem, one not fixed by
any kernel version available at the time from the Debian. Solution -
turn off the features that exposed the vulnerability.

That's the only problem I've had, in several years of running
multiple public facing servers.

Risk is not black and white. Trying to eliminate risk is about as
fruitful as p***ing into the wind. Managing risk is a different
matter. There are risks in not updating, there are risks in updating
- how you weight those risks is a matter of preference, judgement,
and practicality.

You're entitled to your opinion - it just differs from mine.


> > 2) If it aint broke - don't fix it. There's no way I'd attempt a
>> major upgrade in-place when it's a live server used 24*7. For various
>> internal reasons (which I'm sure you can guess) I don't have the
>> resources to do anything but an in-place upgrade if I want to upgrade.
>
>Well if they don't want patches on it, and they're not prepared to give
>you money to have a backup server to do upgrades on, then it can't be
>as critical as they're telling you.

Or it could be a reflection of management priorities - the job pays
the bills, it doesn't mean I like all of it.

> > 3) I can accept that software will go out of support - but I never
>> expected a Miscrosoft-esque remote shutdown.
>
>You should have expected it 6 months ago when the announcement was made.

Well I could have if I'd seen that - but that ground's been covered
to death already.
--
Simon Hobson

Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
author Gladys Hobson. Novels - poetry - short stories - ideal as
Christmas stocking fillers. Some available as e-books.
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: (no subject) [ In reply to ]
>> > 2) If it aint broke - don't fix it. There's no way I'd attempt a
>>> major upgrade in-place when it's a live server used 24*7. For
>>> various
>>> internal reasons (which I'm sure you can guess) I don't have the
>>> resources to do anything but an in-place upgrade if I want to
>>> upgrade.
>>
>> Well if they don't want patches on it, and they're not prepared to
>> give
>> you money to have a backup server to do upgrades on, then it can't be
>> as critical as they're telling you.
>
> Or it could be a reflection of management priorities - the job pays
> the bills, it doesn't mean I like all of it.

Yes, and most likely the case and most likely the managers screaming
that it should not have failed because they did not authorize the
server to fail. And yes this a weak attempt at humor on my part and
not in need of retort.

>
>> > 3) I can accept that software will go out of support - but I never
>>> expected a Miscrosoft-esque remote shutdown.
>>
>> You should have expected it 6 months ago when the announcement was
>> made.
>
> Well I could have if I'd seen that - but that ground's been covered
> to death already.

But on a more serious note, what method would you like to have had
them take to make you aware of the impending failure? I think they did
due diligence although they failed to provide a link to the EOL page
which should have been prominently displayed on the page the ClamAV
log warning links to. If there are more notification methods they
should have used, then that is where improvement should be made not
debating if they should protect users from signature and other
improvements that may break unsupported versions.......

> --
> Simon Hobson
>
>

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: (no subject) [ In reply to ]
>Yes, and most likely the case and most likely the managers screaming
>that it should not have failed because they did not authorize the
>server to fail. And yes this a weak attempt at humor on my part and
>not in need of retort.

Not so weak - but it sounds like you've met some of my past managers !

--
Simon Hobson

Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
author Gladys Hobson. Novels - poetry - short stories - ideal as
Christmas stocking fillers. Some available as e-books.
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: (no subject) [ In reply to ]
On 4/19/10 9:22 AM, Jim Preston wrote:

>
> But on a more serious note, what method would you like to have had them
> take to make you aware of the impending failure?

The question wasn't directed to my but I'd like to see them be more selective as
to who should be allowed to use this product. Maybe an IQ test.

dp

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: (no subject) [ In reply to ]
Dennis Peterson wrote:

>The question wasn't directed to my but I'd like to see them be more
>selective as to who should be allowed to use this product. Maybe an
>IQ test.

Really that is an insulting statement - and completely un called for.
It's exactly the sort of attitude that drives people away from the
FOSS movement - an almost religious zeal in supporting a closed shop
mentality.

On one hand, people see a FOSS world inhabited by these religious
zealots espousing the notion that to use a computer you must be some
sort of uber nerd, fluent in multiple languages, and capable of
programming a bare metal computer by thought transference (OK, so
that's a slight exaggeration !). On the other hand, they see
commercial offerings that appear to be made by people who actually
care about people using their stuff - ie making it usable by mere
human beings.

Some people in the FOSS movement understand this - that's why there's
so much work to make things usable by "ordinary people". It's just a
pity there are still the bigots around espousing your view.

Now, if you want a project that employs such restrictions - go and
build one. Being under an open licence, this one is available to all
- either like it or lump it, but either way, keep your insults to
yourself.

--
Simon Hobson

Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
author Gladys Hobson. Novels - poetry - short stories - ideal as
Christmas stocking fillers. Some available as e-books.
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: (no subject) [ In reply to ]
On Mon, 2010-04-19 at 17:28 -0700, Dennis Peterson wrote:
[...]
> The question wasn't directed to my but I'd like to see them be more selective as
> to who should be allowed to use this product. Maybe an IQ test.

No. Everyone should be allowed to shoot in the foot - with free/open
source or proprietary software.

Bernd
--
Bernd Petrovitsch Email : bernd@petrovitsch.priv.at
LUGA : http://www.luga.at

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: (no subject) [ In reply to ]
Spiro Harvey wrote:
>> Shame you haven't talked to to others - like havp for example - before
>> doing this.
>
> The announcement to EOL the old releases was made at the start of
> october last year. If people using clam as an integral part of their
> software don't read announcements, what fault is that of the clam
> developers?
>
> They had 6 months to sort it out.

The thing is that there are a few little issues here that, as points of law
are not clear yet. In what follows words like 'vendor' may not be used
entirely legally precisely, IANAL, but I am certain that with a bit of
squinting my meaning will be clear.

I know that in certain jurisdictions, reaching out to someone elses
computer (ie not your property) and disabling functionality on it could
constitute a criminal act.

I sincerely hope that someone somewhere under such a jurisdiction goes to
the police and reports the Clamav developers for such an offense.

Why?

Because Clamav is now in the same category as Apple, Amazon and Sony (to
name three that come to mind right away). This is the category of vendors
who have remotely disabled (or removed) software running on computers or
devices belonging to their customers. Not on computers or devices belonging
to the vendor and which are leased to customers, but the *property* of
those customers.

I believe that this is extremely inappropriate behavior for *any* vendor. I
am shocked that an OSS vendor would even consider such an action.

Note the massive amount of negative press that Amazon got for remotely
deleting copies of George Orwell's 1984 from the Kindle. Sony have recently
started remotely disabling Linux functionality on the PS3 iirc. Do we
really want the OSS community to be tarred with the same brush?

This kind of high-handed arrogance NEEDS to be put down and hard.

I imagine that the Clamav team would be hard put to raise a decent legal
defense against this and, so, if they lose such a case a legal precedent
could be set which could conceivably deter this kind of thing from larger
organisations.

I would really love to see that happen even if it destroys the Clamav project.

No hard feelings against them, but if Clamav want to set themselves up as
sacrificial lambs to test a point of law and it ultimately benefits society
at large, great.




--
Please remember that an email is just like a postcard; it is not
confidential nor private nor secure and can be read by many other people
than the intended recipient. A postcard can be read by anyone at the mail
sorting office and expecting what is written on it to be private and secret
is not realistic. Please hold no higher expectation of email.

If you need to send confidential information in an email you need to use
encryption. PGP is Pretty good for this.
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: (no subject) [ In reply to ]
On 04/21/2010 02:36 PM, Steve Wray wrote:
>
> Because Clamav is now in the same category as Apple, Amazon and Sony
> (to name three that come to mind right away). This is the category of
> vendors who have remotely disabled (or removed) software running on
> computers or devices belonging to their customers. Not on computers or
> devices belonging to the vendor and which are leased to customers, but
> the *property* of those customers.
.......
> I would really love to see that happen even if it destroys the Clamav
> project.

Whoah! Really long brush you've got there... I invoke GODWIN'S LAW on
this thread. If people developing Open Source software took your threats
seriously - THERE WOULD BE NO OPEN SOURCE

ClamAV devs: your response was appropriate. I speak on behalf of the 99%
of sites unaffected by this. You can tell that as only 10 people seem to
be involved in this thread.

--
Cheers

Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: (no subject) [ In reply to ]
Steve Wray wrote:
> Spiro Harvey wrote:
>>> Shame you haven't talked to to others - like havp for example - before
>>> doing this.
>>
>> The announcement to EOL the old releases was made at the start of
>> october last year. If people using clam as an integral part of their
>> software don't read announcements, what fault is that of the clam
>> developers?
>>
>> They had 6 months to sort it out.
>
> The thing is that there are a few little issues here that, as points
> of law are not clear yet. In what follows words like 'vendor' may not
> be used entirely legally precisely, IANAL, but I am certain that with
> a bit of squinting my meaning will be clear.
>
> I know that in certain jurisdictions, reaching out to someone elses
> computer (ie not your property) and disabling functionality on it
> could constitute a criminal act.
>
> I sincerely hope that someone somewhere under such a jurisdiction goes
> to the police and reports the Clamav developers for such an offense.
>
> Why?
>
> Because Clamav is now in the same category as Apple, Amazon and Sony
> (to name three that come to mind right away). This is the category of
> vendors who have remotely disabled (or removed) software running on
> computers or devices belonging to their customers. Not on computers or
> devices belonging to the vendor and which are leased to customers, but
> the *property* of those customers.
>
> I believe that this is extremely inappropriate behavior for *any*
> vendor. I am shocked that an OSS vendor would even consider such an
> action.
>
> Note the massive amount of negative press that Amazon got for remotely
> deleting copies of George Orwell's 1984 from the Kindle. Sony have
> recently started remotely disabling Linux functionality on the PS3
> iirc. Do we really want the OSS community to be tarred with the same
> brush?
>
> This kind of high-handed arrogance NEEDS to be put down and hard.
>
> I imagine that the Clamav team would be hard put to raise a decent
> legal defense against this and, so, if they lose such a case a legal
> precedent could be set which could conceivably deter this kind of
> thing from larger organisations.
>
> I would really love to see that happen even if it destroys the Clamav
> project.
>
> No hard feelings against them, but if Clamav want to set themselves up
> as sacrificial lambs to test a point of law and it ultimately benefits
> society at large, great.

Well, prosecution would be justified if ClamAV had actually done
something illegal. What they did was modifiy their signature database to
support new features with advance notice and the fact that any
particular installation of unsupported software failed to handle it
properly is the onus of the owners / sysadmins of the individual
systems. If you happen to fall into that category, then it is time to
upgrade your system.

Jim
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: (no subject) [ In reply to ]
Jim Preston wrote:
> Steve Wray wrote:
>> Spiro Harvey wrote:
>>>> Shame you haven't talked to to others - like havp for example - before
>>>> doing this.
>>>
>>> The announcement to EOL the old releases was made at the start of
>>> october last year. If people using clam as an integral part of their
>>> software don't read announcements, what fault is that of the clam
>>> developers?
>>>
>>> They had 6 months to sort it out.
>>
>> The thing is that there are a few little issues here that, as points
>> of law are not clear yet. In what follows words like 'vendor' may not
>> be used entirely legally precisely, IANAL, but I am certain that with
>> a bit of squinting my meaning will be clear.
>>
>> I know that in certain jurisdictions, reaching out to someone elses
>> computer (ie not your property) and disabling functionality on it
>> could constitute a criminal act.
>>
>> I sincerely hope that someone somewhere under such a jurisdiction goes
>> to the police and reports the Clamav developers for such an offense.
>>
>> Why?
>>
>> Because Clamav is now in the same category as Apple, Amazon and Sony
>> (to name three that come to mind right away). This is the category of
>> vendors who have remotely disabled (or removed) software running on
>> computers or devices belonging to their customers. Not on computers or
>> devices belonging to the vendor and which are leased to customers, but
>> the *property* of those customers.
>>
>> I believe that this is extremely inappropriate behavior for *any*
>> vendor. I am shocked that an OSS vendor would even consider such an
>> action.
>>
>> Note the massive amount of negative press that Amazon got for remotely
>> deleting copies of George Orwell's 1984 from the Kindle. Sony have
>> recently started remotely disabling Linux functionality on the PS3
>> iirc. Do we really want the OSS community to be tarred with the same
>> brush?
>>
>> This kind of high-handed arrogance NEEDS to be put down and hard.
>>
>> I imagine that the Clamav team would be hard put to raise a decent
>> legal defense against this and, so, if they lose such a case a legal
>> precedent could be set which could conceivably deter this kind of
>> thing from larger organisations.
>>
>> I would really love to see that happen even if it destroys the Clamav
>> project.
>>
>> No hard feelings against them, but if Clamav want to set themselves up
>> as sacrificial lambs to test a point of law and it ultimately benefits
>> society at large, great.
>
> Well, prosecution would be justified if ClamAV had actually done
> something illegal. What they did was modifiy their signature database to
> support new features with advance notice and the fact that any
> particular installation of unsupported software failed to handle it
> properly is the onus of the owners / sysadmins of the individual
> systems. If you happen to fall into that category, then it is time to
> upgrade your system.

I am not a lawyer but I do think that this is something that the
authorities might possibly examine.

I do think that pushing out an update which disables functionality without
explicitly requesting permission to make such a change *before* making that
change *should* be criminal.

Ie: without someone on the server which is about to have a service stopped
having to at least press the 'y' key on their keyboard, for example.

This kind of thing really is extremely arrogant, I can see no other way to
put it. Sorry if that offends.




--
Please remember that an email is just like a postcard; it is not
confidential nor private nor secure and can be read by many other people
than the intended recipient. A postcard can be read by anyone at the mail
sorting office and expecting what is written on it to be private and secret
is not realistic. Please hold no higher expectation of email.

If you need to send confidential information in an email you need to use
encryption. PGP is Pretty good for this.
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: (no subject) [ In reply to ]
Well, prosecution would be justified if ClamAV had actually done
something illegal. What they did was modifiy their signature database to
support new features with advance notice and the fact that any
particular installation of unsupported software failed to handle it
properly is the onus of the owners / sysadmins of the individual
systems. If you happen to fall into that category, then it is time to
upgrade your system.
>
> I am not a lawyer but I do think that this is something that the
> authorities might possibly examine.
>
> I do think that pushing out an update which disables functionality
> without explicitly requesting permission to make such a change
> *before* making that change *should* be criminal.
>
> Ie: without someone on the server which is about to have a service
> stopped having to at least press the 'y' key on their keyboard, for
> example.
>
> This kind of thing really is extremely arrogant, I can see no other
> way to put it. Sorry if that offends.

And I am sure that authorities will examine it and I sincerely hope they
waste as much of YOUR tax dollars as possible doing so.

And no offense taken by your posting.

Jim
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: (no subject) [ In reply to ]
Steve Wray wrote:
> I am not a lawyer but I do think that this is something that the
> authorities might possibly examine.
>
> I do think that pushing out an update which disables functionality
> without explicitly requesting permission to make such a change
> *before* making that change *should* be criminal.
>
> Ie: without someone on the server which is about to have a service
> stopped having to at least press the 'y' key on their keyboard, for
> example.
>
> This kind of thing really is extremely arrogant, I can see no other
> way to put it. Sorry if that offends.
>
PS: They did explicitly request permission by allowing users to comment
on their proposed changes for 6 months. Where were your objections
during that time?

Jim
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: (no subject) [ In reply to ]
On 4/21/10 05:38 , Jim Preston wrote:
> Steve Wray wrote:
>> I am not a lawyer but I do think that this is something that the
>> authorities might possibly examine.
>>
>> I do think that pushing out an update which disables functionality
>> without explicitly requesting permission to make such a change
>> *before* making that change *should* be criminal.
>>
>> Ie: without someone on the server which is about to have a service
>> stopped having to at least press the 'y' key on their keyboard, for
>> example.
>>
>> This kind of thing really is extremely arrogant, I can see no other
>> way to put it. Sorry if that offends.
>>
> PS: They did explicitly request permission by allowing users to
> comment on their proposed changes for 6 months. Where were your
> objections during that time?
>
> Jim
> _______________________________________________
> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
> http://www.clamav.net/support/ml
>
I always chuckle when "aggressors" shoot themselves in the foot like
that... Shows they've not actually READ the threads, and just jump on
their high horses like righteous knights...
I was itching to type that reply, but - more like a just knight than a
righteous knight <G> - first read the rest of the posts... Thank you for
doing it, so I don't "have" to get in to the discussion again...

--FP
Thinking it's always good to realize there's people standing behind you
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: (no subject) [ In reply to ]
On Tue, 2010-04-20 at 20:34 -0700, Jim Preston wrote:
> Well, prosecution would be justified if ClamAV had actually done
> something illegal.

They did. Releasing 'code' that they new had a potential to harm or
interfere with the operation of systems. It's a clearly defined CRIMINAL
offence in my part of the world. I suspect that this state of affairs is
also true in the USA if the case of Gary McKinnon is used as a point of
reference. Perhaps, Jim, you would like to offer the name and address of
the person pushing this code out if it does not bother you at all? I'm
sure there are a few pissed people in the UK and Europe who would like
to even the score up on behalf of Gary McKinnon.

It is also clearly a case of blackmail. 'If you don't do this, I will
break that' - again, that is a criminal offence in most parts of the
civilised world. (I do accept that this may have been the work of
*Americans* who may have lower moral and ethical standards than the rest
of the world).

The correct thing to do would be to warn users of older versions that no
update was possible, leaving it running. Not to deliberately and
purposely crash it, and anything that depends on it. The mechanism
clearly exists to do that, no??:

WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.94.2 Recommended version: 0.96

It was notable to see the difficulty people had trying to update. Try
googling this: 'update clamav', first hit:
http://www.clamav.net/lang/en/
Now, from that link, try and find instructions on *how* to upgrade. It's
pretty appalling to find the info needed. It's fair to say You've had a
number of months to make sure that good, easy to find information is
easy to find in order to match the carnage you knew it would create for
some people. Sure, there is an email support list, but when clam has
crashed your mail server, that's about as much use as a chocolate tea
pot.

But in all of this ding dong something else rather amazing strikes me.
In a world of over 6 billion people there was not much noise made about
this in real terms, which may suggest just how insignificant CLAM is as
a project - this rather amuses me given the clear intent of breaking
systems was, in my view, more sinister. I hold the opinion that it was,
in part, an attempt to get people to notice CLAM and how they depend on
it, and in reality only a handful of people in this big wide world even
noticed it. It did not even make news anywhere. In fact, all it has done
is piss off a few people who may well stop using it - after all, it's
mostly only protecting windows machines at the gateway, and it does such
a poor job of it they all tend to rely on local AV anyway. Save the
clock cycles and future hassle and ditch it being plausible advice.


I'm sure the big players like Trend & Barracuda who sell CLAM in their
own products were not hurt by this spiteful, malicious and wicked act.
Nor was I. I guess they are used to issues with CLAM having to make
daily apologies for all the stuff it misses, let alone this little
moment in it's history. The people who probably suffered were just a
chunk of small businesses struggling to make ends meet, tiny clinics in
the middle of Africa hanging off a dial-up, or other groups with not
much money or time. I'm sure they really needed the hassle of this on
top of everything else. I do hope your mother would be very proud of
you :-)

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: (no subject) [ In reply to ]
> From: clamav-users-bounces@lists.clamav.net [mailto:clamav-users-
> bounces@lists.clamav.net] On Behalf Of Jim Preston
> Steve Wray wrote:
> > Spiro Harvey wrote:
> >>> Shame you haven't talked to to others - like havp for example -
> before
> >>> doing this.
> >>
> >> The announcement to EOL the old releases was made at the start of
> >> october last year. If people using clam as an integral part of their
> >> software don't read announcements, what fault is that of the clam
> >> developers?
> >>
> >> They had 6 months to sort it out.
> >
> > The thing is that there are a few little issues here that, as points
> > of law are not clear yet. In what follows words like 'vendor' may not
> > be used entirely legally precisely, IANAL, but I am certain that with
> > a bit of squinting my meaning will be clear.
> >
> > I know that in certain jurisdictions, reaching out to someone elses
> > computer (ie not your property) and disabling functionality on it
> > could constitute a criminal act.
> >
> > I sincerely hope that someone somewhere under such a jurisdiction
> goes
> > to the police and reports the Clamav developers for such an offense.
> > ....
> > ....
>
> Well, prosecution would be justified if ClamAV had actually done
> something illegal. What they did was modifiy their signature database
> to
> support new features with advance notice and the fact that any
> particular installation of unsupported software failed to handle it
> properly is the onus of the owners / sysadmins of the individual
> systems. If you happen to fall into that category, then it is time to
> upgrade your system.
>

If it aint broke - don't fix it
People it is broken because YOU didn't want to fix it.
There was a message (not everybody saw the message but it was there and every deb, rpm, god knows which format developer/owner/maker who case about his product had 6 months to FIX it so the system wasn't going to break.

