Is there a compelling reason for clam to die on a malformed database,
instead of just ignoring the bad line and continuing with all the other
sigs ?
==
Chris Candreva -- [EMAIL PROTECTED] -- (914) 948-3162
WestNet Internet Services of
Hi there,
On Sat, 30 Dec 2006 Stephen Gran wrote:
I have seen freshclam fail several times when run as a daemon, but
all in exactly the same way - stuck in a read() on a network socket.
This problem has been fixed for some time, and I have not seen
another failure since the fix went in.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Christopher X. Candreva wrote:
Is there a compelling reason for clam to die on a malformed database,
instead of just ignoring the bad line and continuing with all the other
sigs ?
Because doing otherwise is a recipe for disaster.
A malformed
On Sat, 30 Dec 2006, Sander Holthaus wrote:
A malformed database points to:
- - serious system malfunction
- - security breach
- - security breach / system malfunction between you and (or at) the
database provider
In my experience, it means a database maintainer who made a simple
On Sat, 2006-12-30 at 14:39 +, G.W. Haywood wrote:
Hi there,
On Sat, 30 Dec 2006 Stephen Gran wrote:
I have seen freshclam fail several times when run as a daemon, but
all in exactly the same way - stuck in a read() on a network socket.
This problem has been fixed for some time,
At 09:19 AM 12/30/2006, Christopher X. Candreva wrote:
How exactly is this better then a possibe false-positive, if a corrupted sig
happens to match some valid piece of mail ?
The maintainers don't distribute corrupted signatures, so if the sig
database is corrupted something is seriously
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Christopher X. Candreva wrote:
On Sat, 30 Dec 2006, Sander Holthaus wrote:
A malformed database points to:
- - serious system malfunction - - security breach - - security
breach / system malfunction between you and (or at) the database
Hi,
Recently I have installed Mandriva 2007. Everything is working fine - but
for each update of ClamAV, one instance of ClamAV is running - as I could
observe from task bar as well as by watching the PID through KSysGuard. Is
it a bug or something to do with ClamAV configuration.
Also, I
Christopher X. Candreva wrote:
In my experience, it means a database maintainer who made a simple mistake
in one line.
I don't think this'll really add anything useful to the discussion
but I've seen that happen in one of the mrsbl
databases.. but there are some small things the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Steve Basford wrote:
Christopher X. Candreva wrote:
In my experience, it means a database maintainer who made a
simple mistake in one line.
I don't think this'll really add anything useful to the
discussion but I've seen that happen in one
Noel Jones wrote:
At 09:19 AM 12/30/2006, Christopher X. Candreva wrote:
How exactly is this better then a possibe false-positive, if a
corrupted sig
happens to match some valid piece of mail ?
The maintainers don't distribute corrupted signatures, so if the sig
database is corrupted
Christopher X. Candreva wrote the following on 12/30/2006 5:50 AM -0800:
Is there a compelling reason for clam to die on a malformed database,
instead of just ignoring the bad line and continuing with all the other
sigs ?
The MSRBL-Images.hdb database started showing up corrupted yesterday
Hi,
First of all, ferry christmas and happy 2007.
I´ve installed an ubuntu server 6.10+squid+dansguardian+kerio mail server.these
software run with clamav antivirus software really fine.
Using apt-get command I installed clamav freshclam.I have programmed to
download new database
On Saturday 30 December 2006 1:50 pm, Bill Landry wrote:
The MSRBL-Images.hdb database started showing up corrupted yesterday and
have continued to show up that way so far today, as well. Use something
like the script I posted here a few weeks ago to test SaneSecurity and
MSRBL databases
On Sat, Dec 30, 2006 at 02:39:35PM +, G.W. Haywood said:
Hi there,
On Sat, 30 Dec 2006 Stephen Gran wrote:
I have seen freshclam fail several times when run as a daemon, but
all in exactly the same way - stuck in a read() on a network socket.
This problem has been fixed for some
On Sat, 30 Dec 2006, Bill Landry wrote:
The MSRBL-Images.hdb database started showing up corrupted yesterday and
This is not the only reason I ask, but the most recent. I have a script that
checks that evidenly has a bug. I can either spend time fixing that, or
fixing clam so it ignores the
Christopher X. Candreva wrote:
On Sat, 30 Dec 2006, Sander Holthaus wrote:
There is no point in using a malformed database and could even spell
disaster. (Imagine it starts generating FP's en masse, which could be
a side effect of a corrupted database).
Having clam die spells disaster.
Sander Holthaus wrote:
A tempfail is not a disaster in most scenarios. You may not be able to
receive mail until it is fixed, but you still get the mail after it is
fixed.
I think that attitude works fine in trivially small email environments.
I don't think it works at all in environments
Stephen Gran wrote:
On Sat, Dec 30, 2006 at 02:39:35PM +, G.W. Haywood said:
Hi there,
On Sat, 30 Dec 2006 Stephen Gran wrote:
I have seen freshclam fail several times when run as a daemon, but
all in exactly the same way - stuck in a read() on a network socket.
