date:20181018

Re: [clamav-users] Latest report on update "delays"

2018-10-18 Thread Joel Esler (jesler)

Cloudflare will grab the file from our infrastructure once it's been requested. 
 (Otherwise it wouldn't know it was there, we can't push into Cloudflare.). But 
we have discussed a few ideas internally that I think will fix this, let us try 
a couple things and see if it cuts down on this.

On Oct 18, 2018, at 1:55 PM, Eric Tykwinski 
mailto:eric-l...@truenet.com>> wrote:

As far as I know you don't upload to cloudflare, it's more of how often does
cloudflare check to see if the files have changed.
So you setup a TTL on the check frequency on the cloudflare website.

Since updates are new they should just be pulled when you ask from the main
clam server.
So you ask for daily-25048.cdiff, and Cloudflare will ask Clam's main server
for that file and cache it.

So my guess would be same as the TTL on the DNS check:
current.cvd.clamav.net. 1800IN  TXT
"0.100.2:58:25048:1539883740:1:63:48006:327"
I.E. 30 minutes for older files, and new ones are when they come in.

Sound about right Joel, Micah?

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300

-Original Message-
From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On
Behalf Of Paul Kosinski
Sent: Thursday, October 18, 2018 1:23 PM
To: clamav-users@lists.clamav.net
Subject: Re: [clamav-users] Latest report on update "delays"

How can it take 10, 20 30 or more minutes (and I've seen well over an
hour at times) to upload the ClamAV database to Cloudflare? Does it have
to be uploaded separately (and maybe sequentially) from Cisco to each
Cloudflare mirror? Or is Cloudflare's automatic propagation slow?


On Thu, 18 Oct 2018 16:07:38 +
"Micah Snyder (micasnyd)" mailto:micas...@cisco.com>> wrote:

Hi Paul,

I realize it may look misleading to state that you're up to date when
a newer database has been announced.  However, if the newer database
is still being uploaded to the CDN, it is more accurate to say that
the DNS announcement is premature.

The change to freshclam is an effort to ignore potentially premature
database version numbers listed via DNS.

Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.


On Oct 15, 2018, at 2:26 PM, Paul Kosinski
mailto:clamav-us...@iment.com>>
 wrote:

I don't have time at the present to try out 0.100.2. I am rebuilding
our Web server, which had a disk crash. We have backups, but we need
whole new hardware since the old server had an old 32-bit-only CPU.
Thus a *supported* Linux version will not run, and so a simple disk
replacement was not a viable option. (Unfortunately the new server,
although only a VM, still costs almost 50% more per month than the old
raw hardware, which was adequate, if clunky.)

Back to ClamAV: I don't much like the idea of saying signatures are
"up to date" if only 1 version behind the latest version. Most of the
time that won't matter, but sometimes a really urgent new  signature
comes out and this approach could mislead people into a false sense of
security.



On Thu, 4 Oct 2018 22:27:14 +
"Micah Snyder (micasnyd)"
mailto:micas...@cisco.com>> 
wrote:

Hi Paul,

Thanks for the update.

I am interested to know how freshclam in ClamAV 0.100.2 performs for
you.  I have made some tweaks to make it ignore mirrors for less
time, but more importantly I implemented a change to have it report
"up to date" in the event that the signature version provided by the
mirror is 1 behind what was advertised.  My hope is that this
alleviates the issue.

Respectfully,
Micah


Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.


On Oct 4, 2018, at 4:47 PM, Paul Kosinski
mailto:clamav-us...@iment.com>>>
wrote:

At Joel's suggestion, i have changed our sampling rate looking for
ClamAV cvd updates from 15 minutes down to 1 minute. This gives a
more precise  measurement of how long it takes for the cvd file(s) to
actually become available from Cloudflare after its presence is
"advertised" by the CNS TXT record.

Since these measurements are mainly useful for tuning the ClamAV
servers, I won't in the future post them to clamav-users unless
others besides the ClamAV team find them useful. (Maybe they should
go to the clamav-developers list?)

In any case, here is the latest log of delays. Note that these more
precisely measured delays are not explained as mere 15-minute
quantization errors.

2018-10-02 09:18:02  No delay
2018-10-02 17:18:02  No delay
2018-10-03 01:31:02  00:13:00 delay
2018-10-03 09:42:02  00:24:00 delay
2018-10-03 17:52:02  00:33:59 delay
2018-10-04 01:18:02  No delay
2018-10-04 09:40:01  00:21:59 delay
___
clamav-users mailing list
clamav-users@lists.clamav.net

Re: [clamav-users] /bin/mkdir: cannot create directory ‘/run/clamav’: File exists

2018-10-18 Thread Paul Kosinski

A sad situation. Reindl is a knowledgeable person, and he seemed to
have become less difficult after having been expelled from another
list I subscribe to. I had hoped he had reformed.