If you
- compiled by hand: it's your problem
- installed a deb/rpm and your distro isn't updating because you didn't want to upgrade it: your problem
Who are you going to beat if your system is hacked? Debian/ubuntu/RedHat
- installed a deb/rpm and your distro isn't updating because your distro is EOL: it's your problem
Who are you going to beat if your system is hacked? Debian/ubuntu/RedHat

If your lock of the front door is very easy to break open do you want to change locks?


People please forget stupid child plays like my uptime is bigger than your uptime.

The system broke, because of a good reason(more/beter signatures) so update.
If you don't want to update your complete server buy a very small new one ($400) and install only clamav on it or install it with vmware/kvm/xen/....


met vriendelijke groet,
 
Maurice Lucas
 
TAOS-IT
………………………………………………………………....
Paulus Buijsstraat 191
2613 HR  Delft
www.taos-it.nl
KvK Haaglanden nr. 27254410
 
  Denk aan het milieu; is het afdrukken van deze e-mail echt noodzakelijk?


_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: (no subject) [ In reply to ]
In message <4BCE64A1.8040601@cwa.co.nz> Steve Wray
<steve.wray@cwa.co.nz> was claimed to have wrote:

>The thing is that there are a few little issues here that, as points of law
>are not clear yet. In what follows words like 'vendor' may not be used
>entirely legally precisely, IANAL, but I am certain that with a bit of
>squinting my meaning will be clear.
>
>I know that in certain jurisdictions, reaching out to someone elses
>computer (ie not your property) and disabling functionality on it could
>constitute a criminal act.

ClamAV developers didn't reach out to anyone.

Rather, most minimally competent ClamAV administrators configure their
systems to connect to ClamAV's servers on a regular basis and download
updated definition files.

More importantly, administrators configured their systems to stop
flowing mail in the event of a ClamAV failure. This is a configuration
choice, it's fairly trivial to configure mail to flow through unscanned
if you value a false sense of security over the potential of an outage.

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: (no subject) [ In reply to ]
> -----Original Message-----
> From: clamav-users-bounces@lists.clamav.net [mailto:clamav-users-
> bounces@lists.clamav.net] On Behalf Of lists
> Sent: woensdag 21 april 2010 8:10
> To: ClamAV users ML
> Subject: Re: [Clamav-users] (no subject)
>
> On Tue, 2010-04-20 at 20:34 -0700, Jim Preston wrote:
> > Well, prosecution would be justified if ClamAV had actually done
> > something illegal.
>
> They did. Releasing 'code' that they new had a potential to harm or
> interfere with the operation of systems. It's a clearly defined
> CRIMINAL
> offence in my part of the world. I suspect that this state of affairs
> is
> also true in the USA if the case of Gary McKinnon is used as a point of
> reference. Perhaps, Jim, you would like to offer the name and address
> of
> the person pushing this code out if it does not bother you at all? I'm
> sure there are a few pissed people in the UK and Europe who would like
> to even the score up on behalf of Gary McKinnon.
>
> It is also clearly a case of blackmail. 'If you don't do this, I will
> break that' - again, that is a criminal offence in most parts of the
> civilised world. (I do accept that this may have been the work of
> *Americans* who may have lower moral and ethical standards than the
> rest
> of the world).

Please show us some evidence that clamav made you install there free product on your server.
Why didn't you install "some other product"?
Is it your server? Then you have the power to install every product you want onto the machine but YOU choose Clamav and they didn't ordered/payed/beat you to dead if you didn't install there product.



met vriendelijke groet,
 
Maurice Lucas
 
TAOS-IT
………………………………………………………………....
Paulus Buijsstraat 191
2613 HR  Delft
www.taos-it.nl
KvK Haaglanden nr. 27254410
 
  Denk aan het milieu; is het afdrukken van deze e-mail echt noodzakelijk?


_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: (no subject) [ In reply to ]
On Wed, 2010-04-21 at 08:27 +0200, Maurice Lucas - TAOS-IT wrote:
> > -----Original Message-----
> > From: clamav-users-bounces@lists.clamav.net [mailto:clamav-users-
> > bounces@lists.clamav.net] On Behalf Of lists
> > Sent: woensdag 21 april 2010 8:10
> > To: ClamAV users ML
> > Subject: Re: [Clamav-users] (no subject)
> >
> > On Tue, 2010-04-20 at 20:34 -0700, Jim Preston wrote:
> > > Well, prosecution would be justified if ClamAV had actually done
> > > something illegal.
> >
> > They did. Releasing 'code' that they new had a potential to harm or
> > interfere with the operation of systems. It's a clearly defined
> > CRIMINAL
> > offence in my part of the world. I suspect that this state of affairs
> > is
> > also true in the USA if the case of Gary McKinnon is used as a point of
> > reference. Perhaps, Jim, you would like to offer the name and address
> > of
> > the person pushing this code out if it does not bother you at all? I'm
> > sure there are a few pissed people in the UK and Europe who would like
> > to even the score up on behalf of Gary McKinnon.
> >
> > It is also clearly a case of blackmail. 'If you don't do this, I will
> > break that' - again, that is a criminal offence in most parts of the
> > civilised world. (I do accept that this may have been the work of
> > *Americans* who may have lower moral and ethical standards than the
> > rest
> > of the world).
>
> Please show us some evidence that clamav made you install there free product on your server.
> Why didn't you install "some other product"?
> Is it your server? Then you have the power to install every product you want onto the machine but YOU choose Clamav and they didn't ordered/payed/beat you to dead if you didn't install there product.
>
Doesn't change a thing. If you threaten me with a course of action, if I
fail to do something that is blackmail. It's nothing else. It does not
matter if the product is free.

For instance, if I go to a shop and they give me a radio free. I take
that radio home and use it. If that shop then calls me up and says 'If
you don't change that radio, I'm going to break it' it is a case of
blackmail.

Have a nice day :-)

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: (no subject) [ In reply to ]
Steve Wray wrote:

>I know that in certain jurisdictions, reaching out to someone elses
>computer (ie not your property) and disabling functionality on it
>could constitute a criminal act.

I am also of the opinion that it was illegal under UK law.

>I sincerely hope that someone somewhere under such a jurisdiction
>goes to the police and reports the Clamav developers for such an
>offense.
>
>Why?
<snip>

I don't. As already pointed out, there are enough threats to FOSS and
we don't need to be shooting ourselves in the collective foot over
this.


Jason Haar wrote:

>ClamAV devs: your response was appropriate. I speak on behalf of the 99%
>of sites unaffected by this. You can tell that as only 10 people seem to
>be involved in this thread.

Only 10 people who thought it worth while to put their hands up and
say something about it. There will be many who will have seen the
threads and decided they have nothing more to add than "me too", and
probably a fair number that are waiting for their friendly tech to
unbreak their appliance.


Jim Preston wrote:

>Well, prosecution would be justified if ClamAV had actually done
>something illegal. What they did was modifiy their signature
>database to support new features with advance notice and the fact
>that any particular installation of unsupported software failed to
>handle it properly is the onus of the owners / sysadmins of the
>individual systems. If you happen to fall into that category, then
>it is time to upgrade your system.

So, suppose you live on some lane where there's a problem with people
racing up and down at night on motorcycles with no lights etc. You've
remonstrated with them to be more responsible, but they've not
listened. Eventually, you put a notice up in your garden giving them
6 months to sort themselves out as then you'll be doing something
about it.
Do you really think the police and courts would accept an argument of
"it was their own fault, I warned them, they carried on so it's not
my fault they decapitated themselves with the wire I strung across
the lane" ? There are so many areas where just telling someone you
are going to do something does NOT make it legal - and for good
reason.

You did not tell ME, therefore you did not have permission FROM ME to
makes changes to the way MY server operates. Giving notice that you
are going to trespass does not make that trespass legal, even if you
had come directly to me door and told me in person - which of course
no-one did even in computer terms of making any sort of related
message appear on my system.
Describing it as "issuing an update to signatures" is just semantics
- the signature was known to, and described as being solely to, break
the system (or at least the ClamAV element of it. No matter how the
server is configured, that is going to affect operations - either
stop mail from moving, or stop it being scanned.
You also cannot claim that my downloading of updates constitutes an
invite - it constitutes an invite to put AV sig updates on there for
the purpose of detecting new threats. A poison pill update doesn't
fit that description.


Jim Preston wrote:

>PS: They did explicitly request permission by allowing users to
>comment on their proposed changes for 6 months. Where were your
>objections during that time?

See above, that does NOT in any way constitute requesting my
permission. If you got up one morning and found your car gone from
the drive, I'd guess you'd call the police and report it stolen.
Would you accept if the manufacturer had recalled it, and in lieu of
actually asking your personal permission, had placed an add in a few
trade journals to say that they'd just be lifting them off owners
drives ? Would you accept that by not responding to one of those ads,
you'd given them permission ? Do you think the police and courts
would ?


Dave Warren wrote:

>ClamAV developers didn't reach out to anyone.
>
>Rather, most minimally competent ClamAV administrators configure their
>systems to connect to ClamAV's servers on a regular basis and download
>updated definition files.

That again is trying to use fine points of language to excuse
trespass. As stated above, the relation between users and the ClamAV
team is based on "by running Freshclam, the user is inviting the team
to supply AV updates for the purposes of detecting new threats" - and
I'm fairly sure that any reasonable person would consider it stopped
there.

By their own admission, the ClamAV team send an update which was not
to detect new threats, it was specifically and solely to make certain
installations stop working properly. No if's but's or maybe's, that
is the stated intention of the update.

It caused computer systems to stop working correctly, it was
deliberately designed to do so, and it was delivered in a manner that
could not be considered to be covered by the implied consent of
running Freshclam to fetch threat signature updates.

AND, it was not the only option available to them - so there isn't
even any defence of it being absolutely necessary "for the public
good".

--
Simon Hobson

Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
author Gladys Hobson. Novels - poetry - short stories - ideal as
Christmas stocking fillers. Some available as e-books.
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: (no subject) [ In reply to ]
In message <1271831753.5073.28.camel@localhost>, lists writes:
>For instance, if I go to a shop and they give me a radio free. I take
>that radio home and use it. If that shop then calls me up and says 'If
>you don't change that radio, I'm going to break it' it is a case of
>blackmail.

A better analogy would be that the shop calls you up to say "We're
switching to digital, your analog radio will stop working in six
months", and, in six months time, the radio no longer has anything to
listen to...

//Christer

--
| Hagåkersgatan 18C | Phone: Home +46 31 43 52 03 CTH: +46 31 772 5431 |
| S-431 41 Mölndal | Cell: +46 707 53 57 57 |
| Sweden | Mail: mort@chalmers.se |
"An NT server can be run by an idiot, and usually is." -- Tom Holub, a.h.b-o-i


_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: (no subject) [ In reply to ]
On Wed, 21 Apr 2010 08:20:08 +0200
Maurice Lucas - TAOS-IT <mslucas@taos-it.nl> wrote:

> If your lock of the front door is very easy to break open do you want to change locks?

Sorry to jump in.
There is a pretty famous film made by Michael Moore where he tested exactly
this topic (closed doors) in Canada and found out that leaving doors unlocked
right away can indeed make more sense than shooting anybody coming in because
of own paranoia.
If one really does not have the moral insight to understand that you never
should harm others' systems only because you feel that it is your right to do
so, well, how would you argue with someone like that?
Isn't the project all about fighting software that tries to harm your computer
_somehow_?
I see no signs that the project team feels to have crossed a border line they
shouldn't have. And that is even more sad. Nobody beats you for making a
mistake. People only beat you for not being able to learn from it and simply
say "sorry, we did not foresee the problems we created. This was not our
intention. we try to avoid this in the future."
Instead they only say "Bad luck. Your fault. Expect equivalent for future
releases."
There have already been projects in the past that suffered a lot from such a
point of view. The ones still alive mostly got forked.
Btw, I was not hit by the problem - this time.

> [...]
> met vriendelijke groet,
>  
> Maurice Lucas


--
Regards,
Stephan

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: (no subject) [ In reply to ]
Christer Boräng wrote:
>In message <1271831753.5073.28.camel@localhost>, lists writes:
>>For instance, if I go to a shop and they give me a radio free. I take
>>that radio home and use it. If that shop then calls me up and says 'If
>>you don't change that radio, I'm going to break it' it is a case of
>>blackmail.
>
>A better analogy would be that the shop calls you up to say "We're
>switching to digital, your analog radio will stop working in six
>months", and, in six months time, the radio no longer has anything to
>listen to...

Not a good analogy either.
If you want to use that one, it's more like a
major broadcaster deciding to go digital - and
then comeing round to blow up your radio to stop
you listening to the local station you actually
want to listen to that is still on analogue.
--
Simon Hobson

Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
author Gladys Hobson. Novels - poetry - short stories - ideal as
Christmas stocking fillers. Some available as e-books.
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: (no subject) [ In reply to ]
On Wed, 21 Apr 2010 08:15:35 +0100
Simon Hobson <linux@thehobsons.co.uk> articulated:

[snip]

I had thought by now that this thread would have died a natural death.
Obviously, I was mistaken. It has continued to pollute this forum for
nearly a week.

What has become conspicuously apparent is that if those who are doing
the most complaining had spend even one percent of that time keeping
their systems up-to-date and keeping themselves abreast of current
development and deployment strategies with the software they employ,
this whole discussion would be academic.

In the interest of eliminating any further waste of my time or computer
resources, I am now instigating a kill filter on this thread.

Have a nice day!

--
Jerry
ClamAV.user@seibercom.net

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the Reply-To header.
__________________________________________________________________

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: (no subject) [ In reply to ]
Jerry wrote:

> What has become conspicuously apparent is that if those who are doing
> the most complaining had spend even one percent of that time keeping
> their systems up-to-date and keeping themselves abreast of current
> development and deployment strategies with the software they employ,
> this whole discussion would be academic.
>
> In the interest of eliminating any further waste of my time or computer
> resources, I am now instigating a kill filter on this thread.

+1


--

Q: Because it reverses the logical flow of conversation.
A: Why is putting a reply at the top of the message frowned upon?
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: (no subject) [ In reply to ]
> > In the interest of eliminating any further waste of my time or
> > computer resources, I am now instigating a kill filter on this
> > thread.
>
> +1

+1

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: (no subject) [ In reply to ]
> +1

+0x1

but if you *really* must...
http://www.acepolls.com/polls/1116421-clamav-eol-what-do-you-think

Steve
Sanesecurity



_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: (no subject) [ In reply to ]
lists wrote:
>>
>> Please show us some evidence that clamav made you install there free product on your server.
>> Why didn't you install "some other product"?
>> Is it your server? Then you have the power to install every product you want onto the machine but YOU choose Clamav and they didn't ordered/payed/beat you to dead if you didn't install there product.
>>
>>
> Doesn't change a thing. If you threaten me with a course of action, if I
> fail to do something that is blackmail. It's nothing else. It does not
> matter if the product is free.
>
> For instance, if I go to a shop and they give me a radio free. I take
> that radio home and use it. If that shop then calls me up and says 'If
> you don't change that radio, I'm going to break it' it is a case of
> blackmail.
>
> Have a nice day :-)
>
How is warning you that there is a change blackmail? I think the notices
from banks and credit card companies that they are going jack my
interest rate to 30% (inject whatever percentage you like) and if I do
not like it I can immediately pay off my debt. Now THAT is blackmail.
ClamAV gave you warning. Why did you not simply unistall ClamAV and go
with another product?

Have a nice day :^)

Jim
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: Clubbing a deceased equine [ In reply to ]
On Wed, 21 Apr 2010, lists wrote:

> Doesn't change a thing. If you threaten me with a course of action, if I
> fail to do something that is blackmail. It's nothing else. It does not
> matter if the product is free.

Oh come on. If I tell you you'll get wet when if you go out in the rain
without an umbrella, is that blackmail ?

Old versions of Clam crashed on certain input. You were told when that input
was comming.

It's sounding like the Clam team would have been better off releaseing a
too-large signature and going "Whoops, I guess old versions can't handle
this. You better upgrade, sorry !" By warning people and releaseing a
known-bad signature with a message, somehow it's their fault now.


==========================================================
Chris Candreva -- chris@westnet.com -- (914) 948-3162
WestNet Internet Services of Westchester
http://www.westnet.com/
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: Clubbing a deceased equine [ In reply to ]
Christopher X. Candreva wrote:

>Oh come on. If I tell you you'll get wet when if you go out in the rain
>without an umbrella, is that blackmail ?

OK, so if I tell you that if you keep on going out without an
umbrella, then I'll throw a bucket of acid over you ... then by your
argument that's not blackmail, and by other arguments, it's perfectly
OK because I warned you in advance. That wouldn't be assault, it
wouldn't be a criminal act - it would be all your fault for ignoring
the warning I gave.

And by the way, I won't tell you directly, I'll put a notice up in my
front window that you may or may not walk past and may or may not see.

>Old versions of Clam crashed on certain input. You were told when that input
>was comming.
>
>It's sounding like the Clam team would have been better off releaseing a
>too-large signature and going "Whoops, I guess old versions can't handle
>this. You better upgrade, sorry !" By warning people and releaseing a
>known-bad signature with a message, somehow it's their fault now.

No, it's not all their fault. But they sure did handle it badly.


--
Simon Hobson

Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
author Gladys Hobson. Novels - poetry - short stories - ideal as
Christmas stocking fillers. Some available as e-books.
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: (no subject) [ In reply to ]
Jerry wrote:

>I had thought by now that this thread would have died a natural death.
>Obviously, I was mistaken. It has continued to pollute this forum for
>nearly a week.
>
>What has become conspicuously apparent is that if those who are doing
>the most complaining had spend even one percent of that time keeping
>their systems up-to-date and keeping themselves abreast of current
>development and deployment strategies with the software they employ,
>this whole discussion would be academic.
>
>In the interest of eliminating any further waste of my time or computer
>resources, I am now instigating a kill filter on this thread.

That's right - if I can't bully everyone round to my way of thinking,
then I'm taking my ball home. A very grown up attitude !

You (and I mean a small subset of people who are unconditionally
supporting the action taken by the ClamAV team) have consistently
used false logic, outright lies, personal insults, and arguments
worthy of criminal defences to try and weasel out of any blame
whatsoever for having misjudged things rather badly.

Put bluntly, if people had admitted early on that perhaps it could
have been handled better, that perhaps they didn't consider all
classes/types of user, and that it is perhaps not unreasonable that
users could be a trifle annoyed ... then this **WOULD** have blown
over ages ago.

It's not that you had to do something that people are complaining
about, it's not that you ended support for updates to older versions
that people are complaining about, it's the way you did it and the
way you refuse to accept that there can be any other valid viewpoint
that really p***es people off. You may, if you'd read the messages,
have noted that even people who were not affected by this thought you
got it wrong.

--
Simon Hobson

Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
author Gladys Hobson. Novels - poetry - short stories - ideal as
Christmas stocking fillers. Some available as e-books.
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: (no subject) [ In reply to ]
Quoting lists <lists@retrochoons.co.uk>:

> Doesn't change a thing. If you threaten me with a course of action, if I
> fail to do something that is blackmail. It's nothing else. It does not
> matter if the product is free.

This is not the definition of blackmail, in common usage or in law in most
areas.

In common usage, it means:

Blackmail is the crime of threatening to reveal substantially true
information about a person to the public, a family member, or
associates unless a demand made upon the victim is met. This
information is usually of an embarrassing, socially damaging, and/or
incriminating nature. As the information is substantially true, the
act of revealing the information may not be criminal in its own right
nor amount to a civil law defamation; the crime is making demands in
exchange for withholding it. [1]

In English law, which extends it to "menaces" and hence might cover this,
there are exceptions to blackmail which state:

... unless the person making it does so in the belief:
(a) that he has reasonable grounds for making the demand; and
(b) that the use of the menaces is a proper means of reinforcing
the demand.

And I'm sure the clamav folks thought they were being reasonable and using the
proper means, so there.

So, you are totally wrong calling this blackmail.

> For instance, if I go to a shop and they give me a radio free. I take
> that radio home and use it. If that shop then calls me up and says 'If
> you don't change that radio, I'm going to break it' it is a case of
> blackmail.

Nope, sorry. It is not. Maybe you mean Coercion?

