On Mon, 6 Oct 2008 11:37:51 -0400 (EDT) Charles Gregory <[EMAIL PROTECTED]> wrote:
>On Sat, 4 Oct 2008, Dennis Peterson wrote: >> Hopefully they're not running mail servers on the Internet elsewise >> they could easily be considered derelict in their responsibilities. > >Ah. Yes, I must be 'derelict' because there is only ONE sysadmin (me) >and I go home on weekends? > >Heck, I'm not even the 'worst case' you should worry about. I check for >failures over the weekend. But there are many home-grown servers out >there, particularly in small offices, that are completely unattended >over weekends. They are run by very good, intelligent, but >NON-technical people who bring in a tech guy to set it all up for >them, and then have that tech guy check up on the system >"occasionally". If they have an obvious problem, they call their tech >guy to "come in". But there is never anything 'obvious' about ClamAV >aborting. That's the argument here. They could go for *weeks* not >knowing their ClamAV has failed silently. I find it hard to believe that ClamAV could be down for *weeks* and nobody has notice. There are numerous applications that can monitor and report if a daemon has failed. Some can even restart the application. Why have you not bothered to install one? The fact that ClamAV has aborted is very obvious if you either install the correct tools or take the time to properly check out your system. >In my opinion, the only 'derelict' action is to advocate standards that >*ignore* that these systems/users exist, on the feeble argument that >they "should not" do it that way. The case cited above is becoming >more and more common in the business world. It's the reason that we >get 'bots' all over the place sending spam. Poorly configured and >unprotected. Some probably don't even use any AV at all, simply out of >ignorance. But if they make the *effort* to use an AV product >shouldn't we give them the best chance of it working? All it takes is >some *warning* that changes have occurred since they installed the >software? The reason we get *bots*, etc, is because of derelict SA's who try to off load their responsibilities. If the individual does not know how to do the job correctly, then they have no business doing it at all. I am not a doctor. If I attempt surgery on someone and they die, should I be forgiven just because I am not a doctor? Of course not. An individual is either qualified to do a job, or they are not. It doesn't get much simpler that then. >HEY CLAMAV DEVELOPERS! Another strong suggestion: > >Place the RELEASE number as a 'config item' at the top of all >distributed config files. Then any time the software is updated, and >spots that it is running with an older config, it can e-mail the >owner/admin and inform them that new options are available, and to >double-check the old ones. Oh, and perhaps an option that says "USE >DEFAULT CONFIG" that would remain constant throughout any/all >releases, so that those people who install ClamAV as a 'package' will >always "work" on some basic level? This is somewhat confusing to me. Are you saying that you update packages automatically without any idea what package(s) you are updating? That is absurd. My update procedure is to check for what updates are available, and then choose which ones I want to install. Many updates must be restarted anyway once they are in place. If you are blindly installing products without knowing what is being installed, then you deserve any problems that happen your way. -- Jerry [EMAIL PROTECTED] It takes a special kind of courage to face what we all have to face.
signature.asc
Description: PGP signature
_______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