On Thu, 18 Oct 2018 16:31:36 +
"Joel Esler (jesler)"  wrote:

> After several complaints in this thread and three others that have
> written me off list, I've gone ahead and made the decision to removed
> Reindl from the ClamAV-users list.  Present conduct on the list is
> reflective of past behavior that he has been warned about.
> 
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Latest report on update "delays"

2018-10-18 Thread Eric Tykwinski

As far as I know you don't upload to cloudflare, it's more of how often does
cloudflare check to see if the files have changed.
So you setup a TTL on the check frequency on the cloudflare website.

Since updates are new they should just be pulled when you ask from the main
clam server.
So you ask for daily-25048.cdiff, and Cloudflare will ask Clam's main server
for that file and cache it.

So my guess would be same as the TTL on the DNS check:
current.cvd.clamav.net. 1800IN  TXT
"0.100.2:58:25048:1539883740:1:63:48006:327"
I.E. 30 minutes for older files, and new ones are when they come in.

Sound about right Joel, Micah?

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300

> -Original Message-
> From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On
> Behalf Of Paul Kosinski
> Sent: Thursday, October 18, 2018 1:23 PM
> To: clamav-users@lists.clamav.net
> Subject: Re: [clamav-users] Latest report on update "delays"
> 
> How can it take 10, 20 30 or more minutes (and I've seen well over an
> hour at times) to upload the ClamAV database to Cloudflare? Does it have
> to be uploaded separately (and maybe sequentially) from Cisco to each
> Cloudflare mirror? Or is Cloudflare's automatic propagation slow?
> 
> 
> On Thu, 18 Oct 2018 16:07:38 +
> "Micah Snyder (micasnyd)"  wrote:
> 
> > Hi Paul,
> >
> > I realize it may look misleading to state that you're up to date when
> > a newer database has been announced.  However, if the newer database
> > is still being uploaded to the CDN, it is more accurate to say that
> > the DNS announcement is premature.
> >
> > The change to freshclam is an effort to ignore potentially premature
> > database version numbers listed via DNS.
> >
> > Micah Snyder
> > ClamAV Development
> > Talos
> > Cisco Systems, Inc.
> >
> >
> > On Oct 15, 2018, at 2:26 PM, Paul Kosinski
> > mailto:clamav-us...@iment.com>> wrote:
> >
> > I don't have time at the present to try out 0.100.2. I am rebuilding
> > our Web server, which had a disk crash. We have backups, but we need
> > whole new hardware since the old server had an old 32-bit-only CPU.
> > Thus a *supported* Linux version will not run, and so a simple disk
> > replacement was not a viable option. (Unfortunately the new server,
> > although only a VM, still costs almost 50% more per month than the old
> > raw hardware, which was adequate, if clunky.)
> >
> > Back to ClamAV: I don't much like the idea of saying signatures are
> > "up to date" if only 1 version behind the latest version. Most of the
> > time that won't matter, but sometimes a really urgent new  signature
> > comes out and this approach could mislead people into a false sense of
> > security.
> >
> >
> >
> > On Thu, 4 Oct 2018 22:27:14 +
> > "Micah Snyder (micasnyd)"
> > mailto:micas...@cisco.com>> wrote:
> >
> > Hi Paul,
> >
> > Thanks for the update.
> >
> > I am interested to know how freshclam in ClamAV 0.100.2 performs for
> > you.  I have made some tweaks to make it ignore mirrors for less
> > time, but more importantly I implemented a change to have it report
> > "up to date" in the event that the signature version provided by the
> > mirror is 1 behind what was advertised.  My hope is that this
> > alleviates the issue.
> >
> > Respectfully,
> > Micah
> >
> >
> > Micah Snyder
> > ClamAV Development
> > Talos
> > Cisco Systems, Inc.
> >
> >
> > On Oct 4, 2018, at 4:47 PM, Paul Kosinski
> > mailto:clamav-
> us...@iment.com>>
> > wrote:
> >
> > At Joel's suggestion, i have changed our sampling rate looking for
> > ClamAV cvd updates from 15 minutes down to 1 minute. This gives a
> > more precise  measurement of how long it takes for the cvd file(s) to
> > actually become available from Cloudflare after its presence is
> > "advertised" by the CNS TXT record.
> >
> > Since these measurements are mainly useful for tuning the ClamAV
> > servers, I won't in the future post them to clamav-users unless
> > others besides the ClamAV team find them useful. (Maybe they should
> > go to the clamav-developers list?)
> >
> > In any case, here is the latest log of delays. Note that these more
> > precisely measured delays are not explained as mere 15-minute
> > quantization errors.
> >
> > 2018-10-02 09:18:02  No delay
> > 2018-10-02 17:18:02  No delay
> > 2018-10-03 01:31:02  00:13:00 delay
> > 2018-10-03 09:42:02  00:24:00 delay
> > 2018-10-03 17:52:02  00:33:59 delay
> > 2018-10-04 01:18:02  No delay
> > 2018-10-04 09:40:01  00:21:59 delay
> > ___
> > clamav-users mailing list
> > clamav-users@lists.clamav.net us...@lists.clamav.net>
> > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> 
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> 
> 
> Help us build a

Re: [clamav-users] Latest report on update "delays"

2018-10-18 Thread Paul Kosinski

How can it take 10, 20 30 or more minutes (and I've seen well over an
hour at times) to upload the ClamAV database to Cloudflare? Does it have
to be uploaded separately (and maybe sequentially) from Cisco to each
Cloudflare mirror? Or is Cloudflare's automatic propagation slow?