> Have a nice day :-)

Will do! :)

[1] http://en.wikipedia.org/wiki/Blackmail


--
Eric Rostetter
The Department of Physics
The University of Texas at Austin

Go Longhorns!
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: Clubbing a deceased equine [ In reply to ]
On 21.04.2010 17:50, Christopher X. Candreva wrote:
> On Wed, 21 Apr 2010, lists wrote:
>> Doesn't change a thing. If you threaten me with a course of action, if I
>> fail to do something that is blackmail. It's nothing else. It does not
>> matter if the product is free.
>
> Oh come on. If I tell you you'll get wet when if you go out in the rain
> without an umbrella, is that blackmail ?
>
> Old versions of Clam crashed on certain input. You were told when that input
> was comming.

Knowingly disabling running software on computers that is not your own
is not acceptable. It is immoral, unethical and perhaps illegal.

Does anyone have access to legal opinion for a lawsuit against clamav
developers or its parent company? Perhaps Germany is the better place
for it.

--
Eray
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: Clubbing a deceased equine [ In reply to ]
On Wed, 21 Apr 2010, Eray Aslan wrote:

> Knowingly disabling running software on computers that is not your own
> is not acceptable. It is immoral, unethical and perhaps illegal.

But that's not what happened.

==========================================================
Chris Candreva -- chris@westnet.com -- (914) 948-3162
WestNet Internet Services of Westchester
http://www.westnet.com/
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: illegal or not, make a valid argument (was "no subject") [ In reply to ]
Quoting Simon Hobson <linux@thehobsons.co.uk>:

> You did not tell ME, therefore you did not have permission FROM ME
> to makes changes to the way MY server operates.

By using the software, you took responsibility for how it works. From
the license:

11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
REPAIR OR CORRECTION.

12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES.

So until you prove they did something illegal, it is your problem to deal
with, per the license.

> Giving notice that you are going to trespass does not make that
> trespass legal, even if you had come directly to me door and told me
> in person - which of course no-one did even in computer terms of
> making any sort of related message appear on my system.

If you are on my property (say you rent or lease it from me), I can come
in anytime. If you use my software, I can change it any time I want
per my license agreement.

> You also cannot claim that my downloading of updates constitutes an
> invite - it constitutes an invite to put AV sig updates on there for
> the purpose of detecting new threats. A poison pill update doesn't
> fit that description.

It is a free service they provide, not to you, but to anyone. So they
owe you nothing. You didn't sign any contact with them that they would
provide only valid signatures, or any at all. You assume the risk in
using the feed.

> See above, that does NOT in any way constitute requesting my permission.

Sure it does. Legally, in the US, when I want to do something that I'm
legally required to inform the community about, all I have to do is take
out an ad in the local newspaper. Or post signs in the affected area.
If you don't read it, too bad. I made the required public notice. That
is all that is required. I don't have to knock on the door, or phone, each
person living in the area. I just have to buy an ad, or post the signs, or
otherwise make the information available. There is no legal obligation to
tell each and every person individually. Only to make a public
announcement/posting a set time before hand.

I'm not even trying to argue that this was or wasn't an illegal action.
I'm just saying that the arguments are lame (calling it blackmail when
it isn't, saying they need permission from each and every user when they
don't, etc). Come on folks, make your arguments at least reasonable!

--
Eric Rostetter
The Department of Physics
The University of Texas at Austin

Go Longhorns!
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: illegal or not, make a valid argument (was "no subject") [ In reply to ]
On Wed, 21 Apr 2010, Eric Rostetter wrote:

> > See above, that does NOT in any way constitute requesting my permission.
>
> Sure it does. Legally, in the US, when I want to do something that I'm
> legally required to inform the community about, all I have to do is take
> out an ad in the local newspaper. Or post signs in the affected area.
> If you don't read it, too bad. I made the required public notice. That

Let me drive this home. In the state of New York, until recently if the
government wanted to use eminant domain to take your property, all they had
to do was take out an ad in the paper. They do not need to track down the
owner of the building or land, just take out an ad. If you don't read the
paper that day, the first you hear that your building was being knocked down
may be when the wrecking ball shows up.

This was only amended in 2004 after some particularly nasty battles.

http://ownerscounsel.blogspot.com/2009/06/port-chester-offers-apology-for-taking.html

Just a dose a reality folks.



==========================================================
Chris Candreva -- chris@westnet.com -- (914) 948-3162
WestNet Internet Services of Westchester
http://www.westnet.com/
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: Clubbing a deceased equine [ In reply to ]
At 12:12 -0400 21/4/10, Christopher X. Candreva wrote:

> > Knowingly disabling running software on computers that is not your own
>> is not acceptable. It is immoral, unethical and perhaps illegal.
>
>But that's not what happened.

Wierd idea of "did not happen" - in what way does "we will push an
update that has the sole purpose of making your software stop
working" NOT constitute "Knowingly disabling running software" ?

- It is a simple fact - the team made the decision to push this update.
- It is a simple fact that the purpose of this update was to make
running software break.
- It is a simple fact that this was a desired outcome of the update.
These are simple facts supported by their statement that they were
going to do this, and what the expected outcome was going to be.

Given these simple facts, I really, really cannot understand the
mindset that still claims that the ClamAV team did NOT knowingly
disable software running on other people's machines.

Could someone please explain how on earth you can still claim that
"this didn't happen" - and by what logic process you arrive at such a
statement ?

The **ONLY** defence I can think of is that they assumed an implicit
permission by virtue of the user running the update process to fetch
signature updates. That's a very tenuous thing to infer when pushing
an update that is so different in purpose to what would normally be
fetched.

--
Simon Hobson

Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
author Gladys Hobson. Novels - poetry - short stories - ideal as
Christmas stocking fillers. Some available as e-books.
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: (no subject) [ In reply to ]
Quoting Simon Hobson <linux@thehobsons.co.uk>:

> Put bluntly, if people had admitted early on that perhaps it could
> have been handled better, that perhaps they didn't consider all
> classes/types of user, and that it is perhaps not unreasonable that
> users could be a trifle annoyed ... then this **WOULD** have blown
> over ages ago.

I've admitted this often, from the beginning, and my posts are largely
ignored, or refuted, or I'm insulted/slandered/etc. So, this isn't
a true statement.

--
Eric Rostetter
The Department of Physics
The University of Texas at Austin

Go Longhorns!
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: illegal or not, make a valid argument (was "no subject") [ In reply to ]
On Wed, Apr 21, 2010 at 17:26, Christopher X. Candreva
<chris@westnet.com> wrote:
>
> Let me drive this home. In the state of New York, until recently if the
> government wanted to use eminant domain to take your property, all they had
> to do was take out an ad in the paper. They do not need to track down the
> owner of the building or land, just take out an ad. If you don't read the
> paper that day, the first you hear that your building was being knocked down
> may be when the wrecking ball shows up.

The last I checked the legal notification requirements in the UK
aren't terribly different. All that is required is reasonable effort
to notify and while I'm not a lawyer I'm pretty confident that the
ClamAV's teams efforts would be described as reasonable (based upon
dealings with real lawyers).

--
Please keep list traffic on the list.

Rob MacGregor
Whoever fights monsters should see to it that in the process he
doesn't become a monster. Friedrich Nietzsche
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: illegal or not, make a valid argument (was "no subject") [ In reply to ]
On Wed, April 21, 2010 9:26 am, Christopher X. Candreva wrote:
> On Wed, 21 Apr 2010, Eric Rostetter wrote:
>
>> > See above, that does NOT in any way constitute requesting my
>> permission.
>>
>> Sure it does. Legally, in the US, when I want to do something that I'm
>> legally required to inform the community about, all I have to do is
>> take
>> out an ad in the local newspaper. Or post signs in the affected area.
>> If you don't read it, too bad. I made the required public notice. That
>
> Let me drive this home. In the state of New York, until recently if the
> government wanted to use eminant domain to take your property, all they
> had
> to do was take out an ad in the paper. They do not need to track down the
> owner of the building or land, just take out an ad. If you don't read the
> paper that day, the first you hear that your building was being knocked
> down
> may be when the wrecking ball shows up.
>
> This was only amended in 2004 after some particularly nasty battles.
>
> http://ownerscounsel.blogspot.com/2009/06/port-chester-offers-apology-for-taking.html
>
> Just a dose a reality folks.

Yes, amended to requre "certified main or personal delivery". Thus it
appears that your example is diametrically opposed to your argument that
only minimal notification is required.

Bill


_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: illegal or not, make a valid argument (was "no subject") [ In reply to ]
On Wed, 21 Apr 2010, Bill Landry wrote:

> Yes, amended to requre "certified main or personal delivery". Thus it
> appears that your example is diametrically opposed to your argument that
> only minimal notification is required.

No, my point is if you don't pay attention, you may wake up one morning to
find your mail server down or your house being knocked down around you.



==========================================================
Chris Candreva -- chris@westnet.com -- (914) 948-3162
WestNet Internet Services of Westchester
http://www.westnet.com/
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: illegal or not, make a valid argument (was "no subject") [ In reply to ]
On Wed, Apr 21, 2010 at 9:16 AM, Eric Rostetter
<rostetter@mail.utexas.edu>wrote:

> <snip/>
> If you are on my property (say you rent or lease it from me), I can come
> in anytime.



> <snip/>
>
> I'm not even trying to argue that this was or wasn't an illegal action.
> I'm just saying that the arguments are lame (calling it blackmail when
> it isn't, saying they need permission from each and every user when they
> don't, etc). Come on folks, make your arguments at least reasonable!
>
> --
> Eric Rostetter
> The Department of Physics
> The University of Texas at Austin
>
> Good arguments mostly Eric but I must take issue with your statement above
about owners right and renters.
Last I checked if I rent a property from you then that does _not_ give you
the right to enter 'anytime' , unless you have it specifically written in
the lease you can only come in by arrangement and only for maintenance and
inspections. That what renting means: assigning the right to use a property
to another person in exchange for rent. That right generally includes
refusing entry to the owner when not prearranged. Here's just one entry on
the subject:
http://www.allbusiness.com/legal/contracts-agreements-real-estate/4104-1.html
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: illegal or not, make a valid argument (was "no subject") [ In reply to ]
On Wed, April 21, 2010 10:48 am, Christopher X. Candreva wrote:
> On Wed, 21 Apr 2010, Bill Landry wrote:
>
>> Yes, amended to requre "certified main or personal delivery". Thus it
>> appears that your example is diametrically opposed to your argument that
>> only minimal notification is required.
>
> No, my point is if you don't pay attention, you may wake up one morning to
> find your mail server down or your house being knocked down around you.

Doesn't agree with the example you provided, is all I'm saying, not
without notification via "certified mail" or "personal delivery", which
takes notification to a much higher standard and requirement then you have
been trying to justify.

Bill

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: illegal or not, make a valid argument (was "no subject") [ In reply to ]
On Wed, 21 Apr 2010, Bill Landry wrote:

> Doesn't agree with the example you provided, is all I'm saying, not
> without notification via "certified mail" or "personal delivery", which
> takes notification to a much higher standard and requirement then you have
> been trying to justify.

The example I sited shows a guy who lost his building and spent 10 years
trying to get things fixed. In the course a law was changed, so that NOW, in
New York State in the USA, personal delivery of notification is required.

If you would like to assume from this that you are safe in your particular
locality, I can only hope you don't wake up in a pile of rubble.

For me, the lesson I take is to always be aware of the laws in your
locality. And the policies of the software you use.


==========================================================
Chris Candreva -- chris@westnet.com -- (914) 948-3162
WestNet Internet Services of Westchester
http://www.westnet.com/
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: (no subject) [ In reply to ]
Eric Rostetter wrote:

>>Put bluntly, if people had admitted early on that perhaps it could
>>have been handled better, that perhaps they didn't consider all
>>classes/types of user, and that it is perhaps not unreasonable that
>>users could be a trifle annoyed ... then this **WOULD** have blown
>>over ages ago.
>
>I've admitted this often, from the beginning, and my posts are largely
>ignored, or refuted, or I'm insulted/slandered/etc. So, this isn't
>a true statement.

If I've overlooked the one person who did admit that, then I
apologise to you. there are plenty of people who have not, and it
appears will never, make such an admission.


--
Simon Hobson

Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
author Gladys Hobson. Novels - poetry - short stories - ideal as
Christmas stocking fillers. Some available as e-books.
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: illegal or not, make a valid argument (was "no subject") [ In reply to ]
On Wed, April 21, 2010 11:08 am, Christopher X. Candreva wrote:
> On Wed, 21 Apr 2010, Bill Landry wrote:
>
>> Doesn't agree with the example you provided, is all I'm saying, not
>> without notification via "certified mail" or "personal delivery", which
>> takes notification to a much higher standard and requirement then you
>> have
>> been trying to justify.
>
> The example I sited shows a guy who lost his building and spent 10 years
> trying to get things fixed. In the course a law was changed, so that NOW,
> in
> New York State in the USA, personal delivery of notification is required.
>
> If you would like to assume from this that you are safe in your particular
> locality, I can only hope you don't wake up in a pile of rubble.
>
> For me, the lesson I take is to always be aware of the laws in your
> locality. And the policies of the software you use.

Oh yeah, and I bet you read the public notifications in your local paper
every day. That's why the notification requirements are being reviewed in
most all jurisdictions and changed to require more stringent notification
standards. Your position is untenable in today's world.

Bill



_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: illegal or not, make a valid argument (was "no subject") [ In reply to ]
Quoting Jonny Kent <jonnykent@gmail.com>:

>> Good arguments mostly Eric but I must take issue with your statement above
> about owners right and renters.

Yeah, it was kind of vague, but meant to be about the issue of "trespass"
and not about actually invading a renters home or business.

What you can or can't do depends on the contract, local law, etc.
But generally, I can still go on the property without permission or notice,
but can not enter the dwelling or other structures without permission or
notice. Lots of if/ands/buts along with that of course. Was a really
vague rebuttal to the trespass argument, and I regret I didn't provide
a more sound argument (since I was complaining about unsound arguments).

Mea culpa...

--
Eric Rostetter
The Department of Physics
The University of Texas at Austin

Go Longhorns!
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: illegal or not, make a valid argument (was "no subject") [ In reply to ]
On Wed, 21 Apr 2010, Bill Landry wrote:

> > For me, the lesson I take is to always be aware of the laws in your
> > locality. And the policies of the software you use.
>
> Oh yeah, and I bet you read the public notifications in your local paper

"Be aware of the laws" != "read the public notifications in your local paper every day"

However, up until this law changed, I did monitor the announcements for the
area my business is in, as it's in a redevelopment zone. And I just rent.

Just to beat this example to death a little more: Port Chester was a
rehabilitation zone at the time, so it's not like the condemnation was out
of the blue. Obviously the law sucked, but this shouldn't have been a shock
to anyone in the real estate industry either. Everyone had choices - move
out of Port Chester where there isn't a rehab zone, move out of NY where
public notice laws were saner, find a Real Estate attourny who has one of
his clerks scan the papers every day and notify his clients if there is an
issue (sort of like -- running Nagios)

Again, I disagree with the Clam teams stance on when clamd should die, like
I disagree with the sucky notification laws. But -- I CHOOSE to use the
software anyway, like I chose to live in NY state. Make the choice, live
with it.

What I say is wrong is running software where you don't know the policies of
the authors -- or living in a state where you don't know the laws. Doing so
and getting bit by it is your own damn fault.

One other quote comes to mind. During the PMRC trials, Al Gore asked Dee
Snider if he thought it was reasonable to expect parents to listen to every
album their kids bought. Dee's response, "Being a parent is not a reasonable
thing. It's very hard".

I would say the same about running a mail server, and subscribing to the
announce lists of all the software you run.



==========================================================
Chris Candreva -- chris@westnet.com -- (914) 948-3162
WestNet Internet Services of Westchester
http://www.westnet.com/
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: illegal or not, make a valid argument (was "no subject") [ In reply to ]
Eric Rostetter wrote:

>>You did not tell ME, therefore you did not have permission FROM ME
>>to makes changes to the way MY server operates.
>
>By using the software, you took responsibility for how it works. From
>the license:
>
> 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
>FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
>OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
>PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
>OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
>MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
>TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
>PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
>REPAIR OR CORRECTION.
>
> 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
>WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
>REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
>INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
>OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
>TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
>YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
>PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
>POSSIBILITY OF SUCH DAMAGES.
>
>So until you prove they did something illegal, it is your problem to deal
>with, per the license.

Here we go again, you are introducing something irrelevant to try and
justify your actions. Yes, I know what the licence says - but that
merely says I cannot expect support from you, and I can't complain if
it doesn't work. That still does not mean I am giving you permission
to enter my property and make changes - it just means that you are
under no obligation to provide support or updates.

That's the whole point - I'm NOT complaining that your aren't
providing support, and I'm not claiming damages. I'm complaining
because you have gone well beyond "not providing support" by actively
disabling a program that you deemed I shouldn't be running according
to your view of how the computing world should run. Nothing in that
licence or any implied agreement for you to update my server allows
for that - and under UK law what you did was illegal (and under US
law if what I understand of the Gary McKinnon case is right).

>>Giving notice that you are going to trespass does not make that
>>trespass legal, even if you had come directly to me door and told
>>me in person - which of course no-one did even in computer terms of
>>making any sort of related message appear on my system.
>
>If you are on my property (say you rent or lease it from me), I can come
>in anytime. If you use my software, I can change it any time I want
>per my license agreement.

But I'm not on your property, you are on mine when you make changes
to my server. The nearest analogy I can come up with is that you've
offered to water my plants while I'm away - analogous to providing AV
updates. You've offered to do that out of the goodness of your heart
as a friendly neighbour - and I thank you for that, as I thank the
team (again) for having provided the software and updates in the past.

That in effect is an implicit permission for you to enter my property
- but only for that purpose.

Now by analogy, the warnings given by freshclam could be like you
pointing out that my roses are getting past their best - I really
ought to consider getting some new ones. But for the time being, I'm
reasonably happy with them and will put up with them until I've time
to redo the garden properly.

You really don't like those roses, so you are perfectly entitled to
tell me you're not watering them any more. I could live with that -
as you say, you don't owe me anything, and it's not for me to demand
anyone does anything I'm not paying them for, and note that I have
not tried to demand anyone do anything other than 'leave my server
alone'.

The equivalent of what the ClamAV team has done is for you to decide
that I really should not have those old roses, you you have dropped
some powerful weed killer in the watering can to see them off. That
would be outside of your implied permission to access my property,
and also criminal damage.


Also, if I *was* on your property (eg something I'd rented), then
under English law I would have the right of "quiet enjoyment" - that
means you do **NOT** have the right to come in anytime UNLESS that is
explicitly provided for in the lease or tenancy agreement. leases
usually provide for access in order to perform maintenance - but only
on reasonable notice and at reasonable times, unless to deal with an
emergency. I see nothing in that licence you quote saying it gives
you the right to interfere with my server if I run your software.

You still wouldn't have the right to poison the roses unless they
were directly causing a threat to the property - and you cannot say
that me running out of date (ie not updated) AV sigs was directly
threatening the ClamAv project.

>>You also cannot claim that my downloading of updates constitutes an
>>invite - it constitutes an invite to put AV sig updates on there
>>for the purpose of detecting new threats. A poison pill update
>>doesn't fit that description.
>
>It is a free service they provide, not to you, but to anyone. So they
>owe you nothing. You didn't sign any contact with them that they would
>provide only valid signatures, or any at all. You assume the risk in
>using the feed.

As a point of law, a contract does not need a signature, nor does it
even need anything in writing - all it needs is an offer and
acceptance. In the absence of a definitive statement, the legal
situation would be whatever the court could determine were the facts
of the case. In that respect, "man freshclam" says : "freshclam is a
virus database update tool for ClamAV". In any dispute therefore,
unless there was something of equal prominence to contradict it, then
it would be inferred that the purpose of the tool was to deliver AV
signature updates - not a poison pill designed to stop the software
working.

This goes beyond any clause designed to avoid liability for errors in
the program. Yes, the clauses above would absolve you of liability
for any reasonable errors, but it still would not absolve you of
liability for deliberate malice.

I assume you will have similar laws over their, but over here, there
are some rights you CANNOT sign away. The extent varies according to
the situation (eg consumers have more rights than business). As a
consumer, even if I sign a contract that a supplier is not liable for
anything (such as the clauses quoted above), that agreement is
totally worthless as the law says I cannot sign away those rights -
and in court the clauses would be declared unlawful and
unenforceable. Similarly, even if I said I didn't mind if you shot
me, if you took me at my word, you would still find yourself in court
- my permission might well be accepted as mitigating when it comes to
the charge laid or the sentence, but it would not absolve you of a
crime committed.

