Hi there, On Sun, 24 Jan 2010 Jon Bendtsen wrote:
> On 23/01/2010, at 15.11, G.W. Haywood wrote: > > > You have omitted important information from your posts ... > > It was not intentional. Which important information are you missing? Details like operating systems, the names of the software packages that you're scanning, software versions (of everything), the commands you used to do the things that you've been doing... look at this: http://catb.org/~esr/faqs/smart-questions.html > A false positive is what i think we have here. At this stage I think you're probably right, but as you said you need to be sure. If you're using NSIS, why not just try removing it from the equation? > ... false positive, because that is what i believe we have since > only ClamAV detects it. This seems to conflict with what you said on both Thursday and Friday of last week. > > ... By default, rsync checks only the file size and the last > > modified time. You need to force it to run checksums on the files > > to be sure that actual data changes will be noticed ... > > You already warned me of that privately, and i did answer. I think you must be confusing me with someone else. I didn't reply to you privately, I wouldn't want to do that without your invitation. In general I like to keep this sort of thing on the list, so that others can benefit (that's also why I tend to put more explanation into my posts than apparently you're keen to read. :) > > ... obvious ... how to keep archives ... which cannot be changed > > ... For example ... a write-once-only medium such as CD-ROM ... > > We have self burned DVD-ROM images, and naturally i have scanned > those. With the same result. I did not mean any harm, but i simply > forgot to mention this In this context I'm surprised that anyone would forget to mention that. Remember next time that you use a mailing list that although the readers might be more familiar with some package than you are, they probably aren't clairvoyant. > While it is rather easy to trust what you read in your own source > code, modern software contains a lot of libraries, and lots of tools > are used in the building process. Some of these tools, if not most, > are binary and much harder to 100% prove secure. It's impossible to prove secure. You can be 100% sure that there are security problems in the tools and the libraries that you use. You can take steps to be reasonably confident that faults in the tools are not distributed with your code, but if you distribute binary code from other organizations to your paying customers then I fear you might be taking on maintenance responsibilities which are difficult to perform. At least if you used open source libraries you would have a fighting chance of fixing things if, say, your supplier went out of business. I'm afraid all that is off-topic for this list. > naturally we scan all software going out, the coder machines, the > builder machines, the servers and the DVD burner. But it was last > year. While nothing was found back then, that could just be because > the trojan in question is newly found. Yes, that's just about possible. I think in the circumstances it's unlikley, but you have to reach your own conclusion. Google can be very helpful, and if you'd told us the name of the software packages that you're worried about I could have suggested a few searches. :) > Our intention is to be responsible and investigate until we are 100% > certain nothing is wrong. Excellent. In restrospect, I can understand a reluctance to voice fears about one of your own products in public. I forgive you. :) > This is why i asked, because i dont work with viruses and trojans > all day, like i expect you guys to do. So maybe you knew some method > that i did not think of myself. Just to set you straight on something about users' mailing lists like this one: it's mostly users of the package that are helping each other, although on this list a few of the developers do read the list too. So in my case I'm not knee-deep in viruses all day long, in fact I haven't seen one since November last year - and that was at a customer's site, not one of mine. But you're right, there might be a lot of experienced people reading your post so it's good to ask. It just might be better if you were a little more experienced in asking. :) -- 73, Ged. _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