On Thu, 18 Oct 2018 16:07:38 +
"Micah Snyder (micasnyd)"  wrote:

> Hi Paul,
> 
> I realize it may look misleading to state that you're up to date when
> a newer database has been announced.  However, if the newer database
> is still being uploaded to the CDN, it is more accurate to say that
> the DNS announcement is premature.
> 
> The change to freshclam is an effort to ignore potentially premature
> database version numbers listed via DNS.
> 
> Micah Snyder
> ClamAV Development
> Talos
> Cisco Systems, Inc.
> 
> 
> On Oct 15, 2018, at 2:26 PM, Paul Kosinski
> mailto:clamav-us...@iment.com>> wrote:
> 
> I don't have time at the present to try out 0.100.2. I am rebuilding
> our Web server, which had a disk crash. We have backups, but we need
> whole new hardware since the old server had an old 32-bit-only CPU.
> Thus a *supported* Linux version will not run, and so a simple disk
> replacement was not a viable option. (Unfortunately the new server,
> although only a VM, still costs almost 50% more per month than the old
> raw hardware, which was adequate, if clunky.)
> 
> Back to ClamAV: I don't much like the idea of saying signatures are
> "up to date" if only 1 version behind the latest version. Most of the
> time that won't matter, but sometimes a really urgent new  signature
> comes out and this approach could mislead people into a false sense of
> security.
> 
> 
> 
> On Thu, 4 Oct 2018 22:27:14 +
> "Micah Snyder (micasnyd)"
> mailto:micas...@cisco.com>> wrote:
> 
> Hi Paul,
> 
> Thanks for the update.
> 
> I am interested to know how freshclam in ClamAV 0.100.2 performs for
> you.  I have made some tweaks to make it ignore mirrors for less
> time, but more importantly I implemented a change to have it report
> "up to date" in the event that the signature version provided by the
> mirror is 1 behind what was advertised.  My hope is that this
> alleviates the issue.
> 
> Respectfully,
> Micah
> 
> 
> Micah Snyder
> ClamAV Development
> Talos
> Cisco Systems, Inc.
> 
> 
> On Oct 4, 2018, at 4:47 PM, Paul Kosinski
> mailto:clamav-us...@iment.com>>
> wrote:
> 
> At Joel's suggestion, i have changed our sampling rate looking for
> ClamAV cvd updates from 15 minutes down to 1 minute. This gives a
> more precise  measurement of how long it takes for the cvd file(s) to
> actually become available from Cloudflare after its presence is
> "advertised" by the CNS TXT record.
> 
> Since these measurements are mainly useful for tuning the ClamAV
> servers, I won't in the future post them to clamav-users unless
> others besides the ClamAV team find them useful. (Maybe they should
> go to the clamav-developers list?)
> 
> In any case, here is the latest log of delays. Note that these more
> precisely measured delays are not explained as mere 15-minute
> quantization errors.
> 
> 2018-10-02 09:18:02  No delay
> 2018-10-02 17:18:02  No delay
> 2018-10-03 01:31:02  00:13:00 delay
> 2018-10-03 09:42:02  00:24:00 delay
> 2018-10-03 17:52:02  00:33:59 delay
> 2018-10-04 01:18:02  No delay
> 2018-10-04 09:40:01  00:21:59 delay
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Freshclam can't use HTTPS with PrivateMirror?

2018-10-18 Thread Sean

Thanks for the update Micah!  While I'm not a developer, libcurl would
seem to be the way to go.  We use other software based on it and it
works very well with SSL validation especially in areas where
self-signed or not publicly trusted CAs are used (assuming that the
local system's pki is trusting the CAs correctly).

--Sean
On Thu, Oct 18, 2018 at 12:23 PM Micah Snyder (micasnyd)
 wrote:
>
> Hi Sean,
>
> Sorry to say -- freshclam presently doesn't support HTTPS.  It is not simply 
> a matter of connecting over port 443 and performing TLS encryption 
> handshakes.  Certificate validation is also required.  We're considering 
> rewriting a lot of freshclam code to use libcurl to handle HTTPS connections, 
> but feature planning for 0.102 is not complete and I can't promise that it 
> will make it the next version of ClamAV.
>
> Regards,
> Micah
>
> Micah Snyder
> ClamAV Development
> Talos
> Cisco Systems, Inc.
>
>
> On Oct 17, 2018, at 10:51 AM, Sean  wrote:
>
> Hi,
> I'm new to the list, but have been using clam for a good while, it's
> just always worked :)
>
> We have created a private mirror of clam data updates on a network
> that is not Internet connected.  We are required to encrypt network
> traffic, e.g. the mirror server must redirect http -> https.  I was
> hoping to configure freshclam.conf to use the PrivateMirror setting as
> detailed at 
> https://github.com/Cisco-Talos/clamav-faq/blob/master/mirrors/CvdPrivateMirror.md
> Option #2.  We wish to go with #2, because we will not control all
> clients, and it will be simpler to user freshclam with proper
> configuration than having to support clients configuring a custom
> script and having the right things installed to run it.
>
> I see in the code
> (https://github.com/Cisco-Talos/clamav-devel/blob/dev/0.101/freshclam/manager.c#L225)
> that unless a proxy is used, the port is hard coded to 80.
>
> Is there a reason for this?  Should I file a bug?  I would think that
> utilizing https as much as possible would be a good idea.
>
> Thanks!
>
> --Sean
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
>
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Latest report on update "delays"