>I'm just saying that the arguments are lame (calling it blackmail when
>it isn't, saying they need permission from each and every user when they
>don't, etc). Come on folks, make your arguments at least reasonable!

I didn't make those suggestions BTW.



Christopher X. Candreva wrote:

>Let me drive this home. In the state of New York, until recently if the
>government wanted to use eminant domain to take your property, all they had
>to do was take out an ad in the paper. They do not need to track down the
>owner of the building or land, just take out an ad. If you don't read the
>paper that day, the first you hear that your building was being knocked down
>may be when the wrecking ball shows up.
>
>This was only amended in 2004 after some particularly nasty battles.
>
>http://ownerscounsel.blogspot.com/2009/06/port-chester-offers-apology-for-taking.html

Now that's a very interesting argument to throw in ! Are you now
claiming that the ClamAV team are now part of government and are
entitled to my server by Eminent Domain ? If you are, then poppycock,
if not, then why bring it up. You even point out that the law has
been changed on that. Over here we have Compulsory Purchase to cover
situation where a government body needs to acquire property for a
project - but they cannot just take it like that.

Yes, over here there are notifications for which public notice is
sufficient action. If someone wants to build in the fields behind my
house, then they only have to post notices about the planning
application on the site - but they must post the notice AT THE SITE,
not at the developers home. They still cannot come and build on my
land without my permission - even if they've got planning permission
and misled the planning board into believing that they have the
landowners permission or own the land.

Note that building in the field will not stop me living in my house.
It may affect my amenity value, but it won't stop me living there -
in the same way that not providing AV updates will affect the amenity
value of my server, but it won't stop me running it. On the other
hand, knocking down my house would most certainly affect my ability
to live there - and you cannot do that in this country without
serving notice to the property and the registered owner (unless the
latter cannot be found after reasonable efforts I believe).

As a complete aside, there have been cases (one was local-ish) where
there's been a "mix up" (for want of a better polite expression) and
a contractor has knocked the wrong house down. It usually results in
serious compensation - and some rather negative PR for those
responsible.

--
Simon Hobson

Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
author Gladys Hobson. Novels - poetry - short stories - ideal as
Christmas stocking fillers. Some available as e-books.
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: Clubbing a deceased equine [ In reply to ]
On Wed, 21 Apr 2010, Simon Hobson wrote:

> - It is a simple fact that the purpose of this update was to make running
> software break.

I disagree with that statement because it's incomplete.. The purpose of this
update was to make running software break WITH A DESCRIPTIVE ERROR .
Important difference.

The alternative being breaking with an incomprehensable hex ump.


==========================================================
Chris Candreva -- chris@westnet.com -- (914) 948-3162
WestNet Internet Services of Westchester
http://www.westnet.com/
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: Clubbing a deceased equine [ In reply to ]
Quoting Simon Hobson <linux@thehobsons.co.uk>:

> At 12:12 -0400 21/4/10, Christopher X. Candreva wrote:
>
>> > Knowingly disabling running software on computers that is not your own
>>> is not acceptable. It is immoral, unethical and perhaps illegal.
>>
>> But that's not what happened.

Yes, it is what happened... People are just confused because of all
the bogus complaints like "they shutdown my server" or "they shutdown
my email". But they did indeed shutdown clamd for some set of older
versions.

> The **ONLY** defence I can think of is that they assumed an implicit
> permission by virtue of the user running the update process to fetch
> signature updates. That's a very tenuous thing to infer when pushing
> an update that is so different in purpose to what would normally be
> fetched.

Well, since you pull the updates (they are not pushed to you), and since
while this one signature was indeed "different in purpose" than the normal,
you have a point. But, this "different in purpose" signature was just
a way of warning that soon the "same in purpose" signatures _would_ stop
the software. Would you rather they just started pushing the "normal in
purpose signatures" that crashed it, or that they pushed a "different
in purpose" one first, where the "purpose" was to notify users of both
the issue, and how to fix it?

> --
> Simon Hobson

--
Eric Rostetter
The Department of Physics
The University of Texas at Austin

Go Longhorns!
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: Clubbing a deceased equine [ In reply to ]
Eric Rostetter wrote:

>>> > Knowingly disabling running software on computers that is not your own
>>>>is not acceptable. It is immoral, unethical and perhaps illegal.
>>>
>>>But that's not what happened.
>
>Yes, it is what happened... People are just confused because of all
>the bogus complaints like "they shutdown my server" or "they shutdown
>my email". But they did indeed shutdown clamd for some set of older
>versions.

I'm confused - are you saying they did, or didn't shut down software
that people were running on their servers ? I think you are admitting
(thank you) that the update did what it was supposed to do and
remotely stopped some versions of ClamAV from running.

>>The **ONLY** defence I can think of is that they assumed an
>>implicit permission by virtue of the user running the update
>>process to fetch signature updates. That's a very tenuous thing to
>>infer when pushing an update that is so different in purpose to
>>what would normally be fetched.
>
>Well, since you pull the updates (they are not pushed to you), and since
>while this one signature was indeed "different in purpose" than the normal,
>you have a point. But, this "different in purpose" signature was just
>a way of warning that soon the "same in purpose" signatures _would_ stop
>the software. Would you rather they just started pushing the "normal in
>purpose signatures" that crashed it, or that they pushed a "different
>in purpose" one first, where the "purpose" was to notify users of both
>the issue, and how to fix it?

They didn't HAVE to push either to the older software - I'm not the
first to point out that there was a completely viable alternative
that would just stop supplying updates to the older software.

So my preference would be simply that they "did nothing" to my
software. If they want to stop supporting it with updates, that's
fine and it still leaves me in control of what I run and when I
update it.

--
Simon Hobson

Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
author Gladys Hobson. Novels - poetry - short stories - ideal as
Christmas stocking fillers. Some available as e-books.
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: Clubbing a deceased equine [ In reply to ]
Simon--

After ~20+ postings from you on this topic, you're not saying anything new.

Unlike the poor folks running McAfee on Windows who are having their machines rendered unbootable due to a false positive with v5958 of their database, it would require far less effort on your part to either update ClamAV to a non-obsolete version, or to revert to using ClamAV antivirus definitions from 2010-4-14 and continue to operate your outdated ClamAV installation(s) for as long as you want.

If you don't choose to accept ClamAV's update policies, by all means, use something else, or feel free to actually do some useful sanity checking by reviewing automated virus updates obtained from freshclam before deploying them to systems that you care about. My assessment is that there is no chance whatsoever that you will persuade Sourcefire/ClamAV team to provide separate signatures and update servers for obsolete versions, but there is nothing preventing you from doing that yourself if you like.

Regards,
--
-Chuck

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: (no subject) [ In reply to ]
On Wed, 21 Apr 2010 14:36:17 +1200
Steve Wray <steve.wray@cwa.co.nz> wrote:

> I know that in certain jurisdictions, reaching out to someone elses
> computer (ie not your property) and disabling functionality on it
> could constitute a criminal act.
> I sincerely hope that someone somewhere under such a jurisdiction
> goes to the police and reports the Clamav developers for such an
> offense.

Points to consider:

1. Everybody on the planet had 6 months warning. (In fact more if you
look at the "outdated software" warnings in your logs).

2. They chose to stop releasing updates for a prehistoric version of
the software.

3. Had they continued to allow these updates, and your systems got
borked because it wasn't stopping any current viruses, you'd still want
to sue. So basically, they were damned if they did, and they'd be
damned if they didn't.

4. What did you pay for the software?

5. Where's your contract with them?

6. The only people who are pissy about it appear to be set and forget
admins -- the ones who don't seem to properly maintain their systems
and monitor really important software like ClamAV.

7. The only systems that broke were badly configured ones. I can stop
ClamAV on my mail servers and mail will continue to flow happily, and
other milters will continue to scan mail. It's just Clam that stops.

8. Had the developers just silently stopped publishing updates for old
versions of ClamAV, then the customers of set-and-forget mail admins
would potentially be in a world of crap. Doing it this way *forced*
people to realise that their software was old and out of date, and
potentially harmful to them and their customers.
Re: Clubbing a deceased equine [ In reply to ]
Quoting Simon Hobson <linux@thehobsons.co.uk>:

> I'm confused - are you saying they did, or didn't shut down software
> that people were running on their servers ?

I've always supported the claim that they did this. And I've always
countered the claims of the like of "shutdown my server" or "shutdown
my email" or such.

> I think you are admitting (thank you) that the update did what it
> was supposed to do and remotely stopped some versions of ClamAV from
> running.

No, I'm saying the update did shutdown clamav installs older than 0.95.
I'm not saying that was what it was supposed to do, that is a matter
of intent of the people at sourcefire, and I have no access to their
intent. As such, I could only offer my opinion, and not admit to their
intent.

> They didn't HAVE to push either to the older software - I'm not the

They didn't PUSH anything to the older software. The users PULLED the
signatures with their older version of the software.

> first to point out that there was a completely viable alternative
> that would just stop supplying updates to the older software.

And this is not the first time I'll point out that your suggestions came
after the fact. And this is not the first time I'll point out they asked
for feedback and ideas for 6 months and AFAIK didn't get any such suggestions
(maybe they did, and maybe they ignored them, I don't know... But they sure
were not discussed on the mailing list or elsewhere in an effort to gain
support and change the minds of clamav/sourcefire).

> So my preference would be simply that they "did nothing" to my software.

Mine too. But what does my preference matter to them? That is up
to them to decide, not me.

> If they want to stop supporting it with updates, that's fine and it
> still leaves me in control of what I run and when I update it.

True. And a perfectly legitimate stance to hold. But that doesn't mean
sourcefire/clamav has to respect that stance...

> --
> Simon Hobson

--
Eric Rostetter
The Department of Physics
The University of Texas at Austin

Go Longhorns!
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: (no subject) [ In reply to ]
Spiro Harvey wrote:
> On Wed, 21 Apr 2010 14:36:17 +1200
> Steve Wray <steve.wray@cwa.co.nz> wrote:
>
>> I know that in certain jurisdictions, reaching out to someone elses
>> computer (ie not your property) and disabling functionality on it
>> could constitute a criminal act.
>> I sincerely hope that someone somewhere under such a jurisdiction
>> goes to the police and reports the Clamav developers for such an
>> offense.
>
> Points to consider:
>
> 4. What did you pay for the software?
>
> 5. Where's your contract with them?

This is part of the attitude problem from many open source projects.

They are (too often) run by technicians and programmers with no input from
the business side.

What the Clamav team did, I can't believe it would have made it through a
business analyst and I can't believe that any executive would have signed
off on something like that after considering the potential impact it could
have on their clients.

For the last 4 years or so I have had to shift my mindset from that of pure
sysadmin to taking business considerations into account; its very easy for
someone who is absorbed with programming and engineering to forget that IT
is there to support business and that business is not there to support IT.

This is something that I personally have struggled hard with, it can be
difficult for a 'geek' to move in that direction. But its very very
important if OSS is to be taken seriously in the enterprise.

So many OSS projects do not view their users as clients or customers; they
view them either as experimental subjects or as fellow experimenters. They
only take the technical considerations into account and largely ignore
potential impact on business.

This is true both of the Clamav developers and of those people who didn't
take precautions against potential problems such as the Clamav developers
introduced. (And make no mistake; a problem was *created* by the Clamav
team, a problem that did not exist prior to the changes they made).

I have been using Linux since 1991 and I have seen a lot of positive change
in that time. I have seen it go from crazy 'fringe' to being widely
accepted in the enterprise. But shenanigans like this can risk all of that
hard work.

This is why I raised the legal and ethical issue; because that is what the
business end should be considering and its what the technical end only
rarely considers.

I understand that Clamav is free as in 'beer' and that there is no legal
contract with the Clamav team. However, Clamav has a parent company,
Sourcefire, which is listed on Nasdaq and is a 'proper' corporation.

I have written to them to find out what they think of this, if anything at
all...

Sourcefire actually have executives and a general council and I am sure
that they employ business analysts as well. I will be interested to see if
what the Clamav team did is condoned by the parent company which clearly
has some business acumen behind it.


Don't get distracted by issues such as "Oh those bad silly sysadmins out
there who messed up, its really *their* fault not the fault of the Clamav
developers!" That is just *not* helpful. The damage is already done; damage
to peoples systems and damage to the reputation not only of Clamav but of
OSS in general.



--
Please remember that an email is just like a postcard; it is not
confidential nor private nor secure and can be read by many other people
than the intended recipient. A postcard can be read by anyone at the mail
sorting office and expecting what is written on it to be private and secret
is not realistic. Please hold no higher expectation of email.

If you need to send confidential information in an email you need to use
encryption. PGP is Pretty good for this.
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: Clubbing a deceased equine [ In reply to ]
Christopher X. Candreva wrote:
> I disagree with that statement because it's incomplete.. The purpose of this
> update was to make running software break WITH A DESCRIPTIVE ERROR .
> Important difference.
>
> The alternative being breaking with an incomprehensable hex ump
I think that's sums it up... that, to me, seemed like the ONLY aim.

I even contacted ISC the day before and gave them a reminder:
http://isc.sans.org/diary.html?storyid=8635&rss

I did see an interesting idea on the devel mailing list from David "I
have a feature suggestion: Incorporate the version number in your
DNS TXT records and download URLs. Your download mirrors can use
symlinks in most cases (when versions are completely compatible) and
you can easily stop older machines from attempting to download by
stopping updates on the 0.96.whatever.clamav.net TXT record. "

Source: http://lurker.clamav.net/message/20100408.011105.c584f530.en.html

Would this idea help minimise any future issues like this?

Cheers,

Steve
Sanesecurity
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: Clubbing a deceased equine [ In reply to ]
On 21.04.2010 22:56, Eric Rostetter wrote:
>> If they want to stop supporting it with updates, that's fine and it
>> still leaves me in control of what I run and when I update it.
>
> True. And a perfectly legitimate stance to hold. But that doesn't mean
> sourcefire/clamav has to respect that stance...

Agreed. So we, as a community, should make sure that no company goes
around shutting down services left and right, claiming it is their right
to do so. Basically, public outcry and (threat of) legal action are the
only viable alternatives against that.

On a side note, I wonder if this road would have been taken if
sourcefire did not acquire clamav some time ago. It would be nice to
know how this decision was taken, its circumstances etc.

--
Eray
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: Clubbing a deceased equine [ In reply to ]
On Wed, 2010-04-21 at 21:19 +0100, Steve Basford wrote:

> I did see an interesting idea on the devel mailing list from David "I
> have a feature suggestion: Incorporate the version number in your
> DNS TXT records and download URLs. Your download mirrors can use
> symlinks in most cases (when versions are completely compatible) and
> you can easily stop older machines from attempting to download by
> stopping updates on the 0.96.whatever.clamav.net TXT record. "
>
> Source: http://lurker.clamav.net/message/20100408.011105.c584f530.en.html
>
> Would this idea help minimise any future issues like this?

It was pointed out even before that suggestion was made that 0.95 and
later have a versioning system inside the signature DB which allows clam
to selectively load only parts of the DB. New incompatible signature
types can be created and 0.95 can be told to ignore them.

--
Chris

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: (no subject) [ In reply to ]
On Thu, 22 Apr 2010 08:19:31 +1200
Steve Wray <steve.wray@cwa.co.nz> wrote:

> Don't get distracted by issues such as "Oh those bad silly sysadmins
> out there who messed up, its really *their* fault not the fault of
> the Clamav developers!" That is just *not* helpful. The damage is
> already done; damage to peoples systems and damage to the reputation
> not only of Clamav but of OSS in general.

If you were to talk about helpful, perhaps you should be proposing a
way for them to do it better next time. That would really be in the
spirit of OSS.
Re: (no subject) [ In reply to ]
On Thu, 22 Apr 2010, Steve Wray wrote:

> This is part of the attitude problem from many open source projects.
>
> They are (too often) run by technicians and programmers with no input from the
> business side.

IMHO, open source projects don't have a business side.

Opensource projects exist for the developers to get the software they need,
faster, through colaboration with others. If anyone else finds it usefull
that's an added bonus. But if no one other than the devs use it themselves,
the project has fullfilled it's purpose.

Adding business value is the job of the distros, or Apple if they include
it, or myself as an ISP. That's why I said before I think the real let-down
here are the distros that didn't do anything about it.

Extreme ? Maybe, but that's why I use open-source, for getting best of
breed, newest, breaking with history when needed.



==========================================================
Chris Candreva -- chris@westnet.com -- (914) 948-3162
WestNet Internet Services of Westchester
http://www.westnet.com/
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: (no subject) [ In reply to ]
Spiro Harvey wrote:
> On Thu, 22 Apr 2010 08:19:31 +1200
> Steve Wray <steve.wray@cwa.co.nz> wrote:
>
>> Don't get distracted by issues such as "Oh those bad silly sysadmins
>> out there who messed up, its really *their* fault not the fault of
>> the Clamav developers!" That is just *not* helpful. The damage is
>> already done; damage to peoples systems and damage to the reputation
>> not only of Clamav but of OSS in general.
>
> If you were to talk about helpful, perhaps you should be proposing a
> way for them to do it better next time. That would really be in the
> spirit of OSS.

But I am; involve business people in the decision making process *at*
Clamav. I'm sure that Sourcefire have the resources to do that. I'm just
not sure what the status of this is. I'd like to know.


--
Please remember that an email is just like a postcard; it is not
confidential nor private nor secure and can be read by many other people
than the intended recipient. A postcard can be read by anyone at the mail
sorting office and expecting what is written on it to be private and secret
is not realistic. Please hold no higher expectation of email.

If you need to send confidential information in an email you need to use
encryption. PGP is Pretty good for this.
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: (no subject) [ In reply to ]
On Wed, Apr 21, 2010 at 10:39 PM, Christopher X. Candreva
<chris@westnet.com> wrote:
> IMHO, open source projects don't have a business side.
>
> Opensource projects exist for the developers to get the software they need,
> faster, through colaboration with others. If anyone else finds it usefull
> that's an added bonus. But if no one other than the devs use it themselves,
> the project has fullfilled it's purpose.
>
> Adding business value is the job of the distros, or Apple if they include
> it, or myself as an ISP. That's why I said before I think the real let-down
> here are the distros that didn't do anything about it.
>
> Extreme ? Maybe, but that's why I use open-source, for getting best of
> breed, newest, breaking with history when needed.

Well put. Luckily I read your post just before having to mute yet
another endless thread on this list.

--
/peter
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: (no subject) [ In reply to ]
Peter Bonivart wrote:
> On Wed, Apr 21, 2010 at 10:39 PM, Christopher X. Candreva
> <chris@westnet.com> wrote:
>> IMHO, open source projects don't have a business side.
>>
>> Opensource projects exist for the developers to get the software they need,
>> faster, through colaboration with others. If anyone else finds it usefull
>> that's an added bonus. But if no one other than the devs use it themselves,
>> the project has fullfilled it's purpose.
>>
>> Adding business value is the job of the distros, or Apple if they include
>> it, or myself as an ISP. That's why I said before I think the real let-down
>> here are the distros that didn't do anything about it.
>>
>> Extreme ? Maybe, but that's why I use open-source, for getting best of
>> breed, newest, breaking with history when needed.

This would be ok if the distros maintained the servers which their
distributed version of Clamav updated from.

They don't. The responsibility in this case is that of those who maintain
Clamav, not the distros.

I would suggest that distros may want to take note of this situation; its
perhaps not unreasonable for them to maintain eg their own Clamav update
servers.



--
Please remember that an email is just like a postcard; it is not
confidential nor private nor secure and can be read by many other people
than the intended recipient. A postcard can be read by anyone at the mail
sorting office and expecting what is written on it to be private and secret
is not realistic. Please hold no higher expectation of email.