This problem has been
On Sat, 30 Dec 2006 14:13:14 -0800
John Rudd [EMAIL PROTECTED] wrote:
For a mission critical environment, it seems like the better behavior
would be:
1) keep the previous db
2) download the new db
3) if the new db is bad, throw an error in the logs/stdout, and keep
functioning propperly
Tomasz Kojm wrote:
On Sat, 30 Dec 2006 14:13:14 -0800
John Rudd [EMAIL PROTECTED] wrote:
For a mission critical environment, it seems like the better behavior
would be:
1) keep the previous db
2) download the new db
3) if the new db is bad, throw an error in the logs/stdout, and keep
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
John Rudd wrote:
Sander Holthaus wrote:
A tempfail is not a disaster in most scenarios. You may not be
able to receive mail until it is fixed, but you still get the
mail after it is fixed.
I think that attitude works fine in trivially small
In message [EMAIL PROTECTED] John Rudd [EMAIL PROTECTED] wrote:
Sander Holthaus wrote:
A tempfail is not a disaster in most scenarios. You may not be able to
receive mail until it is fixed, but you still get the mail after it is
fixed.
I think that attitude works fine in trivially small
Hi All,
95% of all SaneSecurity signature users are finally using the gzipped
compressed phish.ndb.gz database...
so I've now removed all the signatures from the old uncompressed
phish.ndb file and just left one test signature,
so it doesn't break anyone's system phew
FinallyAs the year
Sander Holthaus wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
John Rudd wrote:
Sander Holthaus wrote:
A tempfail is not a disaster in most scenarios. You may not be
able to receive mail until it is fixed, but you still get the
mail after it is fixed.
I think that attitude works fine
Dave Warren wrote:
In message [EMAIL PROTECTED] John Rudd [EMAIL PROTECTED] wrote:
Sander Holthaus wrote:
A tempfail is not a disaster in most scenarios. You may not be able to
receive mail until it is fixed, but you still get the mail after it is
fixed.
I think that attitude works fine in
Steve Basford wrote:
Hi All,
95% of all SaneSecurity signature users are finally using the gzipped
compressed phish.ndb.gz database...
so I've now removed all the signatures from the old uncompressed
phish.ndb file and just left one test signature,
so it doesn't break anyone's system phew
Dave Warren wrote:
In message [EMAIL PROTECTED] John Rudd [EMAIL PROTECTED] wrote:
Sander Holthaus wrote:
A tempfail is not a disaster in most scenarios. You may not be able to
receive mail until it is fixed, but you still get the mail after it is
fixed.
I think that attitude works fine in
On Sat, 30 Dec 2006, Tomasz Kojm wrote:
Freshclam provides this and much more.
Except the ability to operate from a given specific URL pointing to a file.
If the only updates come from freshclam-verified sources it wouldn't be so
bad. The problem comes up that other mechanisims are necessry
Christopher X. Candreva wrote:
On Sat, 30 Dec 2006, Tomasz Kojm wrote:
Freshclam provides this and much more.
Except the ability to operate from a given specific URL pointing to a file.
If the only updates come from freshclam-verified sources it wouldn't be so
bad. The problem comes up
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Dennis Peterson wrote:
Dave Warren wrote:
In message [EMAIL PROTECTED] John Rudd [EMAIL PROTECTED]
wrote:
Sander Holthaus wrote:
A tempfail is not a disaster in most scenarios. You may not
be able to receive mail until it is fixed, but you
Sander Holthaus wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Dennis Peterson wrote:
Dave Warren wrote:
In message [EMAIL PROTECTED] John Rudd [EMAIL PROTECTED]
wrote:
Sander Holthaus wrote:
A tempfail is not a disaster in most scenarios. You may not
be able to receive mail until
On Sat, 30 Dec 2006, Dennis Peterson wrote:
There's no limitation for choosing a URL - you can put anything you like in
the freshclam.conf file. Using the --config-file=FILE option of freshclam in
The only option I see in man freshclam.conf is for a database mirror
server name, not a URL.
Hello Christopher,
Having clam die spells disaster. If you've set your system to tempfail on
clam failure, you can't receive mail until it is fixed.
[snip]
How exactly is this better then a possibe false-positive, if a corrupted sig
happens to match some valid piece of mail ?
It's
On Sun, 31 Dec 2006, Luca Gibelli wrote:
How exactly is this better then a possibe false-positive, if a corrupted
sig
happens to match some valid piece of mail ?
It's better to delay N emails rather than delete N emails.
A false-positive won't delete the mail - it will cause an
Sander Holthaus wrote:
Dennis Peterson wrote:
This is a very naive or at least uninformed position to take on the
monetary significance of email.
The issue is that email never was designed to be used in that
particular fashion.
No offense, but Dennis is right. You're being naive.
* On 30/12/06 08:50 -0500, Christopher X. Candreva wrote:
|
| Is there a compelling reason for clam to die on a malformed database,
| instead of just ignoring the bad line and continuing with all the other
| sigs ?
Nice question. I was going to ask the same after mine kept dying for the
same
37 matches
Mail list logo