2018-10-18 Thread Joel Esler (jesler)

The DNS announcement is made as the last step in the process.  The lag that may 
be seen is the lag in between when the DNS update is posted, and before the 
file is pushed out to the Tier 1 CDN servers.  It has to be requested at the 
CDN server before it is cached.



On Oct 18, 2018, at 12:07 PM, Micah Snyder (micasnyd) 
mailto:micas...@cisco.com>> wrote:

Hi Paul,

I realize it may look misleading to state that you're up to date when a newer 
database has been announced.  However, if the newer database is still being 
uploaded to the CDN, it is more accurate to say that the DNS announcement is 
premature.

The change to freshclam is an effort to ignore potentially premature database 
version numbers listed via DNS.

Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.


On Oct 15, 2018, at 2:26 PM, Paul Kosinski 
mailto:clamav-us...@iment.com>> wrote:

I don't have time at the present to try out 0.100.2. I am rebuilding
our Web server, which had a disk crash. We have backups, but we need
whole new hardware since the old server had an old 32-bit-only CPU.
Thus a *supported* Linux version will not run, and so a simple disk
replacement was not a viable option. (Unfortunately the new server,
although only a VM, still costs almost 50% more per month than the old
raw hardware, which was adequate, if clunky.)

Back to ClamAV: I don't much like the idea of saying signatures are "up
to date" if only 1 version behind the latest version. Most of the time
that won't matter, but sometimes a really urgent new  signature comes
out and this approach could mislead people into a false sense of
security.



On Thu, 4 Oct 2018 22:27:14 +
"Micah Snyder (micasnyd)" mailto:micas...@cisco.com>> wrote:

Hi Paul,

Thanks for the update.

I am interested to know how freshclam in ClamAV 0.100.2 performs for
you.  I have made some tweaks to make it ignore mirrors for less
time, but more importantly I implemented a change to have it report
"up to date" in the event that the signature version provided by the
mirror is 1 behind what was advertised.  My hope is that this
alleviates the issue.

Respectfully,
Micah


Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.


On Oct 4, 2018, at 4:47 PM, Paul Kosinski
mailto:clamav-us...@iment.com>>
 wrote:

At Joel's suggestion, i have changed our sampling rate looking for
ClamAV cvd updates from 15 minutes down to 1 minute. This gives a
more precise  measurement of how long it takes for the cvd file(s) to
actually become available from Cloudflare after its presence is
"advertised" by the CNS TXT record.

Since these measurements are mainly useful for tuning the ClamAV
servers, I won't in the future post them to clamav-users unless
others besides the ClamAV team find them useful. (Maybe they should
go to the clamav-developers list?)

In any case, here is the latest log of delays. Note that these more
precisely measured delays are not explained as mere 15-minute
quantization errors.

2018-10-02 09:18:02  No delay
2018-10-02 17:18:02  No delay
2018-10-03 01:31:02  00:13:00 delay
2018-10-03 09:42:02  00:24:00 delay
2018-10-03 17:52:02  00:33:59 delay
2018-10-04 01:18:02  No delay
2018-10-04 09:40:01  00:21:59 delay
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] /bin/mkdir: cannot create directory ‘/run/clamav’: File exists

2018-10-18 Thread Joel Esler (jesler)

After several complaints in this thread and three others that have written me 
off list, I've gone ahead and made the decision to removed Reindl from the 
ClamAV-users list.  Present conduct on the list is reflective of past behavior 
that he has been warned about.

--
Joel Esler
Manager, Communities Division
Cisco Talos Intelligence Group
http://www.talosintelligence.com

On Oct 17, 2018, at 12:20 PM, Reindl Harald 
mailto:h.rei...@thelounge.net>> wrote:



Am 17.10.18 um 18:11 schrieb Dino Edwards:
Get real. When I and others called you out, you decided to put a little more 
detail to cover the obvious fact that you were just trying to be a dick.