If you need to send confidential information in an email you need to use
encryption. PGP is Pretty good for this.
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: (no subject) [ In reply to ]
On Apr 21, 2010, at 12:15 AM, Simon Hobson wrote:

> Steve Wray wrote:
>
>> I know that in certain jurisdictions, reaching out to someone elses
>> computer (ie not your property) and disabling functionality on it
>> could constitute a criminal act.
>
> I am also of the opinion that it was illegal under UK law.
>
>> I sincerely hope that someone somewhere under such a jurisdiction
>> goes to the police and reports the Clamav developers for such an
>> offense.
>>
>> Why?
> <snip>
>
> I don't. As already pointed out, there are enough threats to FOSS
> and we don't need to be shooting ourselves in the collective foot
> over this.
>
>
> Jason Haar wrote:
>
>> ClamAV devs: your response was appropriate. I speak on behalf of
>> the 99%
>> of sites unaffected by this. You can tell that as only 10 people
>> seem to
>> be involved in this thread.
>
> Only 10 people who thought it worth while to put their hands up and
> say something about it. There will be many who will have seen the
> threads and decided they have nothing more to add than "me too", and
> probably a fair number that are waiting for their friendly tech to
> unbreak their appliance.
>
>
> Jim Preston wrote:
>
>> Well, prosecution would be justified if ClamAV had actually done
>> something illegal. What they did was modifiy their signature
>> database to support new features with advance notice and the fact
>> that any particular installation of unsupported software failed to
>> handle it properly is the onus of the owners / sysadmins of the
>> individual systems. If you happen to fall into that category, then
>> it is time to upgrade your system.
>
> So, suppose you live on some lane where there's a problem with
> people racing up and down at night on motorcycles with no lights
> etc. You've remonstrated with them to be more responsible, but
> they've not listened. Eventually, you put a notice up in your garden
> giving them 6 months to sort themselves out as then you'll be doing
> something about it.
> Do you really think the police and courts would accept an argument
> of "it was their own fault, I warned them, they carried on so it's
> not my fault they decapitated themselves with the wire I strung
> across the lane" ? There are so many areas where just telling
> someone you are going to do something does NOT make it legal - and
> for good reason.
>
> You did not tell ME, therefore you did not have permission FROM ME
> to makes changes to the way MY server operates. Giving notice that
> you are going to trespass does not make that trespass legal, even if
> you had come directly to me door and told me in person - which of
> course no-one did even in computer terms of making any sort of
> related message appear on my system.
> Describing it as "issuing an update to signatures" is just semantics
> - the signature was known to, and described as being solely to,
> break the system (or at least the ClamAV element of it. No matter
> how the server is configured, that is going to affect operations -
> either stop mail from moving, or stop it being scanned.
> You also cannot claim that my downloading of updates constitutes an
> invite - it constitutes an invite to put AV sig updates on there for
> the purpose of detecting new threats. A poison pill update doesn't
> fit that description.
>
>
> Jim Preston wrote:
>
>> PS: They did explicitly request permission by allowing users to
>> comment on their proposed changes for 6 months. Where were your
>> objections during that time?
>
> See above, that does NOT in any way constitute requesting my
> permission. If you got up one morning and found your car gone from
> the drive, I'd guess you'd call the police and report it stolen.
> Would you accept if the manufacturer had recalled it, and in lieu of
> actually asking your personal permission, had placed an add in a few
> trade journals to say that they'd just be lifting them off owners
> drives ? Would you accept that by not responding to one of those
> ads, you'd given them permission ? Do you think the police and
> courts would ?
>
>
> Dave Warren wrote:
>
>> ClamAV developers didn't reach out to anyone.
>>
>> Rather, most minimally competent ClamAV administrators configure
>> their
>> systems to connect to ClamAV's servers on a regular basis and
>> download
>> updated definition files.
>
> That again is trying to use fine points of language to excuse
> trespass. As stated above, the relation between users and the ClamAV
> team is based on "by running Freshclam, the user is inviting the
> team to supply AV updates for the purposes of detecting new threats"
> - and I'm fairly sure that any reasonable person would consider it
> stopped there.
>
> By their own admission, the ClamAV team send an update which was not
> to detect new threats, it was specifically and solely to make
> certain installations stop working properly. No if's but's or
> maybe's, that is the stated intention of the update.
>
> It caused computer systems to stop working correctly, it was
> deliberately designed to do so, and it was delivered in a manner
> that could not be considered to be covered by the implied consent of
> running Freshclam to fetch threat signature updates.
>
> AND, it was not the only option available to them - so there isn't
> even any defence of it being absolutely necessary "for the public
> good".
>
> --
> Simon Hobson
>

Correct there were other choices, you have been wronged and should
definitely show your displeasure by uninstalling and using another
vendors product....

Jim
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: (no subject) [ In reply to ]
I can't believe I've been suckered into this nonsense

>
> This is part of the attitude problem from many open source projects.
>
> They are (too often) run by technicians and programmers with no input
> from the business side.
OH, lets not forget certain users
>
> What the Clamav team did, I can't believe it would have made it
> through a business analyst and I can't believe that any executive
> would have signed off on something like that after considering the
> potential impact it could have on their clients.
>
> For the last 4 years or so I have had to shift my mindset from that of
> pure sysadmin to taking business considerations into account; its very
> easy for someone who is absorbed with programming and engineering to
> forget that IT is there to support business and that business is not
> there to support IT.
>
> This is something that I personally have struggled hard with, it can
> be difficult for a 'geek' to move in that direction.

You're giving yourself too much credit. Lets look at this (yet again)
shall we?

People (and you) are upset because they (not me, not them, not the
clamav dev team) decided to ignore the notifications and warnings and
their ( and your) out of date and E-O-L'd AV stopped working. On top of
this due to MTA configuration choices made by some of these same people
when their AV died, so did their mail system. Soooooooo it must be
somebody's fault other than the person(s) in charge of the configuration
and maintenance of these boxes that fault tolerance was not taken into
consideration? Who set up the mail system to die if clam-av was not
available? Not the the Clam dev team.

> So many OSS projects do not view their users as clients or customers;
> they view them either as experimental subjects or as fellow
> experimenters. They only take the technical considerations into
> account and largely ignore potential impact on business.
Business impact was caused by the person(s) maintaining, and configuring
the systems that tears are being spilled over. Speaking of impact, what
would the impact be if certain affected customers should find out that
the reason for the service interruption they experienced was because
their service provider couldn't be bothered to take notice of EOL
warnings and properly update their Anti-Virus?
>
> This is true both of the Clamav developers and of those people who
> didn't take precautions against potential problems such as the Clamav
> developers introduced. (And make no mistake; a problem was *created*
> by the Clamav team, a problem that did not exist prior to the changes
> they made).

There is no problem. If you want to run a EOL version of ClamAV all you
have to do (I believe) is stop running freshclam. The obvious issue with
this is that you will no longer be receiving virus updates.
If you want to receive virus updates, then UPDATE your version to the
current and functional version.

But no, you expect ClamAV to do what no other company would do. Keep the
old supported and fork the new version so both can be ran.
Perhaps all the fuss is because your dist is also out of date, and not
capable of supporting or compiling the new version? This too can be
fixed by upgrading either your dist, or components.
(Hint: The later only requires sources and the knowledge to use a compiler)

Like I'm sure Microsoft would support a EOL'd OS past it's DOD (Date of
Death). It's just not going to happen. And on the business side, it
doesn't make business sense for them to do so.

This isn't a vendor problem.


_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: (no subject) [ In reply to ]
On Thu, 22 Apr 2010 08:51:00 +1200
Steve Wray <steve.wray@cwa.co.nz> wrote:

> This would be ok if the distros maintained the servers which their
> distributed version of Clamav updated from.
> They don't. The responsibility in this case is that of those who
> maintain Clamav, not the distros.
> I would suggest that distros may want to take note of this situation;
> its perhaps not unreasonable for them to maintain eg their own Clamav
> update servers.

But the distro are the ones who gave you outdated unsupported software.
Had they provided you with a newer package, you wouldn't have had this
problem.

Are you suggesting that if your distribution had packaged ClamAV 0.96
and your server(s) didn't break, that you would *still* be upset? Just
on principle?

I honestly doubt it for one simple reason: You don't read the
announcement list, nor do you follow their twitter account, nor do you
read sites like LWN, (all of which, among others, had announcements 6
months ago) so you would never have known.
Re: (no subject) [ In reply to ]
Spiro Harvey wrote:
> On Thu, 22 Apr 2010 08:51:00 +1200
> Steve Wray <steve.wray@cwa.co.nz> wrote:
>
>> This would be ok if the distros maintained the servers which their
>> distributed version of Clamav updated from.
>> They don't. The responsibility in this case is that of those who
>> maintain Clamav, not the distros.
>> I would suggest that distros may want to take note of this situation;
>> its perhaps not unreasonable for them to maintain eg their own Clamav
>> update servers.
>
> But the distro are the ones who gave you outdated unsupported software.
> Had they provided you with a newer package, you wouldn't have had this
> problem.

I didn't have this problem

I am just worried that OSS is *still* having problems dealing with basic
business commonsense.


> Are you suggesting that if your distribution had packaged ClamAV 0.96
> and your server(s) didn't break, that you would *still* be upset? Just
> on principle?

I am not upset; I am concerned for OSS and for the way that this reflects
badly on it. And yes I really do think it has been bad PR


_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: (no subject) [ In reply to ]
On Apr 21, 2010, at 8:45 AM, Simon Hobson wrote:

> Jerry wrote:
>
>> I had thought by now that this thread would have died a natural
>> death.
>> Obviously, I was mistaken. It has continued to pollute this forum for
>> nearly a week.
>>
>> What has become conspicuously apparent is that if those who are doing
>> the most complaining had spend even one percent of that time keeping
>> their systems up-to-date and keeping themselves abreast of current
>> development and deployment strategies with the software they employ,
>> this whole discussion would be academic.
>>
>> In the interest of eliminating any further waste of my time or
>> computer
>> resources, I am now instigating a kill filter on this thread.
>
> That's right - if I can't bully everyone round to my way of
> thinking, then I'm taking my ball home. A very grown up attitude !
>

You certainly are being the bully here, what with throwing buckets of
acid around......
> You (and I mean a small subset of people who are unconditionally
> supporting the action taken by the ClamAV team) have consistently
> used false logic, outright lies, personal insults, and arguments
> worthy of criminal defences to try and weasel out of any blame
> whatsoever for having misjudged things rather badly.
>
> Put bluntly, if people had admitted early on that perhaps it could
> have been handled better, that perhaps they didn't consider all
> classes/types of user, and that it is perhaps not unreasonable that
> users could be a trifle annoyed ... then this **WOULD** have blown
> over ages ago.

But we did on the very first day of this thread. I said that it was
ClamAV's decision to make.
>
> It's not that you had to do something that people are complaining
> about, it's not that you ended support for updates to older versions
> that people are complaining about, it's the way you did it and the
> way you refuse to accept that there can be any other valid viewpoint
> that really p***es people off. You may, if you'd read the messages,
> have noted that even people who were not affected by this thought
> you got it wrong.
>
> --
> Simon Hobson
>

Jim

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: Clubbing a deceased equine [ In reply to ]
Eray Aslan wrote:
> Does anyone have access to legal opinion for a lawsuit against clamav
> developers or its parent company? Perhaps Germany is the better place
> for it.

Yeah, I've got a legal opinion for you. You have no standing to
recover any damages and any suit you file would be subject to a
counterclaim for a frivolous lawsuit.
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: (no subject) [ In reply to ]
On Thu, 2010-04-22 at 09:07 +1200, Spiro Harvey wrote:

> But the distro are the ones who gave you outdated unsupported software.
> Had they provided you with a newer package, you wouldn't have had this
> problem.
Spiro, you're missing the point of a distro completely. That is to
provide a functionally static platform for people to use and release to.
From that point on, only security patches are released. The fact that
0.94.x was current when debian lenny was released means that it should
stay that way until EOL of the distro.

Anything else is breaking at least the spirit of the distro release
philosophy.

Sure you can use a different model, like including the volatile and / or
backports packages, but that's not the point. I've heard of these, but
then I'm a career sysadmin. How many servers out there are managed by
those, rather than just relying on the testing performed by
debian/redhat/novell, etc?

Steve.


--
Steve Holdoway <steve@greengecko.co.nz>
http://www.greengecko.co.nz
MSN: steve@greengecko.co.nz
Skype: sholdowa
Re: illegal or not, make a valid argument (was "no subject") [ In reply to ]
On Apr 21, 2010, at 11:44 AM, Simon Hobson wrote:

<snip>
>>
>
> Here we go again, you are introducing something irrelevant to try
> and justify your actions. Yes, I know what the licence says - but
> that merely says I cannot expect support from you, and I can't
> complain if it doesn't work. That still does not mean I am giving
> you permission to enter my property and make changes - it just means
> that you are under no obligation to provide support or updates.
>
> That's the whole point - I'm NOT complaining that your aren't
> providing support, and I'm not claiming damages. I'm complaining
> because you have gone well beyond "not providing support" by
> actively disabling a program that you deemed I shouldn't be running
> according to your view of how the computing world should run.
> Nothing in that licence or any implied agreement for you to update
> my server allows for that - and under UK law what you did was
> illegal (and under US law if what I understand of the Gary McKinnon
> case is right).

Well you obviously do not understand the Gary McKinnon case right. Not
a single person connected in any way or form "reached out and touched
any system". All affected systems, made a connection to a ClamAV
mirror somewhere in the world and downloaded a database of signatures.
Clamd by its very design in effect since before version 0.94 did
exactly what it was supposed to do which is shut down in the event of
a database it could not digest.
In the Gary McKinnon case, he actively sought out these computers he
is charged with allegedly hacking into, and rifled through through the
computer contents. I do not see any remote connection between this and
what ClamAV has done.
<snip>

> --
> Simon Hobson
>

Jim

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: (no subject) [ In reply to ]
On Apr 21, 2010, at 1:19 PM, Steve Wray wrote:

> Spiro Harvey wrote:
>> On Wed, 21 Apr 2010 14:36:17 +1200
>> Steve Wray <steve.wray@cwa.co.nz> wrote:
>>> I know that in certain jurisdictions, reaching out to someone
>>> elses computer (ie not your property) and disabling functionality
>>> on it
>>> could constitute a criminal act.
>>> I sincerely hope that someone somewhere under such a jurisdiction
>>> goes to the police and reports the Clamav developers for such an
>>> offense.
>> Points to consider:
>> 4. What did you pay for the software?
>> 5. Where's your contract with them?
>
> This is part of the attitude problem from many open source projects.
>
> They are (too often) run by technicians and programmers with no
> input from the business side.
>
> What the Clamav team did, I can't believe it would have made it
> through a business analyst and I can't believe that any executive
> would have signed off on something like that after considering the
> potential impact it could have on their clients.

Possibly true for a commercial company, but that would have been to
protect their revenue stream. In this case, ClamAV's revenue stream
was not affected so, needlessly spend money on alternate methods would
most likely have been prohibited by the same business analyst.
>
> For the last 4 years or so I have had to shift my mindset from that
> of pure sysadmin to taking business considerations into account; its
> very easy for someone who is absorbed with programming and
> engineering to forget that IT is there to support business and that
> business is not there to support IT.
>
> This is something that I personally have struggled hard with, it can
> be difficult for a 'geek' to move in that direction. But its very
> very important if OSS is to be taken seriously in the enterprise.
>
> So many OSS projects do not view their users as clients or
> customers; they view them either as experimental subjects or as
> fellow experimenters. They only take the technical considerations
> into account and largely ignore potential impact on business.
>
> This is true both of the Clamav developers and of those people who
> didn't take precautions against potential problems such as the
> Clamav developers introduced. (And make no mistake; a problem was
> *created* by the Clamav team, a problem that did not exist prior to
> the changes they made).
>
> I have been using Linux since 1991 and I have seen a lot of positive
> change in that time. I have seen it go from crazy 'fringe' to being
> widely accepted in the enterprise. But shenanigans like this can
> risk all of that hard work.
>
> This is why I raised the legal and ethical issue; because that is
> what the business end should be considering and its what the
> technical end only rarely considers.
>
> I understand that Clamav is free as in 'beer' and that there is no
> legal contract with the Clamav team. However, Clamav has a parent
> company, Sourcefire, which is listed on Nasdaq and is a 'proper'
> corporation.

Yes, but still the same business analysts would not want to spend
money where it was not affecting a revenue stream.
>
> I have written to them to find out what they think of this, if
> anything at all...
>
> Sourcefire actually have executives and a general council and I am
> sure that they employ business analysts as well. I will be
> interested to see if what the Clamav team did is condoned by the
> parent company which clearly has some business acumen behind it.
>
>
> Don't get distracted by issues such as "Oh those bad silly sysadmins
> out there who messed up, its really *their* fault not the fault of
> the Clamav developers!" That is just *not* helpful. The damage is
> already done; damage to peoples systems and damage to the reputation
> not only of Clamav but of OSS in general.

Jim
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: (no subject) [ In reply to ]
On Apr 21, 2010, at 1:51 PM, Steve Wray wrote:

> Peter Bonivart wrote:
>> On Wed, Apr 21, 2010 at 10:39 PM, Christopher X. Candreva
>> <chris@westnet.com> wrote:
>>> IMHO, open source projects don't have a business side.
>>>
>>> Opensource projects exist for the developers to get the software
>>> they need,
>>> faster, through colaboration with others. If anyone else finds it
>>> usefull
>>> that's an added bonus. But if no one other than the devs use it
>>> themselves,
>>> the project has fullfilled it's purpose.
>>>
>>> Adding business value is the job of the distros, or Apple if they
>>> include
>>> it, or myself as an ISP. That's why I said before I think the real
>>> let-down
>>> here are the distros that didn't do anything about it.
>>>
>>> Extreme ? Maybe, but that's why I use open-source, for getting
>>> best of
>>> breed, newest, breaking with history when needed.
>
> This would be ok if the distros maintained the servers which their
> distributed version of Clamav updated from.
>
> They don't. The responsibility in this case is that of those who
> maintain Clamav, not the distros.
>
> I would suggest that distros may want to take note of this
> situation; its perhaps not unreasonable for them to maintain eg
> their own Clamav update servers.
>

Why would you think that it is not the distro's responsibility? They
are the ONLY ones responsible for what they include and all the
software they include is OSS or they could not afford to "give it away".

There is absolutely nothing to stop them from doing so and this list
is filled with instructions on how to do so.

Jim
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: (no subject) [ In reply to ]
On Apr 21, 2010, at 2:09 PM, Steve Wray wrote:

> Spiro Harvey wrote:
>> On Thu, 22 Apr 2010 08:51:00 +1200
>> Steve Wray <steve.wray@cwa.co.nz> wrote:
>>> This would be ok if the distros maintained the servers which their
>>> distributed version of Clamav updated from.
>>> They don't. The responsibility in this case is that of those who
>>> maintain Clamav, not the distros.
>>> I would suggest that distros may want to take note of this
>>> situation;
>>> its perhaps not unreasonable for them to maintain eg their own
>>> Clamav
>>> update servers.
>> But the distro are the ones who gave you outdated unsupported
>> software.
>> Had they provided you with a newer package, you wouldn't have had
>> this
>> problem.
>
> I didn't have this problem
>
> I am just worried that OSS is *still* having problems dealing with
> basic business commonsense.
>
>
>> Are you suggesting that if your distribution had packaged ClamAV 0.96
>> and your server(s) didn't break, that you would *still* be upset?
>> Just
>> on principle?
>
> I am not upset; I am concerned for OSS and for the way that this
> reflects badly on it. And yes I really do think it has been bad PR
>

I would look again if you think that to be true. Outside of this and
other mailing lists, there is very little mention of this as compared
to the big news of McAfee's db update debacle today.

Jim

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: Clubbing a deceased equine [ In reply to ]
On Apr 21, 2010, at 2:48 PM, Robert Wyatt wrote:

> Eray Aslan wrote:
>> Does anyone have access to legal opinion for a lawsuit against clamav
>> developers or its parent company? Perhaps Germany is the better
>> place
>> for it.
>
> Yeah, I've got a legal opinion for you. You have no standing to
> recover any damages and any suit you file would be subject to a
> counterclaim for a frivolous lawsuit.
> _______________________________________________
>

And I hope you do file a frivolous lawsuit and lose your shirt in
court and lawyer fees. Lawyers will only be too happy to take your
money for your lost cause.

Jim
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: (no subject) [ In reply to ]
On Apr 21, 2010, at 2:51 PM, Steve Holdoway wrote:

> On Thu, 2010-04-22 at 09:07 +1200, Spiro Harvey wrote:
>
>> But the distro are the ones who gave you outdated unsupported
>> software.
>> Had they provided you with a newer package, you wouldn't have had
>> this
>> problem.
> Spiro, you're missing the point of a distro completely. That is to
> provide a functionally static platform for people to use and release
> to.

Funny, every distro I have used has had numerous updates till it
reached EOL. Did I believe updates stopped because no new
vulnerabilities exist in the distro? Of course not.
> From that point on, only security patches are released. The fact that
> 0.94.x was current when debian lenny was released means that it should
> stay that way until EOL of the distro.
>
> Anything else is breaking at least the spirit of the distro release
> philosophy.
>
> Sure you can use a different model, like including the volatile
> and / or
> backports packages, but that's not the point. I've heard of these, but
> then I'm a career sysadmin. How many servers out there are managed by
> those, rather than just relying on the testing performed by
> debian/redhat/novell, etc?
>
> Steve.
>
>
> --
> Steve Holdoway <steve@greengecko.co.nz>
> http://www.greengecko.co.nz
> MSN: steve@greengecko.co.nz
> Skype: sholdowa
> _______________________________________________
> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
> http://www.clamav.net/support/ml

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: (no subject) [ In reply to ]
On Wed, 2010-04-21 at 17:00 -0700, Jim Preston wrote:
> On Apr 21, 2010, at 2:51 PM, Steve Holdoway wrote:
>
> > On Thu, 2010-04-22 at 09:07 +1200, Spiro Harvey wrote:
> >
> >> But the distro are the ones who gave you outdated unsupported
> >> software.
> >> Had they provided you with a newer package, you wouldn't have had
> >> this
> >> problem.
> > Spiro, you're missing the point of a distro completely. That is to
> > provide a functionally static platform for people to use and release
> > to.
>
> Funny, every distro I have used has had numerous updates till it
> reached EOL. Did I believe updates stopped because no new
> vulnerabilities exist in the distro? Of course not.
Read what I said. *functional* not security. Like, for example, php is
at 5.2.6 on lenny, unless you configure is differently. That's the whole
point of releases.

Get with it Jim (:

Steve

--
Steve Holdoway <steve@greengecko.co.nz>
http://www.greengecko.co.nz
MSN: steve@greengecko.co.nz
Skype: sholdowa
Re: Clubbing a deceased equine [ In reply to ]
Jim Preston wrote:
> On Apr 21, 2010, at 2:48 PM, Robert Wyatt wrote:
>
>> Eray Aslan wrote:
>>> Does anyone have access to legal opinion for a lawsuit against clamav
>>> developers or its parent company? Perhaps Germany is the better place
>>> for it.
>>
>> Yeah, I've got a legal opinion for you. You have no standing to
>> recover any damages and any suit you file would be subject to a
>> counterclaim for a frivolous lawsuit.
>> _______________________________________________
>>
>
> And I hope you do file a frivolous lawsuit and lose your shirt in court
> and lawyer fees. Lawyers will only be too happy to take your money for
> your lost cause.

Ahhh but it wouldn't be a civil case; it'd be a criminal case.

The prosecution would be the crown or government.


--
Please remember that an email is just like a postcard; it is not
confidential nor private nor secure and can be read by many other people
than the intended recipient. A postcard can be read by anyone at the mail
sorting office and expecting what is written on it to be private and secret
is not realistic. Please hold no higher expectation of email.

If you need to send confidential information in an email you need to use
encryption. PGP is Pretty good for this.
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: (no subject) [ In reply to ]
On Wed, Apr 21, 2010 at 12:15 AM, Simon Hobson <linux@thehobsons.co.uk> wrote:


> Jason Haar wrote:
>
>> ClamAV devs: your response was appropriate. I speak on behalf of the 99%
>> of sites unaffected by this. You can tell that as only 10 people seem to
>> be involved in this thread.
>
> Only 10 people who thought it worth while to put their hands up and say
> something about it. There will be many who will have seen the threads and
> decided they have nothing more to add than "me too", and probably a fair
> number that are waiting for their friendly tech to unbreak their appliance.


I've been watching this thread, and several others, for a few days
now. I haven't said anything because I did not think I had anything
worth contributing to the discussion. It seems plain to me that
nothing is going to be solved here.

I am speaking up now because I do not want my silent observance to be
seen as 'approval' of what happened. I vehemently disagree with the
way the ClamAV developers handled this situation. I sincerely hope
that the FOSS community rises up to the challenge and an equally
capable virus scanner is born whose core developers are a little more
considerate in how they treat the many 'upgrade orphans' that will
always exist.

-Chris
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: (no subject) [ In reply to ]
On Apr 21, 2010, at 5:08 PM, Steve Holdoway wrote:

> On Wed, 2010-04-21 at 17:00 -0700, Jim Preston wrote:
>> On Apr 21, 2010, at 2:51 PM, Steve Holdoway wrote:
>>
>>> On Thu, 2010-04-22 at 09:07 +1200, Spiro Harvey wrote:
>>>
>>>> But the distro are the ones who gave you outdated unsupported
>>>> software.
>>>> Had they provided you with a newer package, you wouldn't have had
>>>> this
>>>> problem.
>>> Spiro, you're missing the point of a distro completely. That is to
>>> provide a functionally static platform for people to use and release
>>> to.
>>
>> Funny, every distro I have used has had numerous updates till it
>> reached EOL. Did I believe updates stopped because no new
>> vulnerabilities exist in the distro? Of course not.
> Read what I said. *functional* not security. Like, for example, php is
> at 5.2.6 on lenny, unless you configure is differently. That's the
> whole
> point of releases.
>
> Get with it Jim (:
>
Yeah, I saw that and went to close the email but ...... missed and hit
the send button instead and I never have been able to fine the undo
function for the send button :(

Jim
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: Clubbing a deceased equine [ In reply to ]
On Apr 21, 2010, at 5:42 PM, Steve Wray wrote:

> Jim Preston wrote:
>> On Apr 21, 2010, at 2:48 PM, Robert Wyatt wrote:
>>> Eray Aslan wrote:
>>>> Does anyone have access to legal opinion for a lawsuit against
>>>> clamav
>>>> developers or its parent company? Perhaps Germany is the better
>>>> place
>>>> for it.
>>>
>>> Yeah, I've got a legal opinion for you. You have no standing to
>>> recover any damages and any suit you file would be subject to a
>>> counterclaim for a frivolous lawsuit.
>>> _______________________________________________
>>>
>> And I hope you do file a frivolous lawsuit and lose your shirt in
>> court and lawyer fees. Lawyers will only be too happy to take your
>> money for your lost cause.
>
> Ahhh but it wouldn't be a civil case; it'd be a criminal case.
>
> The prosecution would be the crown or government.
>

And would still be a monumental waste of your tax revenue, but what
the heck, it's your money....

Jim

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: (no subject) [ In reply to ]
On Apr 21, 2010, at 6:02 PM, Chris Knight wrote:

> On Wed, Apr 21, 2010 at 12:15 AM, Simon Hobson
> <linux@thehobsons.co.uk> wrote:
>
>
>> Jason Haar wrote:
>>
>>> ClamAV devs: your response was appropriate. I speak on behalf of
>>> the 99%
>>> of sites unaffected by this. You can tell that as only 10 people
>>> seem to
>>> be involved in this thread.
>>
>> Only 10 people who thought it worth while to put their hands up and
>> say
>> something about it. There will be many who will have seen the
>> threads and
>> decided they have nothing more to add than "me too", and probably a
>> fair
>> number that are waiting for their friendly tech to unbreak their
>> appliance.
>
>
> I've been watching this thread, and several others, for a few days
> now. I haven't said anything because I did not think I had anything
> worth contributing to the discussion. It seems plain to me that
> nothing is going to be solved here.
>
> I am speaking up now because I do not want my silent observance to be
> seen as 'approval' of what happened. I vehemently disagree with the
> way the ClamAV developers handled this situation. I sincerely hope
> that the FOSS community rises up to the challenge and an equally
> capable virus scanner is born whose core developers are a little more
> considerate in how they treat the many 'upgrade orphans' that will
> always exist.
>
> -Chris

That is what FOSS is all about, start coding and I will take it for a
ride when you have a beta.

Jim

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: Clubbing a deceased equine [ In reply to ]
Jim Preston wrote:
> On Apr 21, 2010, at 5:42 PM, Steve Wray wrote:
>
>> Jim Preston wrote:
>>> On Apr 21, 2010, at 2:48 PM, Robert Wyatt wrote:
>>>> Eray Aslan wrote:
>>>>> Does anyone have access to legal opinion for a lawsuit against clamav
>>>>> developers or its parent company? Perhaps Germany is the better place
>>>>> for it.
>>>>
>>>> Yeah, I've got a legal opinion for you. You have no standing to
>>>> recover any damages and any suit you file would be subject to a
>>>> counterclaim for a frivolous lawsuit.
>>>> _______________________________________________
>>>>
>>> And I hope you do file a frivolous lawsuit and lose your shirt in
>>> court and lawyer fees. Lawyers will only be too happy to take your
>>> money for your lost cause.
>>
>> Ahhh but it wouldn't be a civil case; it'd be a criminal case.
>>
>> The prosecution would be the crown or government.
>>
>
> And would still be a monumental waste of your tax revenue, but what the
> heck, it's your money....


If there is the slightest chance that a legal precedent could be set that
would deter the likes of Apple or Sony disabling functionality in consumer
devices by remote control I would be ALL for spending tax money on this.

And I would have thought that virtually anyone in the FOSS community would
have agreed. Excuse me for my error.

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: Clubbing a deceased equine [ In reply to ]
On Apr 21, 2010, at 6:19 PM, Steve Wray wrote:

> Jim Preston wrote:
>> On Apr 21, 2010, at 5:42 PM, Steve Wray wrote:
>>> Jim Preston wrote:
>>>> On Apr 21, 2010, at 2:48 PM, Robert Wyatt wrote:
>>>>> Eray Aslan wrote:
>>>>>> Does anyone have access to legal opinion for a lawsuit against
>>>>>> clamav
>>>>>> developers or its parent company? Perhaps Germany is the
>>>>>> better place
>>>>>> for it.
>>>>>
>>>>> Yeah, I've got a legal opinion for you. You have no standing to
>>>>> recover any damages and any suit you file would be subject to a
>>>>> counterclaim for a frivolous lawsuit.
>>>>> _______________________________________________
>>>>>
>>>> And I hope you do file a frivolous lawsuit and lose your shirt in
>>>> court and lawyer fees. Lawyers will only be too happy to take
>>>> your money for your lost cause.
>>>
>>> Ahhh but it wouldn't be a civil case; it'd be a criminal case.
>>>
>>> The prosecution would be the crown or government.
>>>
>> And would still be a monumental waste of your tax revenue, but what
>> the heck, it's your money....
>
>
> If there is the slightest chance that a legal precedent could be set
> that would deter the likes of Apple or Sony disabling functionality
> in consumer devices by remote control I would be ALL for spending
> tax money on this.
>
> And I would have thought that virtually anyone in the FOSS community
> would have agreed. Excuse me for my error.
>

In the case of Apple or Sony disabling consumer devices, I agree, have
the crown start litigation against those companies if that is your goal.

Jim
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: illegal or not, make a valid argument (was "no subject") [ In reply to ]
In message <p06240832c7f4eb4691fe@simon.thehobsons.co.uk> Simon Hobson
<linux@thehobsons.co.uk> was claimed to have wrote:

>Here we go again, you are introducing something irrelevant to try and
>justify your actions. Yes, I know what the licence says - but that
>merely says I cannot expect support from you, and I can't complain if
>it doesn't work. That still does not mean I am giving you permission
>to enter my property and make changes

Once again, no one "entered your property", but rather, you configured
your server to request updates from an external source.

A minor difference, but an awfully significant one.

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: Clubbing a deceased equine [ In reply to ]
Simon Hobson wrote:
> The **ONLY** defence I can think of is that they assumed an implicit
> permission by virtue of the user running the update process to fetch
> signature updates. That's a very tenuous thing to infer when pushing an
> update that is so different in purpose to what would normally be fetched.


Well, it's not the only defense that I can think of. For exactly how
long had this message appeared before the ClamAV engine actually died?

LibClamAV Warning: ****************************************************
LibClamAV Warning: *** This version of the ClamAV engine is outdated.
***
LibClamAV Warning: *** DON’T PANIC! Read
http://www.clamav.net/support/faq ***
LibClamAV Warning: *****************************************************

... they're called "idiot lights" for a reason and are disregarded at
the user's peril.
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: Clubbing a deceased equine [ In reply to ]
Robert Wyatt wrote:
> Simon Hobson wrote:
>> The **ONLY** defence I can think of is that they assumed an implicit
>> permission by virtue of the user running the update process to fetch
>> signature updates. That's a very tenuous thing to infer when pushing an
>> update that is so different in purpose to what would normally be fetched.
>
>
> Well, it's not the only defense that I can think of. For exactly how
> long had this message appeared before the ClamAV engine actually died?
>
> LibClamAV Warning: ****************************************************
> LibClamAV Warning: *** This version of the ClamAV engine is outdated.
> ***
> LibClamAV Warning: *** DON’T PANIC! Read
> http://www.clamav.net/support/faq ***
> LibClamAV Warning: *****************************************************
>
> ... they're called "idiot lights" for a reason and are disregarded at
> the user's peril.

I believe that best practice with this sort of thing is to only issue
warnings and not to actually force a potentially harmful change without
*express* consent of the user.

Ie: NOT passive or implicit consent.

Making potentially harmful changes based only on passive or implicit
consent is.. well 'inconsiderate' is about as mild a phrase as I care to use.



--
Please remember that an email is just like a postcard; it is not
confidential nor private nor secure and can be read by many other people
than the intended recipient. A postcard can be read by anyone at the mail
sorting office and expecting what is written on it to be private and secret
is not realistic. Please hold no higher expectation of email.

If you need to send confidential information in an email you need to use
encryption. PGP is Pretty good for this.
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: Clubbing a deceased equine [ In reply to ]
On 4/21/10 8:03 PM, Steve Wray wrote:

>
> I believe that best practice with this sort of thing is to only issue
> warnings and not to actually force a potentially harmful change without
> *express* consent of the user.

Suggest at least one way to inform all the users successfully that obsolete
software is going to die soon - and don't let it slip past you in your solution
that the ClamAV people have know way of knowing who they need to inform. And
recall too, this: Filling their logs with warnings didn't work. Posting the
notice on the front page of their website didn't work. Running commentary in
this list didn't work. Announcing it in their Announcements list didn't work.

You don't know a way, they don't know a way, and I know for a fact it cannot be
done, and the reasons why have been listed and the results show that despite
adequate notification, some people failed to heed. They have to explain this
inadequacy to management. It must have been a long day for them. I'm over it.

What the team did worked for me, but I pay attention - it's my job. And you know
something? It really wasn't difficult. It takes me maybe 10 minutes to deal with
a ClamAV upgrade and less time to discover one is necessary.

We're left with this: The "problem" affected only those that did not pay
adequate attention. There is no cure for that.

So here's a message to everyone that was surprised: PAY ATTENTION because
there's going to be a next time!

dp
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: Clubbing a deceased equine [ In reply to ]
On 4/21/10 8:20 PM, Dennis Peterson wrote:


> know way of knowing

What the hell? Did I write that? :)

dp
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: Clubbing a deceased equine [ In reply to ]
I can't believe this thread.
This is like biting the hand that feeds.
I upgrade Clam every time there's a new release. Across 20+ servers.
Maybe the guys who are complaining should get into this habit too.

It's just good practice if you want a secure antivirus solution.
Do you think they are improving and extending the product for their own
health?
No.
It's for the users.
Stop being so lazy.

> On 4/21/10 8:03 PM, Steve Wray wrote:
>
>>
>> I believe that best practice with this sort of thing is to only issue
>> warnings and not to actually force a potentially harmful change without
>> *express* consent of the user.
>
> Suggest at least one way to inform all the users successfully that
> obsolete
> software is going to die soon - and don't let it slip past you in your
> solution
> that the ClamAV people have know way of knowing who they need to inform.
> And
> recall too, this: Filling their logs with warnings didn't work. Posting
> the
> notice on the front page of their website didn't work. Running commentary
> in
> this list didn't work. Announcing it in their Announcements list didn't
> work.
>
> You don't know a way, they don't know a way, and I know for a fact it
> cannot be
> done, and the reasons why have been listed and the results show that
> despite
> adequate notification, some people failed to heed. They have to explain
> this
> inadequacy to management. It must have been a long day for them. I'm over
> it.
>
> What the team did worked for me, but I pay attention - it's my job. And
> you know
> something? It really wasn't difficult. It takes me maybe 10 minutes to
> deal with
> a ClamAV upgrade and less time to discover one is necessary.
>
> We're left with this: The "problem" affected only those that did not pay
> adequate attention. There is no cure for that.
>
> So here's a message to everyone that was surprised: PAY ATTENTION because
> there's going to be a next time!
>
> dp
> _______________________________________________
> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
> http://www.clamav.net/support/ml
>



_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: (no subject) [ In reply to ]
Quoting Steve Holdoway <steve@greengecko.co.nz>:

> Spiro, you're missing the point of a distro completely. That is to
> provide a functionally static platform for people to use and release to.
> From that point on, only security patches are released. The fact that
> 0.94.x was current when debian lenny was released means that it should
> stay that way until EOL of the distro.
>
> Anything else is breaking at least the spirit of the distro release
> philosophy.

There are distros that follow that philosophy, but not all of them.
A distro can set any release philosophy they want, and indeed people
want different release philosophies from their distros...

--
Eric Rostetter
The Department of Physics
The University of Texas at Austin

Go Longhorns!
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: Clubbing a deceased equine [ In reply to ]
On 22.4.2010 6:03, Steve Wray wrote:
> Robert Wyatt wrote:
>> Simon Hobson wrote:
>> Well, it's not the only defense that I can think of. For exactly how
>> long had this message appeared before the ClamAV engine actually died?
>>
>> LibClamAV Warning: ****************************************************
>> LibClamAV Warning: *** This version of the ClamAV engine is outdated.
>> ***
>> LibClamAV Warning: *** DON’T PANIC! Read
>> http://www.clamav.net/support/faq ***
>> LibClamAV Warning: *****************************************************
>>
>> ... they're called "idiot lights" for a reason and are disregarded at
>> the user's peril.
>
> I believe that best practice with this sort of thing is to only issue
> warnings and not to actually force a potentially harmful change without
> *express* consent of the user.
>
> Ie: NOT passive or implicit consent.
>
> Making potentially harmful changes based only on passive or implicit
> consent is.. well 'inconsiderate' is about as mild a phrase as I care to
> use.
>

Yeah. well, but what's this? Temporary I hope

ClamAV update process started at Thu Apr 22 07:09:06 2010
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.95.3 Recommended version: 0.96
DON'T PANIC! Read http://www.clamav.net/support/faq
main.cld is up to date (version: 52, sigs: 704727, f-level: 44, builder:
sven)
WARNING: getpatch: Can't download daily-10781.cdiff from database.clamav.net
WARNING: getpatch: Can't download daily-10781.cdiff from database.clamav.net
WARNING: getpatch: Can't download daily-10781.cdiff from database.clamav.net
WARNING: getpatch: Can't download daily-10781.cdiff from database.clamav.net
ERROR: getpatch: Can't download daily-10781.cdiff from database.clamav.net
WARNING: Incremental update failed, trying to download daily.cvd
ERROR: Can't download daily.cvd from database.clamav.net
Giving up on database.clamav.net...
Update failed. Your network may be down or none of the mirrors listed in
/etc/clamav/freshclam.conf is working. Check
http://www.clamav.net/support/mirror-problem for possible reasons.




--
http://www.iki.fi/jarif/

You have many friends and very few living enemies.
Re: (no subject) [ In reply to ]
Quoting Jim Preston <jimlinux@commspeed.net>:

>> Read what I said. *functional* not security. Like, for example, php is
>> at 5.2.6 on lenny, unless you configure is differently. That's the whole
>> point of releases.

There are distros that release functional (feature) upgrades as well
as security/bug upgrades... Just as there are ones that don't.

Most distros will provide:
1) Security updates.
2) Bug fixes for major bugs.
3) Additional new features (even in the kernel, such as new hardware support)

Most distros will not provide:
1) Kernel changes to existing kernel functionality.
2) Changes to major system libraries which change existing functionality.
3) Changes to major packages which could impact services or processes
(like a major compiler upgrade, major system library upgrade, etc)

This is sometimes called "preserving the runtime environment", defined
as "the area where the kernel interacts with applications", while
allowing for updates/upgrades which are outside this "runtime environment".

Some distros may, and some may not, provide:
1) Functional updates to various non-critical programs or services
2) Functional updates to various critical programs or services which are
deemed to not cause any changes to the runtime environment of the system.

Compounding this issue are terminology issues such as the difference
between a "release" and a "version" of the distro, etc. (For example,
when I talk about a RHEL release I mean RHEL 4 or RHEL 5, and when I talk
about a RHEL versions I mean RHEL 5.1 or RHEL 5.2. Red Hat calls
these the opposite way (5.1 is a "dot release" where as 4 to 5 is an
version). So it can be confusing, to say the least. If I'm using
release in a way you don't intend, then I apologize...