The important thing you fail to understand that I did NOT write the script to 
start the service. So any "mkdir/chown dance" as you put it, was NOT done by 
me, but rather the package maintainer. This USED to work in previous 
Ubuntu/clamd version, now it no longer works. So, I'm trying to figure out why 
it's not working and if I should bring this up in the appropriate Ubuntu forum.

if the unit is not written by you, comes from Ubuntu and now stopped
working guess what: you should have contacted the appropriate Ubuntu
forum to start with

i just pointed out that i am suprised after that many years that one
still don't know about /run and how to handle it properly and frankly:
when you don#t undertsan dthe "directory already exists" message and ask
here insetad jump on the packager with did this bullshit and *pretty
clear* did even not try to restart his damned unit a single time how
should one help you?


-Original Message-
From: Reindl Harald [mailto:h.rei...@thelounge.net]
Sent: Wednesday, October 17, 2018 11:39 AM
To: ClamAV users ML 
mailto:clamav-users@lists.clamav.net>>; Dino 
Edwards mailto:dino.edwa...@mydirectmail.net>>; 
gblo...@eclipso.eu
Subject: Re: [clamav-users] /bin/mkdir: cannot create directory ‘/run/clamav’: 
File exists

Am 17.10.18 um 14:33 schrieb Dino Edwards:
How about you contribute something of value to this discussion instead of a 
link about how this was added in Linux 7 years ago so you can show everyone how 
clever you are.

i contributed the link which explains how these folders are supposed to get 
created at boot and any mkdir/chown dance is plain wrong - it's not my fault 
that you don't recognize input when you get it 
https://www.freedesktop.org/software/systemd/man/tmpfiles.d.html

and if one insists in "ExecStartPre=/bin/mkdir /run/clamav" he should make it 
proper as "ExecStartPre=-/bin/mkdir /run/clamav" which don't fail the whole 
service in case the directory already exists

-Original Message-
From: Reindl Harald [mailto:h.rei...@thelounge.net]
Sent: Wednesday, October 17, 2018 8:29 AM
To: ClamAV users ML 
mailto:clamav-users@lists.clamav.net>>; Dino 
Edwards
mailto:dino.edwa...@mydirectmail.net>>
Subject: Re: [clamav-users] /bin/mkdir: cannot create directory
‘/run/clamav’: File exists


Am 17.10.18 um 13:12 schrieb Dino Edwards:
Good morning?

what about read posted links and don't strip context?

/run was introduced 7 years ago and the discussion about it made it to
every it news portal and that's what i mean when somebody is surprised
that /run is a tmpfs available at early boot which also means you need
to make sure folders there are created at boot

https://www.freedesktop.org/software/systemd/man/tmpfiles.d.html

Am 16.10.18 um 19:12 schrieb Dino Edwards:
good morning in 2018


 Weitergeleitete Nachricht 

Am 16.10.18 um 19:12 schrieb Dino Edwards:
Answering my own question on the /var/run and the /run directories.
There is a link between the two
good morning in 2018

http://www.h-online.com/open/news/item/Linux-distributions-to-include-
run-directory-1219006.html
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] clamsubmit error

2018-10-18 Thread Micah Snyder (micasnyd)

Hi Luca,

What version of ClamAV are you using?

Clamsubmit is broken in older versions of ClamAV but should be working in 
v0.100.1+


Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.


On Oct 18, 2018, at 5:28 AM, Luca Moscato 
mailto:l...@funambol.com>> wrote:

Hi there! Got the (almost) same issue here.

We gather all malwares from Das Malwerk and scan it with clamav, we wanted to 
submit all false negtive we found but using clamsubmit this way

clamsubmit -n /home/luca/malware/d77aca7d-f9f1-11e7-b482-80e65024849a.file -N 
luca -e l...@funambol.com

I receive:



302 Found

Found
The document has moved http://www.clamav.net/sendmalware.cgi;>here.


Is it expected?


Thanks

Luca

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Freshclam can't use HTTPS with PrivateMirror?

2018-10-18 Thread Micah Snyder (micasnyd)

Hi Sean,

Sorry to say -- freshclam presently doesn't support HTTPS.  It is not simply a 
matter of connecting over port 443 and performing TLS encryption handshakes.  
Certificate validation is also required.  We're considering rewriting a lot of 
freshclam code to use libcurl to handle HTTPS connections, but feature planning 
for 0.102 is not complete and I can't promise that it will make it the next 
version of ClamAV.

Regards,
Micah

Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.


On Oct 17, 2018, at 10:51 AM, Sean 
mailto:smalde...@gmail.com>> wrote:

Hi,
I'm new to the list, but have been using clam for a good while, it's
just always worked :)

We have created a private mirror of clam data updates on a network
that is not Internet connected.  We are required to encrypt network
traffic, e.g. the mirror server must redirect http -> https.  I was
hoping to configure freshclam.conf to use the PrivateMirror setting as
detailed at 
https://github.com/Cisco-Talos/clamav-faq/blob/master/mirrors/CvdPrivateMirror.md
Option #2.  We wish to go with #2, because we will not control all
clients, and it will be simpler to user freshclam with proper
configuration than having to support clients configuring a custom
script and having the right things installed to run it.

I see in the code
(https://github.com/Cisco-Talos/clamav-devel/blob/dev/0.101/freshclam/manager.c#L225)
that unless a proxy is used, the port is hard coded to 80.

Is there a reason for this?  Should I file a bug?  I would think that
utilizing https as much as possible would be a good idea.

Thanks!

--Sean
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Latest report on update "delays"

2018-10-18 Thread Micah Snyder (micasnyd)

Hi Paul,

I realize it may look misleading to state that you're up to date when a newer 
database has been announced.  However, if the newer database is still being 
uploaded to the CDN, it is more accurate to say that the DNS announcement is 
premature.

The change to freshclam is an effort to ignore potentially premature database 
version numbers listed via DNS.

Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.


On Oct 15, 2018, at 2:26 PM, Paul Kosinski 
mailto:clamav-us...@iment.com>> wrote:

I don't have time at the present to try out 0.100.2. I am rebuilding
our Web server, which had a disk crash. We have backups, but we need
whole new hardware since the old server had an old 32-bit-only CPU.
Thus a *supported* Linux version will not run, and so a simple disk
replacement was not a viable option. (Unfortunately the new server,
although only a VM, still costs almost 50% more per month than the old
raw hardware, which was adequate, if clunky.)

Back to ClamAV: I don't much like the idea of saying signatures are "up
to date" if only 1 version behind the latest version. Most of the time
that won't matter, but sometimes a really urgent new  signature comes
out and this approach could mislead people into a false sense of
security.



On Thu, 4 Oct 2018 22:27:14 +
"Micah Snyder (micasnyd)" mailto:micas...@cisco.com>> wrote:

Hi Paul,

Thanks for the update.

I am interested to know how freshclam in ClamAV 0.100.2 performs for
you.  I have made some tweaks to make it ignore mirrors for less
time, but more importantly I implemented a change to have it report
"up to date" in the event that the signature version provided by the
mirror is 1 behind what was advertised.  My hope is that this
alleviates the issue.

Respectfully,
Micah


Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.


On Oct 4, 2018, at 4:47 PM, Paul Kosinski
mailto:clamav-us...@iment.com>>
 wrote:

At Joel's suggestion, i have changed our sampling rate looking for
ClamAV cvd updates from 15 minutes down to 1 minute. This gives a
more precise  measurement of how long it takes for the cvd file(s) to
actually become available from Cloudflare after its presence is
"advertised" by the CNS TXT record.

Since these measurements are mainly useful for tuning the ClamAV
servers, I won't in the future post them to clamav-users unless
others besides the ClamAV team find them useful. (Maybe they should
go to the clamav-developers list?)

In any case, here is the latest log of delays. Note that these more
precisely measured delays are not explained as mere 15-minute
quantization errors.

2018-10-02 09:18:02  No delay
2018-10-02 17:18:02  No delay
2018-10-03 01:31:02  00:13:00 delay
2018-10-03 09:42:02  00:24:00 delay
2018-10-03 17:52:02  00:33:59 delay
2018-10-04 01:18:02  No delay
2018-10-04 09:40:01  00:21:59 delay
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] /bin/mkdir: cannot create directory ‘/run/clamav’: File exists

2018-10-18 Thread Reindl Harald



Am 17.10.18 um 18:21 schrieb Dino Edwards:
> ExecStartPre=-/bin/mkdir /run/clamav
> ExecStartPre=/bin/chown clamav /run/clamav

you don't get an error, an error is when the service don't start

"If I delete the /var/run/clamav directory, I don’t get the error, but
if I restart clamd again I get the error again. I’m not sure what the
problem is" - idiot there is no problem

"ExecStartPre=-/bin/mkdir /run/clamav" is prefixed with - so that the
service don't fail in case the directory exists and "mkdir" natuarlly
fails when a directory already exists

when you delete the directory - guess what - it get created and no
warning - frankly this is not a clamav topic at all but lack of basic
understanding of your system
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] /bin/mkdir: cannot create directory ‘/run/clamav’: File exists

2018-10-18 Thread Reindl Harald



Am 17.10.18 um 18:11 schrieb Dino Edwards:
> Get real. When I and others called you out, you decided to put a little more 
> detail to cover the obvious fact that you were just trying to be a dick.
> 
> The important thing you fail to understand that I did NOT write the script to 
> start the service. So any "mkdir/chown dance" as you put it, was NOT done by 
> me, but rather the package maintainer. This USED to work in previous 
> Ubuntu/clamd version, now it no longer works. So, I'm trying to figure out 
> why it's not working and if I should bring this up in the appropriate Ubuntu 
> forum.

if the unit is not written by you, comes from Ubuntu and now stopped
working guess what: you should have contacted the appropriate Ubuntu
forum to start with

i just pointed out that i am suprised after that many years that one
still don't know about /run and how to handle it properly and frankly:
when you don#t undertsan dthe "directory already exists" message and ask
here insetad jump on the packager with did this bullshit and *pretty
clear* did even not try to restart his damned unit a single time how
should one help you?


> -Original Message-
> From: Reindl Harald [mailto:h.rei...@thelounge.net] 
> Sent: Wednesday, October 17, 2018 11:39 AM
> To: ClamAV users ML ; Dino Edwards 
> ; gblo...@eclipso.eu
> Subject: Re: [clamav-users] /bin/mkdir: cannot create directory 
> ‘/run/clamav’: File exists
>  
> Am 17.10.18 um 14:33 schrieb Dino Edwards:
>> How about you contribute something of value to this discussion instead of a 
>> link about how this was added in Linux 7 years ago so you can show everyone 
>> how clever you are. 
> 
> i contributed the link which explains how these folders are supposed to get 
> created at boot and any mkdir/chown dance is plain wrong - it's not my fault 
> that you don't recognize input when you get it 
> https://www.freedesktop.org/software/systemd/man/tmpfiles.d.html
> 
> and if one insists in "ExecStartPre=/bin/mkdir /run/clamav" he should make it 
> proper as "ExecStartPre=-/bin/mkdir /run/clamav" which don't fail the whole 
> service in case the directory already exists
> 
>> -Original Message-
>> From: Reindl Harald [mailto:h.rei...@thelounge.net]
>> Sent: Wednesday, October 17, 2018 8:29 AM
>> To: ClamAV users ML ; Dino Edwards 
>> 
>> Subject: Re: [clamav-users] /bin/mkdir: cannot create directory 
>> ‘/run/clamav’: File exists
>>
>>
>> Am 17.10.18 um 13:12 schrieb Dino Edwards:
>>> Good morning? 
>>
>> what about read posted links and don't strip context?
>>
>> /run was introduced 7 years ago and the discussion about it made it to 
>> every it news portal and that's what i mean when somebody is surprised 
>> that /run is a tmpfs available at early boot which also means you need 
>> to make sure folders there are created at boot
>>
>> https://www.freedesktop.org/software/systemd/man/tmpfiles.d.html
>>
>>> Am 16.10.18 um 19:12 schrieb Dino Edwards:
 good morning in 2018
>>
>>
>>  Weitergeleitete Nachricht 
>>
>> Am 16.10.18 um 19:12 schrieb Dino Edwards:
>>> Answering my own question on the /var/run and the /run directories.
>>> There is a link between the two
>> good morning in 2018
>>
>> http://www.h-online.com/open/news/item/Linux-distributions-to-include-
>> run-directory-1219006.html
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] /bin/mkdir: cannot create directory ‘/run/clamav’: File exists

2018-10-18 Thread Reindl Harald



Am 17.10.18 um 14:33 schrieb Dino Edwards:
> How about you contribute something of value to this discussion instead of a 
> link about how this was added in Linux 7 years ago so you can show everyone 
> how clever you are. 

i contributed the link which explains how these folders are supposed to
get created at boot and any mkdir/chown dance is plain wrong - it's not
my fault that you don't recognize input when you get it
https://www.freedesktop.org/software/systemd/man/tmpfiles.d.html

and if one insists in "ExecStartPre=/bin/mkdir /run/clamav" he should
make it proper as "ExecStartPre=-/bin/mkdir /run/clamav" which don't
fail the whole service in case the directory already exists

> -Original Message-
> From: Reindl Harald [mailto:h.rei...@thelounge.net] 
> Sent: Wednesday, October 17, 2018 8:29 AM
> To: ClamAV users ML ; Dino Edwards 
> 
> Subject: Re: [clamav-users] /bin/mkdir: cannot create directory 
> ‘/run/clamav’: File exists
> 
> 
> Am 17.10.18 um 13:12 schrieb Dino Edwards:
>> Good morning? 
> 
> what about read posted links and don't strip context?
> 
> /run was introduced 7 years ago and the discussion about it made it to every 
> it news portal and that's what i mean when somebody is surprised that /run is 
> a tmpfs available at early boot which also means you need to make sure 
> folders there are created at boot
> 
> https://www.freedesktop.org/software/systemd/man/tmpfiles.d.html
> 
>> Am 16.10.18 um 19:12 schrieb Dino Edwards:
>>> good morning in 2018
> 
> 
>  Weitergeleitete Nachricht 
> 
> Am 16.10.18 um 19:12 schrieb Dino Edwards:
>> Answering my own question on the /var/run and the /run directories.
>> There is a link between the two
> good morning in 2018
> 
> http://www.h-online.com/open/news/item/Linux-distributions-to-include-run-directory-1219006.html
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] /bin/mkdir: cannot create directory ‘/run/clamav’: File exists

2018-10-18 Thread Reindl Harald




Am 17.10.18 um 13:12 schrieb Dino Edwards:
> Good morning? 

what about read posted links and don't strip context?

/run was introduced 7 years ago and the discussion about it made it to
every it news portal and that's what i mean when somebody is surprised
that /run is a tmpfs available at early boot which also means you need
to make sure folders there are created at boot

https://www.freedesktop.org/software/systemd/man/tmpfiles.d.html

> Am 16.10.18 um 19:12 schrieb Dino Edwards:
>> good morning in 2018


 Weitergeleitete Nachricht 

Am 16.10.18 um 19:12 schrieb Dino Edwards:
> Answering my own question on the /var/run and the /run directories.
> There is a link between the two
good morning in 2018

http://www.h-online.com/open/news/item/Linux-distributions-to-include-run-directory-1219006.html
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] /bin/mkdir: cannot create directory ‘/run/clamav’: File exists

2018-10-18 Thread Reindl Harald



Am 16.10.18 um 19:12 schrieb Dino Edwards:
> Answering my own question on the /var/run and the /run directories.
> There is a link between the two
good morning in 2018

http://www.h-online.com/open/news/item/Linux-distributions-to-include-run-directory-1219006.html
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV Central Management tools

2018-10-18 Thread Simon Hobson

Robert Schetterer  wrote:

> Div monitors should be fine to code for such things
> like monit, munin, xymon, icinga, nagios , zabbix etc

Nagios has a plugin for it (someone's already done the coding), I used to use 
it at my last job.

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] /bin/mkdir: cannot create directory ?/run/clamav?: File exists

2018-10-18 Thread Dino Edwards

I already did that before I posted that I couldn't find it. Probably missed it, 
regardless the issue has been resolved. 

http://lists.clamav.net/pipermail/clamav-users/2018-October/thread.html

Thanks for trying.

Dino

-Original Message-
From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On Behalf Of 
G.W. Haywood
Sent: Thursday, October 18, 2018 8:22 AM
To: clamav-users@lists.clamav.net
Subject: Re: [clamav-users] /bin/mkdir: cannot create directory ?/run/clamav?: 
File exists

Hi there,

On Wed, 17 Oct 2018, Dino Edwards wrote:

> I got a response from someone about this error but I can?t seem to 
> find their email.

Sigh.  That would have been from me:

Date: Wed, 10 Oct 2018 19:06:07 +0100 (BST)
From: G.W. Haywood 
To: clamav-users@lists.clamav.net
Subject: Re: /bin/mkdir: cannot create directory ?/run/clamav?: File exists

Check the list archives.  I'm not going to give you a direct link to the post 
here because I want you to do some work, and in the process teach yourself 
something about mailing lists.

-- 

73,
Ged.
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] /bin/mkdir: cannot create directory ?/run/clamav?: File exists

2018-10-18 Thread G.W. Haywood


Hi there,

On Wed, 17 Oct 2018, Dino Edwards wrote:


I got a response from someone about this error but I can?t seem to
find their email.


Sigh.  That would have been from me:

Date: Wed, 10 Oct 2018 19:06:07 +0100 (BST)
From: G.W. Haywood 
To: clamav-users@lists.clamav.net
Subject: Re: /bin/mkdir: cannot create directory ?/run/clamav?: File exists

Check the list archives.  I'm not going to give you a direct link to
the post here because I want you to do some work, and in the process
teach yourself something about mailing lists.

--

73,
Ged.
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] clamsubmit error

2018-10-18 Thread Luca Moscato


Hi there! Got the (almost) same issue here.

We gather all malwares from Das Malwerk and scan it with clamav, we 
wanted to submit all false negtive we found but using clamsubmit this way


clamsubmit -n 
/home/luca/malware/d77aca7d-f9f1-11e7-b482-80e65024849a.file -N luca -e 
l...@funambol.com


I receive:



302 Found

Found
The document has moved href="http://www.clamav.net/sendmalware.cgi;>here.



Is it expected?


Thanks

Luca

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Latest report on update "delays"

Re: [clamav-users] /bin/mkdir: cannot create directory ‘/run/clamav’: File exists

Re: [clamav-users] Latest report on update "delays"

Re: [clamav-users] Latest report on update "delays"

Re: [clamav-users] Freshclam can't use HTTPS with PrivateMirror?

Re: [clamav-users] Latest report on update "delays"

Re: [clamav-users] /bin/mkdir: cannot create directory ‘/run/clamav’: File exists

Re: [clamav-users] clamsubmit error

Re: [clamav-users] Freshclam can't use HTTPS with PrivateMirror?

Re: [clamav-users] Latest report on update "delays"

Re: [clamav-users] /bin/mkdir: cannot create directory ‘/run/clamav’: File exists

Re: [clamav-users] /bin/mkdir: cannot create directory ‘/run/clamav’: File exists

Re: [clamav-users] /bin/mkdir: cannot create directory ‘/run/clamav’: File exists

Re: [clamav-users] /bin/mkdir: cannot create directory ‘/run/clamav’: File exists

Re: [clamav-users] /bin/mkdir: cannot create directory ‘/run/clamav’: File exists

Re: [clamav-users] ClamAV Central Management tools

Re: [clamav-users] /bin/mkdir: cannot create directory ?/run/clamav?: File exists

Re: [clamav-users] /bin/mkdir: cannot create directory ?/run/clamav?: File exists

Re: [clamav-users] clamsubmit error

19 matches

Site Navigation

Mail list logo

Footer information