--
Eric Rostetter
The Department of Physics
The University of Texas at Austin

Go Longhorns!
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: (no subject) [ In reply to ]
On 4/21/10 10:06 PM, Eric Rostetter wrote:
> Quoting Jim Preston <jimlinux@commspeed.net>:
>
>>> Read what I said. *functional* not security. Like, for example, php is
>>> at 5.2.6 on lenny, unless you configure is differently. That's the whole
>>> point of releases.
>
> There are distros that release functional (feature) upgrades as well
> as security/bug upgrades... Just as there are ones that don't.
>
> Most distros will provide:

Show me the contract.

dp
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: Clubbing a deceased equine [ In reply to ]
On 22.04.2010 06:44, Conrad Zane (Via Webmail) wrote:
> I can't believe this thread.
> This is like biting the hand that feeds.
> I upgrade Clam every time there's a new release. Across 20+ servers.
> Maybe the guys who are complaining should get into this habit too.

You are missing the point. I did not get bitten by this. I am
complaining because it is the principle that bothers me. Knowingly
turning off services on other people's computers is an immoral,
unethical, selfish and arragont act which is hopefully illegal some
parts of the world. This is just not acceptable behaviour.

--
Eray
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: Clubbing a deceased equine [ In reply to ]
On 22.04.2010 06:20, Dennis Peterson wrote:
> Suggest at least one way to inform all the users successfully that
> obsolete software is going to die soon - and don't let it slip past you
> in your solution that the ClamAV people have know way of knowing who
> they need to inform. And recall too, this: Filling their logs with
> warnings didn't work. Posting the notice on the front page of their
> website didn't work. Running commentary in this list didn't work.
> Announcing it in their Announcements list didn't work.

Every major software project hits this road block sooner or later and
solves it in an acceptable way. This is not rocket science. I am
pretty sure some way of versioning support was on the table during the
decision making process and was rejected. Knowing the rationale behind
it would be nice. I think it was a bad decision but knowing how the
decision was made (the other side of the argument so to speak) would help.

[...]
> We're left with this: The "problem" affected only those that did not pay
> adequate attention. There is no cure for that.

Our problem statements differ. I am against clamav's "right" to turn
off services on other people's computers which does not say anything on
sysadmins who may or may not be paying attention.

> So here's a message to everyone that was surprised: PAY ATTENTION
> because there's going to be a next time!

I hope not.

--
Eray
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: Clubbing a deceased equine [ In reply to ]
Dennis Peterson wrote:

>>I believe that best practice with this sort of thing is to only issue
>>warnings and not to actually force a potentially harmful change without
>>*express* consent of the user.
>
>Suggest at least one way to inform all the users successfully that
>obsolete software is going to die soon - and don't let it slip past
>you in your solution that the ClamAV people have know way of knowing
>who they need to inform. And recall too, this: Filling their logs
>with warnings didn't work. Posting the notice on the front page of
>their website didn't work. Running commentary in this list didn't
>work. Announcing it in their Announcements list didn't work.
>
>You don't know a way, they don't know a way, and I know for a fact
>it cannot be done

If you start with the pre-requisite that you must stop old versions
working then you are correct. Remove that pre-requisite and you are
not.

More than one suggestion has been made of how the team could have
"just moved on" and left the old versions behind - without having to
kill them. These suggestions have been rubbished for various (mostly
false) reasons.

People keep saying it's the user/admin's fault, that the user/admin
should take all the blame, and that the user/admin should suffer the
consequences. Fair enough - how this for a really odd idea - why not
just stop providing AV updates to the older versions, and let the
users/admins take the responsibility and consequences if they
continue to ignore the warnings that updates have stopped working. If
they ignore "things aren't working" errors then I'd agree with you -
let them deal with it. I don't agree with the argument that "things
are not optimal" is a warning to upgrade before things go bang.

--
Simon Hobson

Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
author Gladys Hobson. Novels - poetry - short stories - ideal as
Christmas stocking fillers. Some available as e-books.
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: Clubbing a deceased equine [ In reply to ]
Eray Aslan wrote:
> On 22.04.2010 06:20, Dennis Peterson wrote:
>
>> Suggest at least one way to inform all the users successfully that
>> obsolete software is going to die soon - and don't let it slip past you
>> in your solution that the ClamAV people have know way of knowing who
>> they need to inform. And recall too, this: Filling their logs with
>> warnings didn't work. Posting the notice on the front page of their
>> website didn't work. Running commentary in this list didn't work.
>> Announcing it in their Announcements list didn't work.
>>
>
> Every major software project hits this road block sooner or later and
> solves it in an acceptable way. This is not rocket science. I am
> pretty sure some way of versioning support was on the table during the
> decision making process and was rejected. Knowing the rationale behind
> it would be nice. I think it was a bad decision but knowing how the
> decision was made (the other side of the argument so to speak) would help.
>
> [...]
>
>> We're left with this: The "problem" affected only those that did not pay
>> adequate attention. There is no cure for that.
>>
>
> Our problem statements differ. I am against clamav's "right" to turn
> off services on other people's computers which does not say anything on
> sysadmins who may or may not be paying attention.
>
>
>> So here's a message to everyone that was surprised: PAY ATTENTION
>> because there's going to be a next time!
>>
>
> I hope not.
>
>
If you bothered to read this entire thread you would understand that
ClamAV did no such thing. In a couple of weeks these very same systems
would have failed when the new signature format went into affect. The
issue is that without code changes to <0.95 installations the new
signatures will crash Clamd by design of <0.95 versions. This was built
into the versions NOT as a method of breaking clamd but as preventing
loading of what this version considers malformed databases. They are not
guilty of intentionally turn off services but of not WASTING their money
to protect users who want to continue to use EOL software.

Jim
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: (no subject) [ In reply to ]
Until a few months ago I had 2(!!!) Redhat 7 servers in
full flight running compiled versions of sendmail and
clamav (amongst other things). I never had any problems
to get the latest versions compiled ....

Jobst


On Fri, Apr 16, 2010 at 01:22:53PM +0300, Török Edwin (edwintorok@gmail.com) wrote:
> On 04/16/2010 01:07 PM, Dima wrote:
> >I have something very much doubt that this can be done on the old compiler
> >using libraries of those times.
>
> People have successfully built ClamAV on various old systems, maybe
> not with all the features, but it surely built and run.
>
> Just give it a try.
>
> Best regards,
> --Edwin
> _______________________________________________
> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
> http://www.clamav.net/support/ml

--
best accelerated mac = 9.8 m/(s*s)

| |0| | Jobst Schmalenbach, jobst@barrett.com.au, General Manager
| | |0| Barrett Consulting Group P/L & The Meditation Room P/L
|0|0|0| +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: (no subject) [ In reply to ]
I had this issue last night. It was fixed between the time I first reported the problem and the time I successfully uploaded the file. I just updated the database one more time and no more false positives.

Sent from Janet's iPad

-Al-
--
Al Varnell

On Nov 8, 2010, at 1:21 PM, Eric Black <eblack@higherone.com> wrote:

>
> Hi,
>
> I'm having the same problem as described here: http://lurker.clamav.net/message/20100310.195831.c6c71431.en.html
>
> I'm getting false positives on two older files starting today, so I uploaded the files and this was the server response:
>
> Result:
> This file is not detected by ClamAV. Please update your CVD database before reporting false-positives. If you are using third-party databases/unofficial signatures, please contact the author of the signature. We can only process false-positives generated by ClamAV Official signatures.
>
> Please correct the above errors and retry. Thank you for helping the ClamAV project.
>
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: (no subject) [ In reply to ]
On 03/03/2012 04:44 PM, Jayson Brush wrote:
> Hello
>
> I currently have ClamSMTP and ClamAV 0.97.3 installed on CentOS with
> postfix and dovecot. The setup works and ClamAV properly scans all emails
> and detects viruses. However, I have enabled the DLP module in Clamd to
> detect CC numbers and SSNs and lowered the threshold to 1 for each. When I
> send and SSN number Clam properly logs that there was a SSN attempted to be
> sent. When I send any formatted Credit Card number, ClamAV does not
> recognize that there is a credit card number contained in the body of the
> text or as an attachment.
>
> Does anyone have any knowledge about this? Am I missing something?

By default you need to have at least 3 Credit Card numbers to trigger a detection:

# This option sets the lowest number of Social Security Numbers found
# in a file to generate a detect.
# Default: 3
#StructuredMinSSNCount 5

Best regards,
--Edwin
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: (no subject) [ In reply to ]
Correct. I lowered the StructuredMinCreditCardCount from 3 to 1 and sent
five CC#s at a time with no detection. It does detect SSNs fine.

Thanks, any other suggestions?

2012/3/3 Török Edwin <edwin+ml-clamav@etorok.net>

> On 03/03/2012 04:44 PM, Jayson Brush wrote:
> > Hello
> >
> > I currently have ClamSMTP and ClamAV 0.97.3 installed on CentOS with
> > postfix and dovecot. The setup works and ClamAV properly scans all emails
> > and detects viruses. However, I have enabled the DLP module in Clamd to
> > detect CC numbers and SSNs and lowered the threshold to 1 for each. When
> I
> > send and SSN number Clam properly logs that there was a SSN attempted to
> be
> > sent. When I send any formatted Credit Card number, ClamAV does not
> > recognize that there is a credit card number contained in the body of the
> > text or as an attachment.
> >
> > Does anyone have any knowledge about this? Am I missing something?
>
> By default you need to have at least 3 Credit Card numbers to trigger a
> detection:
>
> # This option sets the lowest number of Social Security Numbers found
> # in a file to generate a detect.
> # Default: 3
> #StructuredMinSSNCount 5
>
> Best regards,
> --Edwin
> _______________________________________________
> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
> http://www.clamav.net/support/ml
>



--
jayson
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: (no subject) [ In reply to ]
Please run freshclam, an update has been pushed.

Joel

On May 11, 2012, at 11:40 AM, Andrew Thompson wrote:

>
> Hello
> We were seeing a number of files being quarantined earlier with the reference
> BC.Exploit.CVE_2012_1847 FOUND and BC.Exploit.CVE_2012_0184 FOUND. The CVE
> numbers point to vulnerabilities found in Microsoft's Excel and Office
> suites. However, the files were not only excel spreadsheets but also some
> .msi files and word .doc files. Our other AV scanners (Sophos and Avira) see
> the files as clean, so is this a false positive ? I'm assuming yes. Also,
> interestingly, a copy of one of the files put back on the affected server has
> not been quarantined again. The various definitions have been updated by
> freshclam, so we are all up to date currently on that score. If someone could
> confirm if this was a signature that was wrong and causing the quarantine,
> that would be great.
>
> Version info below:
> clamscan -V
> ClamAV 0.97.3/14913/Fri May 11 16:03:22 2012
>
> running on a Centos 5.7 box.
>
> Thanks in advance.
>
> Andrew
>
>
>
> --
>
> Andrew Thompson
>
> andrew@x-2.org.uk
> _________________________________________________________
> This mail sent using V-webmail - http://www.v-webmail.org
>
> _______________________________________________
> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
> http://www.clamav.net/support/ml

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: (no subject) [ In reply to ]
I sent a note out on this yesterday with reference to most Mac OS X users
who have /usr/php/install-pear-nozlib.phar on their hard drives, having
already submitted the file as an FP. Since then there have been a couple of
other Unix users report similar results and a promise to get back to us, but
nothing yet.

Check the list archive for details.

Whether it's of any consequence or not depends on what version of PHP you
have. The CVE was reported back in January and concerned PHP 5.3.8 which
was apparently patched with PHP 5.4.0, but that's all I can seem to find
out.


-Al-

--
Al Varnell
Mountain View, CA

On 10/17/12 12:11 AM, "Steffen Ewert" wrote:

> Hi,
>
> with the newest DB (updated 4hours ago) I get the following virus detection:
>
> /share/c-on/download/Netzwerk/WebTools/DokuWiki/dokuwiki-2011-05-25a.tgz:
> PHP.Exploit.CVE_2011_4153-2 FOUND
> /share/c-on/download/Netzwerk/WebTools/DokuWiki/dokuwiki-2009-12-25c.tgz:
> PHP.Exploit.CVE_2011_4153-2 FOUND
>
> I assume this must be a wrong detection because both files wasn't changed
> since I had downloaded it (my backup application calc's every night a checksum
> of each file and only if the checksum differs the file will be backup again
> and the last time of the backup of both files was the day I have downloaded
> and stored the files).
>
> May be there are also other DokuWiki tgz files with this virus detection. I
> have only stored this both dokuwiki tgz files on my disk.
>
> Any other there which can confirm this (hopefully) wrong virus detection with
> the newest DB?


_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: (no subject) [ In reply to ]
Found your message. Thanks Al!

(and sorry for my forgotten subject ... :-( )

Steffen

> I sent a note out on this yesterday with reference to most Mac OS X users
> who have /usr/php/install-pear-nozlib.phar on their hard drives, having
> already submitted the file as an FP. Since then there have been a couple of
> other Unix users report similar results and a promise to get back to us, but
> nothing yet.
>
> Check the list archive for details.
>
> Whether it's of any consequence or not depends on what version of PHP you
> have. The CVE was reported back in January and concerned PHP 5.3.8 which
> was apparently patched with PHP 5.4.0, but that's all I can seem to find
> out.
>
>
> -Al-
>
> --
> Al Varnell
> Mountain View, CA
>
> On 10/17/12 12:11 AM, "Steffen Ewert" wrote:
>
> > Hi,
> >
> > with the newest DB (updated 4hours ago) I get the following virus detection:
> >
> > /share/c-on/download/Netzwerk/WebTools/DokuWiki/dokuwiki-2011-05-25a.tgz:
> > PHP.Exploit.CVE_2011_4153-2 FOUND
> > /share/c-on/download/Netzwerk/WebTools/DokuWiki/dokuwiki-2009-12-25c.tgz:
> > PHP.Exploit.CVE_2011_4153-2 FOUND
> >
> > I assume this must be a wrong detection because both files wasn't changed
> > since I had downloaded it (my backup application calc's every night a checksum
> > of each file and only if the checksum differs the file will be backup again
> > and the last time of the backup of both files was the day I have downloaded
> > and stored the files).
> >
> > May be there are also other DokuWiki tgz files with this virus detection. I
> > have only stored this both dokuwiki tgz files on my disk.
> >
> > Any other there which can confirm this (hopefully) wrong virus detection with
> > the newest DB?
>
>
> _______________________________________________
> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
> http://www.clamav.net/support/ml
>
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: (no subject) [ In reply to ]
The signature has been updated this morning to:

PHP.Exploit.CVE_2011_4153-2:0:*:3c3f{-512}646566696e6528{-20}7374725f72657065617428{-20}2461726776

Please update your signatures to Daily CVD 15471 or later.

Thanks,

- Alain
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: (no subject) [ In reply to ]
On Sun, Dec 21, 2014 at 9:04 AM, jpff <jpff@codemist.co.uk> wrote:

> Since building 0.98.5 I am seeing
>
> ERROR: This tool requires libclamav with functionality level 79 or higher
> (current f-level: 77)
>
> when updating rules. I assume I have some mis-configuration but what?
> ==John ff


Hey John,

You can take a look at this email thread on the clamav-users mailing list
for a solution:
http://lurker.clamav.net/message/20141119.095431.a8b6e9c8.en.html

Thanks,

Shawn
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: (no subject) [ In reply to ]
Thank you Shawn; that fixes it. I did look at the archive but clearly
inadequately

All working at company and university
==John ffitch
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: (no subject) [ In reply to ]
Respected Sir/Madam,

Could you tell me step-wise how to install stable version 0.98.5 from
source code in ubuntu???

---------------

Naresh

On Sun, Dec 28, 2014 at 1:47 AM, jpff <jpff@codemist.co.uk> wrote:

> Thank you Shawn; that fixes it. I did look at the archive but clearly
> inadequately
>
> All working at company and university
> ==John ffitch
> _______________________________________________
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: (no subject) [ In reply to ]
Is the file currently being written to by another process?

dp

On 9/3/16 2:07 AM, Gérard Lemarié wrote:
> Hello,
>
>
> When I run a clamscan on my computer, clamav returns to me an lot of similar error messages :
>
>
> LibClamaV Warning: fmap_readpage : preadfail : asked for 4085 bytes@offset11, got 0
>
>
> Could you help me for this ?
>
> Regards
> Gérard Lemarié
>
> _______________________________________________
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml


_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: (no subject) [ In reply to ]
>LibClamaV Warning: fmap_readpage : preadfail : asked for 4085
>bytes@offset11, got 0

An old post but hopefully advice is still sound...

http://www.gossamer-threads.com/lists/clamav/users/50788

Cheers,

Steve
Web : sanesecurity.com
Blog: sanesecurity.blogspot.com
Twitter: @sanesecurity

_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: (no subject) [ In reply to ]
> ERROR: Can't open /var/log/clamav/freshclam.log in append mode (check
> permissions!).
> ERROR: Problem with internal logger (UpdateLogFile =
> /var/log/clamav/freshclam.log).

I expect you solved this already?

> WARNING: getpatch: Can't download daily-24011.cdiff from db.local.clamav.net

Whenever I see this and freshclam cannot resolve it by itself, what I usually do is just remove all signature files (or move them elsewhere) and re-run freshclam. Then it will download all signature files again and be fully updated. I don't know if there's another/better solution; it just works for me.


--
Rob

_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: (no subject) [ In reply to ]
Hey,

Firstly, this is a permissions issue with the freshclam.log file. I would verify that clamav can write to the log file and see what you have the permissions of that file as.
IF you created the clamav user when you first installed clamav, you might need to chown the file with the clamav user.

You can also check the freshclam.conf file to verify that it looks good with the logging (pointing in the right location..etc)


Thank you,


Tom M




On 12/6/17, 7:22 AM, "clamav-users on behalf of Rob Sterenborg" <clamav-users-bounces@lists.clamav.net on behalf of r.sterenborg@netmatch.nl> wrote:

>ERROR: Can't open /var/log/clamav/freshclam.log in append mode (check
>permissions!).
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: (no subject) [ In reply to ]
Hello George,

I will look into those mirrors to see if they are down. IF a mirror is not working, it should look to find another one. You could also try 'wget database.clamav.net/main.cvd'
To see if it manually downloads it that way, then drop the file in the location


We have been working hard to correct a lot of mirror issues, but as you can see- we still have a long way to go to make mirrors work better.
It is my hope that I can get the mirrors more stable for everyone moving forward.


Thank you,


Tom M




On 12/6/17, 7:14 AM, "clamav-users on behalf of George" <clamav-users-bounces@lists.clamav.net on behalf of gdparlichev@gmail.com> wrote:

>Dear All,
>
>How do I update my ClamAV database? I can provide the following details
>regarding my problem:
>1. I run ClamAV 0.99.2/24010;
>2. After starting clamscan, I get "The virus database is older than 7 days!
>Please update it as soon as possible."
>3. Ran "sudo /etc/init.d/clamav-freshclam stop; sudo freshclam -v to
>manually update the ClamAV database, however;
>4. The following error keeps repeating:
>
>Retrieving http://db.local.clamav.net/daily-24011.cdiff
>Ignoring mirror 193.92.150.194 (due to previous errors)
>Ignoring mirror 193.92.150.194 (due to previous errors)
>WARNING: getpatch: Can't download daily-24011.cdiff from db.local.clamav.net
>...
>Giving up on database.clamav.net...
>
>5. So I restarted the ClamAV daemon:
>user@virus:~$ sudo /etc/init.d/clamav-freshclam start
>[ ok ] Starting clamav-freshclam (via systemctl): clamav-freshclam.service.
>
>After reading the documentation (https://www.clamav.net/documents/) and the
>Archives and finding no solution, I decided to ask the community.
>Please find attached the full Clamscan error log and my trial to update the
>database manually. Please find the log output below (between #START and
>#END). Thanks in advance.
>
>Best regards,
>George
>
>#START
>user@virus:~$ freshclam
>ERROR: Can't open /var/log/clamav/freshclam.log in append mode (check
>permissions!).
>ERROR: Problem with internal logger (UpdateLogFile =
>/var/log/clamav/freshclam.log).
>user@virus:~$ man clamscan
>user@virus:~$ clamscan -r --max-filesize=5 -i --remove /home/user
>LibClamAV Warning: **************************************************
>LibClamAV Warning: *** The virus database is older than 7 days! ***
>LibClamAV Warning: *** Please update it as soon as possible. ***
>LibClamAV Warning: **************************************************
>
>----------- SCAN SUMMARY -----------
>Known viruses: 9515915
>Engine version: 0.99.2
>Scanned directories: 9277
>Scanned files: 73380
>Infected files: 0
>Total errors: 2
>Data scanned: 0.00 MB
>Data read: 44128.53 MB (ratio 0.00:1)
>Time: 324.804 sec (5 m 24 s)
>user@virus:~$ sudo /etc/init.d/clamav-freshclam stop
>[sudo] password for user:
>[ ok ] Stopping clamav-freshclam (via systemctl): clamav-freshclam.service.
>user@virus:~$ freshclam
>ERROR: Can't open /var/log/clamav/freshclam.log in append mode (check
>permissions!).
>ERROR: Problem with internal logger (UpdateLogFile =
>/var/log/clamav/freshclam.log).
>user@virus:~$ sudo freshclam -v
>Current working dir is /var/lib/clamav
>Max retries == 5
>ClamAV update process started at Tue Nov 21 11:07:07 2017
>Using IPv6 aware code
>Querying current.cvd.clamav.net
>TTL: 1748
>Software version from DNS: 0.99.2
>main.cvd version from DNS: 58
>main.cld is up to date (version: 58, sigs: 4566249, f-level: 60, builder:
>sigmgr)
>daily.cvd version from DNS: 24059
>Retrieving http://db.local.clamav.net/daily-24011.cdiff
>Ignoring mirror 193.92.150.194 (due to previous errors)
>Ignoring mirror 193.92.150.194 (due to previous errors)
>WARNING: getpatch: Can't download daily-24011.cdiff from db.local.clamav.net
>Retrieving http://db.local.clamav.net/daily-24011.cdiff
>Ignoring mirror 193.92.150.194 (due to previous errors)
>WARNING: getpatch: Can't download daily-24011.cdiff from db.local.clamav.net
>Retrieving http://db.local.clamav.net/daily-24011.cdiff
>Ignoring mirror 193.92.150.194 (due to previous errors)
>WARNING: getpatch: Can't download daily-24011.cdiff from db.local.clamav.net
>Retrieving http://db.local.clamav.net/daily-24011.cdiff
>Ignoring mirror 193.92.150.194 (due to previous errors)
>WARNING: getpatch: Can't download daily-24011.cdiff from db.local.clamav.net
>Retrieving http://db.local.clamav.net/daily-24011.cdiff
>Ignoring mirror 193.92.150.194 (due to previous errors)
>WARNING: getpatch: Can't download daily-24011.cdiff from db.local.clamav.net
>WARNING: Incremental update failed, trying to download daily.cvd
>Whitelisting short-term blacklisted mirrors
>Retrieving http://db.local.clamav.net/daily.cvd
>Ignoring mirror 193.92.150.194 (due to previous errors)
>Ignoring mirror 193.92.150.194 (due to previous errors)
>WARNING: Can't download daily.cvd from db.local.clamav.net
>Trying again in 5 secs...
>ClamAV update process started at Tue Nov 21 11:07:18 2017
>Using IPv6 aware code
>Querying current.cvd.clamav.net
>TTL: 1736
>Software version from DNS: 0.99.2
>main.cvd version from DNS: 58
>main.cld is up to date (version: 58, sigs: 4566249, f-level: 60, builder:
>sigmgr)
>daily.cvd version from DNS: 24059
>Retrieving http://db.local.clamav.net/daily-24011.cdiff
>Ignoring mirror 193.92.150.194 (due to previous errors)
>WARNING: getpatch: Can't download daily-24011.cdiff from db.local.clamav.net
>Retrieving http://db.local.clamav.net/daily-24011.cdiff
>Ignoring mirror 193.92.150.194 (due to previous errors)
>WARNING: getpatch: Can't download daily-24011.cdiff from db.local.clamav.net
>Retrieving http://db.local.clamav.net/daily-24011.cdiff
>Ignoring mirror 193.92.150.194 (due to previous errors)
>WARNING: getpatch: Can't download daily-24011.cdiff from db.local.clamav.net
>Retrieving http://db.local.clamav.net/daily-24011.cdiff
>Ignoring mirror 193.92.150.194 (due to previous errors)
>WARNING: getpatch: Can't download daily-24011.cdiff from db.local.clamav.net
>Retrieving http://db.local.clamav.net/daily-24011.cdiff
>Ignoring mirror 193.92.150.194 (due to previous errors)
>WARNING: getpatch: Can't download daily-24011.cdiff from db.local.clamav.net
>WARNING: Incremental update failed, trying to download daily.cvd
>Whitelisting short-term blacklisted mirrors
>Retrieving http://db.local.clamav.net/daily.cvd
>Ignoring mirror 193.92.150.194 (due to previous errors)
>WARNING: Can't download daily.cvd from db.local.clamav.net
>Trying again in 5 secs...
>ClamAV update process started at Tue Nov 21 11:07:23 2017
>Using IPv6 aware code
>Querying current.cvd.clamav.net
>TTL: 1731
>Software version from DNS: 0.99.2
>main.cvd version from DNS: 58
>main.cld is up to date (version: 58, sigs: 4566249, f-level: 60, builder:
>sigmgr)
>daily.cvd version from DNS: 24059
>Retrieving http://db.local.clamav.net/daily-24011.cdiff
>Ignoring mirror 193.92.150.194 (due to previous errors)
>WARNING: getpatch: Can't download daily-24011.cdiff from db.local.clamav.net
>Retrieving http://db.local.clamav.net/daily-24011.cdiff
>Ignoring mirror 193.92.150.194 (due to previous errors)
>WARNING: getpatch: Can't download daily-24011.cdiff from db.local.clamav.net
>Retrieving http://db.local.clamav.net/daily-24011.cdiff
>Ignoring mirror 193.92.150.194 (due to previous errors)
>WARNING: getpatch: Can't download daily-24011.cdiff from db.local.clamav.net
>Retrieving http://db.local.clamav.net/daily-24011.cdiff
>Ignoring mirror 193.92.150.194 (due to previous errors)
>WARNING: getpatch: Can't download daily-24011.cdiff from db.local.clamav.net
>Retrieving http://db.local.clamav.net/daily-24011.cdiff
>Ignoring mirror 193.92.150.194 (due to previous errors)
>WARNING: getpatch: Can't download daily-24011.cdiff from db.local.clamav.net
>WARNING: Incremental update failed, trying to download daily.cvd
>Whitelisting short-term blacklisted mirrors
>Retrieving http://db.local.clamav.net/daily.cvd
>Ignoring mirror 193.92.150.194 (due to previous errors)
>WARNING: Can't download daily.cvd from db.local.clamav.net
>Trying again in 5 secs...
>ClamAV update process started at Tue Nov 21 11:07:29 2017
>Using IPv6 aware code
>Querying current.cvd.clamav.net
>TTL: 1726
>Software version from DNS: 0.99.2
>main.cvd version from DNS: 58
>main.cld is up to date (version: 58, sigs: 4566249, f-level: 60, builder:
>sigmgr)
>daily.cvd version from DNS: 24059
>Retrieving http://db.local.clamav.net/daily-24011.cdiff
>Ignoring mirror 193.92.150.194 (due to previous errors)
>WARNING: getpatch: Can't download daily-24011.cdiff from db.local.clamav.net
>Retrieving http://db.local.clamav.net/daily-24011.cdiff
>Ignoring mirror 193.92.150.194 (due to previous errors)
>WARNING: getpatch: Can't download daily-24011.cdiff from db.local.clamav.net
>Retrieving http://db.local.clamav.net/daily-24011.cdiff
>Ignoring mirror 193.92.150.194 (due to previous errors)
>WARNING: getpatch: Can't download daily-24011.cdiff from db.local.clamav.net
>Retrieving http://db.local.clamav.net/daily-24011.cdiff
>Ignoring mirror 193.92.150.194 (due to previous errors)
>WARNING: getpatch: Can't download daily-24011.cdiff from db.local.clamav.net
>Retrieving http://db.local.clamav.net/daily-24011.cdiff
>Ignoring mirror 193.92.150.194 (due to previous errors)
>WARNING: getpatch: Can't download daily-24011.cdiff from db.local.clamav.net
>WARNING: Incremental update failed, trying to download daily.cvd
>Whitelisting short-term blacklisted mirrors
>Retrieving http://db.local.clamav.net/daily.cvd
>Ignoring mirror 193.92.150.194 (due to previous errors)
>WARNING: Can't download daily.cvd from db.local.clamav.net
>Trying again in 5 secs...
>ClamAV update process started at Tue Nov 21 11:07:34 2017
>Using IPv6 aware code
>Querying current.cvd.clamav.net
>TTL: 1720
>Software version from DNS: 0.99.2
>main.cvd version from DNS: 58
>main.cld is up to date (version: 58, sigs: 4566249, f-level: 60, builder:
>sigmgr)
>daily.cvd version from DNS: 24059
>Retrieving http://db.local.clamav.net/daily-24011.cdiff
>Ignoring mirror 193.92.150.194 (due to previous errors)
>WARNING: getpatch: Can't download daily-24011.cdiff from db.local.clamav.net
>Retrieving http://db.local.clamav.net/daily-24011.cdiff
>Ignoring mirror 193.92.150.194 (due to previous errors)
>WARNING: getpatch: Can't download daily-24011.cdiff from db.local.clamav.net
>Retrieving http://db.local.clamav.net/daily-24011.cdiff
>Ignoring mirror 193.92.150.194 (due to previous errors)
>WARNING: getpatch: Can't download daily-24011.cdiff from db.local.clamav.net
>Retrieving http://db.local.clamav.net/daily-24011.cdiff
>Ignoring mirror 193.92.150.194 (due to previous errors)
>WARNING: getpatch: Can't download daily-24011.cdiff from db.local.clamav.net
>Retrieving http://db.local.clamav.net/daily-24011.cdiff
>Ignoring mirror 193.92.150.194 (due to previous errors)
>ERROR: getpatch: Can't download daily-24011.cdiff from db.local.clamav.net
>WARNING: Incremental update failed, trying to download daily.cvd
>Whitelisting short-term blacklisted mirrors
>Retrieving http://db.local.clamav.net/daily.cvd
>Ignoring mirror 193.92.150.194 (due to previous errors)
>ERROR: Can't download daily.cvd from db.local.clamav.net
>Giving up on db.local.clamav.net...
>ClamAV update process started at Tue Nov 21 11:07:34 2017
>Using IPv6 aware code
>Querying current.cvd.clamav.net
>TTL: 1720
>Software version from DNS: 0.99.2
>main.cvd version from DNS: 58
>main.cld is up to date (version: 58, sigs: 4566249, f-level: 60, builder:
>sigmgr)
>daily.cvd version from DNS: 24059
>Retrieving http://database.clamav.net/daily-24011.cdiff
>Ignoring mirror 193.92.150.194 (due to previous errors)
>WARNING: getpatch: Can't download daily-24011.cdiff from database.clamav.net
>Retrieving http://database.clamav.net/daily-24011.cdiff
>Ignoring mirror 193.92.150.194 (due to previous errors)
>WARNING: getpatch: Can't download daily-24011.cdiff from database.clamav.net
>Retrieving http://database.clamav.net/daily-24011.cdiff
>Ignoring mirror 193.92.150.194 (due to previous errors)
>WARNING: getpatch: Can't download daily-24011.cdiff from database.clamav.net
>Retrieving http://database.clamav.net/daily-24011.cdiff
>Ignoring mirror 193.92.150.194 (due to previous errors)
>WARNING: getpatch: Can't download daily-24011.cdiff from database.clamav.net
>Retrieving http://database.clamav.net/daily-24011.cdiff
>Ignoring mirror 193.92.150.194 (due to previous errors)
>ERROR: getpatch: Can't download daily-24011.cdiff from database.clamav.net
>WARNING: Incremental update failed, trying to download daily.cvd
>Whitelisting short-term blacklisted mirrors
>Retrieving http://database.clamav.net/daily.cvd
>Ignoring mirror 193.92.150.194 (due to previous errors)
>ERROR: Can't download daily.cvd from database.clamav.net
>Giving up on database.clamav.net...
>Update failed. Your network may be down or none of the mirrors listed in
>/etc/clamav/freshclam.conf is working. Check http://www.clamav.net/doc/
>mirrors-faq.html for possible reasons.
>user@virus:~$ sudo /etc/init.d/clamav-freshclam start
>[ ok ] Starting clamav-freshclam (via systemctl): clamav-freshclam.service.
>user@virus:~$
>
>#END
>_______________________________________________
>clamav-users mailing list
>clamav-users@lists.clamav.net
>http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
>Help us build a comprehensive ClamAV guide:
>https://github.com/vrtadmin/clamav-faq
>
>http://www.clamav.net/contact.html#ml
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: (no subject) [ In reply to ]
Hi Tom,

Thanks for this timely reply. Could you provide a solution or link to
update the database by myself?

Best regards,
George


2017-12-06 16:57 GMT+02:00 Thomas McCourt (tmccourt) <tmccourt@cisco.com>:

> Hello George,
>
> I will look into those mirrors to see if they are down. IF a mirror is not
> working, it should look to find another one. You could also try 'wget
> database.clamav.net/main.cvd'
> To see if it manually downloads it that way, then drop the file in the
> location
>
>
> We have been working hard to correct a lot of mirror issues, but as you
> can see- we still have a long way to go to make mirrors work better.
> It is my hope that I can get the mirrors more stable for everyone moving
> forward.
>
>
> Thank you,
>
>
> Tom M
>
>
>
>
> On 12/6/17, 7:14 AM, "clamav-users on behalf of George" <
> clamav-users-bounces@lists.clamav.net on behalf of gdparlichev@gmail.com>
> wrote:
>
> >Dear All,
> >
> >How do I update my ClamAV database? I can provide the following details
> >regarding my problem:
> >1. I run ClamAV 0.99.2/24010;
> >2. After starting clamscan, I get "The virus database is older than 7
> days!
> >Please update it as soon as possible."
> >3. Ran "sudo /etc/init.d/clamav-freshclam stop; sudo freshclam -v to
> >manually update the ClamAV database, however;
> >4. The following error keeps repeating:
> >
> >Retrieving http://db.local.clamav.net/daily-24011.cdiff
> >Ignoring mirror 193.92.150.194 (due to previous errors)
> >Ignoring mirror 193.92.150.194 (due to previous errors)
> >WARNING: getpatch: Can't download daily-24011.cdiff from
> db.local.clamav.net
> >...
> >Giving up on database.clamav.net...
> >
> >5. So I restarted the ClamAV daemon:
> >user@virus:~$ sudo /etc/init.d/clamav-freshclam start
> >[ ok ] Starting clamav-freshclam (via systemctl):
> clamav-freshclam.service.
> >
> >After reading the documentation (https://www.clamav.net/documents/) and
> the
> >Archives and finding no solution, I decided to ask the community.
> >Please find attached the full Clamscan error log and my trial to update
> the
> >database manually. Please find the log output below (between #START and
> >#END). Thanks in advance.
> >
> >Best regards,
> >George
> >
>
>I deleted the rest of the message
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: (no subject) [ In reply to ]
Hello,

Yeah, run the wget command

Wget database.clamav.net/main.cvd
That should download it


Thanks,


Tom





On 12/6/17, 11:18 AM, "clamav-users on behalf of George" <clamav-users-bounces@lists.clamav.net on behalf of gdparlichev@gmail.com> wrote:

>wget
>database.clamav.net/main.cvd'
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: (no subject) [ In reply to ]
Thanks, but this doesn't update the daily.cvd. Should I wait for you to fix
the mirros or can I do something myself? Sorry for bothering you, but if
there was some guide on what to do in such cases, I would use it myself.

Best regards,
George

2017-12-06 18:32 GMT+02:00 Thomas McCourt (tmccourt) <tmccourt@cisco.com>:

> Hello,
>
> Yeah, run the wget command
>
> Wget database.clamav.net/main.cvd
> That should download it
>
>
> Thanks,
>
>
> Tom
>
>
>
>
>
> On 12/6/17, 11:18 AM, "clamav-users on behalf of George" <
> clamav-users-bounces@lists.clamav.net on behalf of gdparlichev@gmail.com>
> wrote:
>
> >wget
> >database.clamav.net/main.cvd'
> _______________________________________________
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: (no subject) [ In reply to ]
wget database.clamav.net/daily.cvd for the daily updates.

On 12/6/2017 12:03 PM, George wrote:
> Thanks, but this doesn't update the daily.cvd. Should I wait for you to fix
> the mirros or can I do something myself? Sorry for bothering you, but if
> there was some guide on what to do in such cases, I would use it myself.
>
> Best regards,
> George
>
> 2017-12-06 18:32 GMT+02:00 Thomas McCourt (tmccourt) <tmccourt@cisco.com>:
>
>> Hello,
>>
>> Yeah, run the wget command
>>
>> Wget database.clamav.net/main.cvd
>> That should download it
>>
>>
>> Thanks,
>>
>>
>> Tom
>>
>>
>>
>>
>>
>> On 12/6/17, 11:18 AM, "clamav-users on behalf of George" <
>> clamav-users-bounces@lists.clamav.net on behalf of gdparlichev@gmail.com>
>> wrote:
>>
>>> wget
>>> database.clamav.net/main.cvd'
>> _______________________________________________
>> clamav-users mailing list
>> clamav-users@lists.clamav.net
>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>>
>>
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>>
>> http://www.clamav.net/contact.html#ml
>>
> _______________________________________________
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
Re: (no subject) [ In reply to ]
for the sake of archives and readers:

can mailing lists please start to reject posts with braindead "(no
subject)" and people learn to compose readable mails where answers are
not randomly on top, bottom and dozen times signatures quoted?

i could puke each time someone replies to this thread
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: (no subject) [ In reply to ]
Welcome

1. Please see the documentation:
https://www.clamav.net/documents/installing-clamav
bash # yum install -y epel-release # yum install -y clamav

2. This is not clamav related. Though: You can use " yum install yum-plugin-downloadonly" to enable you to download the packages on another system, put it on a stick or dvd if you like and create a new repo locally on your offline system.
Much easier ould be to configure your iptables.



-----Original Message-----
From: clamav-users [mailto:clamav-users-bounces@lists.clamav.net] On Behalf Of Robert Huth
Sent: Friday, April 20, 2018 1:49 PM
To: clamav-users@lists.clamav.net
Subject: [clamav-users] (no subject)

Hello,

I am new to the Linux world and I am learning as I go. I have a couple of
issues that I would like to get resolved. Please feel free to provide me
answers as to how can I resolved these on my own.


My issues are as follow.

1. I am not able to install ClamAV 0.100.0. I have installed epel v7 with
no issue. When i usethe following command "yum install ClamAV" (File name)
the installation starts and then list errors (see attachment). The errors
look as if a previous version is trying to install.
2. How will I be able to install updates to the system. The laptop will
not be allow to connected to other networks or the internet once it is
approved for processing information. This will be a standalone PC. Is there
any solution such as a CD/ DVD that can be used to download and tranfer the
definitions to the PC? If so what is the process for getting the updated
definitions.


System Configuration
One standalone laptop
Running Windows 10 (Host OS)
VMWare Pro 14 with RHEL 6.9 install as the guest
Clam AV version used is ClamAV 0.100.0


Thanks,
Robert
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
________________________________________________________________________
The information contained in this e-mail is for the exclusive use of the
intended recipient(s) and may be confidential, proprietary, and/or
legally privileged. Inadvertent disclosure of this message does not
constitute a waiver of any privilege. If you receive this message in
error, please do not directly or indirectly use, print, copy, forward,
or disclose any part of this message. Please also delete this e-mail
and all copies and notify the sender. Thank you.
________________________________________________________________________
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: (No Subject) [ In reply to ]
I'm told that the current implementation for VirusEvent in clamd doesn't play well with OnAccess scanning due to the way clamd and OnAccess use threads and the way the current VirusEvent feature relies on forking. VirusEvent was disabled when used with OnAccess until a better implementation can be implemented.

We have a bugzilla ticket here to track the issue: https://bugzilla.clamav.net/show_bug.cgi?id=12152.

Regards,
Micah

Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.


On Aug 3, 2018, at 10:38 PM, greengrasseyes <greengrasseyes@protonmail.com<mailto:greengrasseyes@protonmail.com>> wrote:

I am having a similar issue can anyone confirm or deny this is the
reason for issue:

https://bbs.archlinux.org/viewtopic.php?id=237489

_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml