Re: [Clamav-users] Cherishing my ignorance - An appeal to package rs
On Fri, 2006-11-10 at 11:06 -0500, Jim Maul wrote: In fact, apache, a far more common application than ClamAV, requires vastly more after-install configuration and management effort than does ClamAV, so his premise is farcical. Yes, but will it WORK without this after-install configuration and management? Yes, it will. I promised myself I wouldn't stick my nose into this overgrown monstrosity of a thread, but I cannot resist. I don't condone ignorance, nor do I condone elitism, but in this particular instance I see a rather large point being missed by the OP's sympathisers. If I remember rightly, when I installed ClamAV on Gentoo, it did just work - in the sense that I could run /etc/init.d/clamd start and ClamD would start, and in the sense that the library and header files were installed in sane locations. However... nothing was actually scanning anything for viruses! ClamAV is a toolkit and a service, not a mail scanner or a web-page scanner or an on-access file scanner in its own right. It's one thing having a package that installs and works, but working from a functional point of view is a separate issue from doing what the user wants. The critical point here is that what the user wants can be one of an unlimited number of things, precisely because ClamAV is a means to an end, not the end itself. Those familiar with Windows may think of it this way: ClamAV itself is more like a collection of DLLs, and NOT - for example - an end-product like Norton AntiVirus. (Yes, I am aware of ClamWin, but we are debating the ClamAV package itself here. The two are not the same product.) -- Philip Allison Developer SmoothWall Ltd. - http://www.smoothwall.net/ This email and any attachments transmitted with it are confidential to the intended recipient(s) and may not be communicated to any other person or published by any means without the express permission of SmoothWall Ltd. Any views expressed in this message are solely those of the author. See http://www.smoothwall.net/emailnotice.html for the full text of this notice. This email has been processed by SmoothZap - www.smoothwall.net ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Cherishing my ignorance - An appeal to package rs
On Fri, 10 Nov 2006 at 1:14:38 +, Stephen Gran wrote: On Thu, Nov 09, 2006 at 07:23:22PM -0500, Tom Metro said: [...] It would also be nice to see the project leaders show a better attitude towards package maintainers. Not to say they necessarily have a poor attitude towards them, but there wasn't anything positive put forth in this thread. See below :-) . [...] Speaking as a downstream packager, I have always had a very good relationship with all of the clamav team members, except when I manage to put my foot in my mouth. They have always been curteous, respectful, and willing to accomodate issues that arise from the specific wierdnesses of working within distro restraints. Even when I manage to put my foot in my mouth, they have managed to have the good grace to forget reasonably quickly :) [...] I don't think that the rest of the team can deny my statement below: :-) As a member of the ClamAV team and a Debian user I am *very* glad that Stephen Gran is the Debian maintainer of the ClamAV packages. He has always been very kind, helpful, competent and patient. He reacts quickly to various problems/questions related to his packages and to updates/fixes of the code. And he possesses a sense of humour :-) . We highly appreciate Stephen's work. -- Tomasz PapszunSysAdm @ TP S.A. Lodz, Poland| And it's only tomek at lodz.tpsa.pl http://www.lodz.tpsa.pl/iso/ | ones and zeros. tomek at clamav.net http://www.ClamAV.net/ A GPL virus scanner ___ http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] Cherishing my ignorance - An appeal to package rs
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dennis Peterson Sent: vrijdag 10 november 2006 2:28 To: clamav-users@lists.clamav.net Subject: Re: [Clamav-users] Cherishing my ignorance - An appeal to package rs If one cannot do what is needed to install and maintain a product one should hire it out or find another product. In general, there's an attitude prevalent in the UNIX world, like: If you cannot do this-or-that, then get your whiney ass back to Windoze. As is the attitude of others to eagerly jump in with the grandstanding, so as to associate themselves with the real UNIX folks. Is that the case here, though? I think not. Rude as it may sound (and is sometimes really worded that way, too), there's truly not a way to get around having a minimal familiarity with installing stuff. For instance, when I was upgrading to an earlier version of clamav, sigtool appeared to need a newer version of the libgmp math library. Then you just need to do that. It's a bit of work. But what's the alternative? Ask sigtool not to use it? It needs it; so, if you want it, install it. Period. And when it said that curl was still compiled against an earlier version of openssl, and might conflict, then too, you just need to do what an admin does: his job. :) Getting back to my opening paragraph, I have on occasion noticed that requests for easier installation are met with somewhat crabby answers here. But the reality remains that you're all admins: it's no more unreasonable to ask of a cobbler that he knows how to mend shoes, then it is to ask of an admin that his knowledge of installing packages extend beyond just point-and-click. Not that I never asked a question here; but I think there's a difference between asking a normal question, and cherishing one's ignorance. - Mark ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Cherishing my ignorance - An appeal to package rs
On Nov 9, 2006, at 2:09 PM, Jim Redman wrote: Folks, I have to say, of all the lists I subscribe to, the vocal members of this list are the most arrogant and insulting. However, I consider comments such as Luca Gibelli's, bandwidth wasting, We are happy to suffer this loss. and Dennis Peterson's His specific problem is he lacks the skill to install and manage the product reflect more about the person making the comment, rather than the target. You're forgetting one detail that probably was the most provoking, though. He started right off saying he cherishes his ignorance. How many of our problems as sysadmins come from user ignorance? How much worse is it when you have to deal with another peer's ignorance, and worse yet, WILLFUL ignorance? Hi, I'm hired to do a complicated and skillful job as a sysadmin, but want to know nothing about how or why this software stuff works...can you help me? By, like, doing it for me? If he was asking for help or proposing a reform without expressly saying the driving reason was because he wanted to know nothing about how it worked or how to install it or even how to properly tune it to keep from annoying fellow mail sysadmins on nearby networks, it wouldn't have elicited such a venomous response from an open source group. These people working on ClamAV aren't, to my knowledge, paid to make the program or keep it up to date, let alone make the installer and front-end interfaces the most polished. They are programmers doing this in their spare time to try to make a usable product for their peers. And you're surprised that unpaid programmers and sysadmins having to routinely deal with problems that are often linked to end-user ignorance would get a little ticked when getting a question from someone saying they're a sysadmin who wants to remain clueless? More often than not the way to get respect among that little social club is to try learning things and expanding your knowledge through your questions, not chastising them because they're doing something that forces you to learn something about why and how your system works. I would also consider the prevalent attitude misplaced and wrong, and before you berate me for knowing nothing, let me say this I've been managing mail systems on Linux since the late 1.x releases and build and support embedded Linux distros. If you're following the logic here, that still doesn't prove that I know much, but at least I have some background... Personally, I didn't mean to say that you're someone who knows *nothing* about Linux or Unix. I don't know what your specialty is. My personal belief is that there are very few gurus who know all there is to know about hardware and software administration...sysadmins specialize or they tend to have superficial knowledge of a wide array of topics. A mail admin may know about spam filtering, viruses flying around the Internet, Postfix vs. Qmail, etc., while knowing little about DDR RAM or the next-gen processors slated for release from Intel. At the same time, you shouldn't be willfully ignorant about the topics related to your field and have no desire to learn more since you don't know when that knowledge will be handy. Sysadmins supposedly carry on the spirit of the original hackers, and the hallmark was curiosity and willingness to learn new things. Proclaiming a desire to be ignorant does not win brownie points among those he was asking for help. Somewhere between my teenage years and now, I have enough experience to realize that I don't know everything. I can't create faster/better optimized programs using assembler than a high level language, and I'm not the worlds most knowledgeable Linux security expert. The many packages that make up Linux are better understood by those who created and maintain them and these people are the most qualified to produce secure configurations of these packages. Even if I DID understand a package better than the maintainer, or have a better grasp of security than the person producing configuration, I would recognize that having more people look at the configuration WILL improve the system. This is one of the basic arguments of Eric Raymond's The Cathedral and the Bazaar http://www.firstmonday.org/issues/issue3_3/raymond/ Which is fine...no one, I believe, was arguing against this idea. They did seem to take offense to the attitude of Hello fellow sysadmins, can you improve this packager so I don't need to know anything about it, just drop it in place and bingo everything works? I'll further encourage these efforts because, having done this for a while, I realize that it _IS_ now possible for someone who knows almost nothing about Linux administration to take a distro, install it, update it using one of the package managers and have a secure, if sub-optimal installation, taking the defaults at
Re: [Clamav-users] Cherishing my ignorance - An appeal to package rs
Bart Silverstrim wrote: On Nov 9, 2006, at 2:09 PM, Jim Redman wrote: Folks, I have to say, of all the lists I subscribe to, the vocal members of this list are the most arrogant and insulting. However, I consider comments such as Luca Gibelli's, bandwidth wasting, We are happy to suffer this loss. and Dennis Peterson's His specific problem is he lacks the skill to install and manage the product reflect more about the person making the comment, rather than the target. You're forgetting one detail that probably was the most provoking, though. He started right off saying he cherishes his ignorance. How many of our problems as sysadmins come from user ignorance? How much worse is it when you have to deal with another peer's ignorance, and worse yet, WILLFUL ignorance? Hi, I'm hired to do a complicated and skillful job as a sysadmin, but want to know nothing about how or why this software stuff works...can you help me? By, like, doing it for me? Maybe i missed it, but where in his original email did he ask anyone to help him by doing something for him? From what i can see, he didnt even ask for help at all. The way i took it was: Gee, I downloaded this package for clamav and installed it and now there are all sorts of other things that still need to be done to get it working correctly. Maybe clamav developers could work with the package maintainers to make this process go more smoothly? To which he received responses like: Your an idiot. We dont care. Shut up and stop posting crap like this to the list. To me it seems like everyone missed the point and made their own assumptions as to what he *really* meant. Maybe the title was worded poorly, or his post looked too similar to others that people have seen in the past and it triggered an immediate negative response from them, or maybe its just that some people on this list havent gotten any lately and are grumpy - who knows. But to berate someone like this over a post they made which i believe was interpreted incorrectly to begin with is completely wrong. I mean cmon, the subject clearly states its directed at packagers. Give the guy a flippin break. -Jim ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Cherishing my ignorance - An appeal to package rs
Jim Maul wrote: Bart Silverstrim wrote: On Nov 9, 2006, at 2:09 PM, Jim Redman wrote: Folks, I have to say, of all the lists I subscribe to, the vocal members of this list are the most arrogant and insulting. However, I consider comments such as Luca Gibelli's, bandwidth wasting, We are happy to suffer this loss. and Dennis Peterson's His specific problem is he lacks the skill to install and manage the product reflect more about the person making the comment, rather than the target. You're forgetting one detail that probably was the most provoking, though. He started right off saying he cherishes his ignorance. How many of our problems as sysadmins come from user ignorance? How much worse is it when you have to deal with another peer's ignorance, and worse yet, WILLFUL ignorance? Hi, I'm hired to do a complicated and skillful job as a sysadmin, but want to know nothing about how or why this software stuff works...can you help me? By, like, doing it for me? Maybe i missed it, but where in his original email did he ask anyone to help him by doing something for him? From what i can see, he didnt even ask for help at all. The way i took it was: Gee, I downloaded this package for clamav and installed it and now there are all sorts of other things that still need to be done to get it working correctly. Maybe clamav developers could work with the package maintainers to make this process go more smoothly? This is precisely a request for help and for someone, anyone but him, to build a product to his specification. Your statement is made illogical by your example. In fact he went on to write several screens of rant about why he doesn't like the services of the ClamAV packagers. Had he written code instead of smearing their efforts he'd have a working installer now. In fact, apache, a far more common application than ClamAV, requires vastly more after-install configuration and management effort than does ClamAV, so his premise is farcical. There are no well-known IP ports for clamd and no well-known locations for Unix sockets. There is no master plan to tie various milter/filter programs together to use ClamAV. I use a milter and Sendmail. Others may prefer to use procmail. SpamAssassin is popular. Bringing it all together is what the admin is for. Continued user intervention is extremely necessary - this product has no brain - come prepared to use your own. Finally, it is a service not offered by the ClamAV team and personally I'd prefer they focus on getting 0.90 released than hand-holding slacker admins. My, aren't I being judgmental! Hell yes. I'm tired of sharing critical Internet services with admins who are not committed to their responsibilities. The binaries page has several links to packagers who are in a position to help. One of them supports his package. Those two should get together and solve this hellish problem. And he should quit laying blame on everyone else for his dire condition. dp ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Cherishing my ignorance - An appeal to package rs
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jim Maul wrote: Maybe i missed it, but where in his original email did he ask anyone to help him by doing something for him? From what i can see, he didnt even ask for help at all. The way i took it was: Gee, I downloaded this package for clamav and installed it and now there are all sorts of other things that still need to be done to get it working correctly. Maybe clamav developers could work with the package maintainers to make this process go more smoothly? To which he received responses like: Your an idiot. We dont care. Shut up and stop posting crap like this to the list. To me it seems like everyone missed the point and made their own assumptions as to what he *really* meant. Maybe the title was worded poorly, or his post looked too similar to others that people have seen in the past and it triggered an immediate negative response from them, or maybe its just that some people on this list havent gotten any lately and are grumpy - who knows. But to berate someone like this over a post they made which i believe was interpreted incorrectly to begin with is completely wrong. I mean cmon, the subject clearly states its directed at packagers. Give the guy a flippin break. -Jim Ok, I'm usually very patient when it comes to responses to email's like this. But, I believe he is really asking the wrong people. He should be going to the package maintainers. This group is usually content with compiling and installing directly from source. Like Dennis said Bringing it all together is what the admin is for. ClamAV is a powerful tool; but, would you give a chainsaw to your 2-year old to use I think not. Everyone has to learn. There is no shortcuts when it comes to being a sysadmin, no matter what level you are. You can make things easier; but, usually at a cost. No one here is willing to make ClamAV a butter knife when it is already a chainsaw. - -James -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFVJrkkNLDmnu1kSkRAiY3AJ4q4FvrEKs7qdvylNclGZPn3IZYKwCffyxj cpwgnnzStfnSaPFScEbD3Is= =5i3r -END PGP SIGNATURE- -- Scanned by ClamAV - http://www.clamav.net ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Cherishing my ignorance - An appeal to package rs
James Kosin wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jim Maul wrote: Maybe i missed it, but where in his original email did he ask anyone to help him by doing something for him? From what i can see, he didnt even ask for help at all. The way i took it was: Gee, I downloaded this package for clamav and installed it and now there are all sorts of other things that still need to be done to get it working correctly. Maybe clamav developers could work with the package maintainers to make this process go more smoothly? To which he received responses like: Your an idiot. We dont care. Shut up and stop posting crap like this to the list. To me it seems like everyone missed the point and made their own assumptions as to what he *really* meant. Maybe the title was worded poorly, or his post looked too similar to others that people have seen in the past and it triggered an immediate negative response from them, or maybe its just that some people on this list havent gotten any lately and are grumpy - who knows. But to berate someone like this over a post they made which i believe was interpreted incorrectly to begin with is completely wrong. I mean cmon, the subject clearly states its directed at packagers. Give the guy a flippin break. -Jim Ok, I'm usually very patient when it comes to responses to email's like this. But, I believe he is really asking the wrong people. He should be going to the package maintainers. This group is usually content with compiling and installing directly from source. Are they really no package maintainers on this list? I find that hard to believe. Is it really necessary to punish someone for thinking that maybe, just maybe, a message about clamav packages on the clamav-users list might actually get seen by some packagers themselves? Like Dennis said Bringing it all together is what the admin is for. ClamAV is a powerful tool; but, would you give a chainsaw to your 2-year old to use I think not. Everyone has to learn. There is no shortcuts when it comes to being a sysadmin, no matter what level you are. You can make things easier; but, usually at a cost. No one here is willing to make ClamAV a butter knife when it is already a chainsaw. Of course. Im not saying i completely agree with everything the OP wrote. Im simply saying that i believe people misinterpreted what he was ultimately trying to say, and then insulted him because of it. -Jim ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Cherishing my ignorance - An appeal to package rs
On Nov 9, 2006, at 2:40 PM, Daniel J McDonald wrote: On Thu, 2006-11-09 at 10:24 -0500, Bart Silverstrim wrote: On Nov 7, 2006, at 6:48 PM, Jim Redman wrote: Chris, Christopher X. Candreva wrote: On Tue, 7 Nov 2006, Jim Redman wrote: My observation is that of all the modern packages ClamAV fails to install and run successfully and securely without operator intervention. I think that this should be refined to reference Fedora packages and perhaps not all of them. I don't use Fedora - I use Mandriva. And my experience has been that the RPMS provided by Mandriva do allow you to run out of the box with very little tweaking. That is important to me - I manage about 20 linux servers, but my primary responsibility is 196 routers and firewalls. I'm not ignorant of the build process - I learned how to build SRPM's working with this package - I merely don't have the time to mess with it. So, I understand the sentiment. There are a number of reasons why I consider this a bad thing (other opinions have been expressed by others on the list). 4) (Altruism) It limits the adoption of ClamAV which in turn increase the number/penetration of viruses. Maybe the project doesn't WANT people who have problems with their installs caused by willful ignorance...just a thought. I personally think that's a poor attitude. Clueless newbies are important too. I personally will dump a project that takes too long to get working at all. As long as I can see progress it will keep my interest. Cluelessness is one thing. Willful cluelessness is another. There is a difference. What you're talking about is hassle...if it's too much hassle, you move on to something else. That's fine and dandy. But there are many many many people who are using, for example, ClamAV without throwing a fit because there's too much in the conf file to set up. The distinction is you can get frustrated and ask for help, or you can get frustrated and bitch about it rather than read the comments in the conf file. There's a lot, it can be tedious to a degree, but you're not having to go through source code to figure out how to get it to work. I have found that *overall*, with all the different distros out there, it is impossible to come up with a one-size-fits- all solution but the config files and guides for installation and configuration on the Internet are enough that you need not invest a lifetime to getting this one project working. As I've said in other posts, the problem (as I see it) isn't necessarily that he's clueless, or a newbie. It's the attitude he approached the group with, the attitude of I don't know anything and want to stay ignorant. You should make it so I can stay ignorant but get this to work. This is something that can easily ruffle some feathers, especially when so many in the group have started in that position but learned how to get it to work. It's also shocking for a sysadmin to declare that they want to stay ignorant of the equipment they're using...I want to be a rocket scientist, but don't want to take that nasty physics stuff...you should make it easier! For example, the Hobbitmonitor project is buried deep on my todo list - There are about 15 post release patches that have to be individually applied in a certain order, and I have yet to get it right and have it compile. So I ignore it, and think If I ever get about 4 hours of un-interrupted time, I'm going to tackle that beast. Of course, I don't have 4 hours, so it just gets deeper on the pile, and I never get my monitoring server built, and I never am able to contribute back to the project by helping other clueless newbies... Then cut it loose. This seems to be a hard concept...similar problems crop up, and my response is something along the lines of, Well, your company isn't hiring enough to properly staff your department or manage the staff properly...if it were truly important, you'd get the time. So either suffer with the lack of XYZ, or have them hire more people, or move to another company that does respect their IT department's role more. Well, that's not realistic... Well, then it sounds like you are going with A, suffer the lack of XYZ. Accept it, quit complaining. crickets... I'm not saying every project requires you to cut off fingers and chant voodoo incantations to work. I'm just saying that ClamAV isn't rocket science, there are some problems, and your average sysadmin should be able to go through a conf file to configure it and be able to get it to integrate with most MTA's using docs on the Internet with relatively little energy lost. I am tired of the couch sysadmin running mail servers using a black box approach, relaying spam or implementing poor security because they're too damn lazy to actually figure out what running a mail server means, and when someone comes along saying that they have problems XYZ the real
Re: [Clamav-users] Cherishing my ignorance - An appeal to package rs
Dennis Peterson wrote: Jim Maul wrote: Bart Silverstrim wrote: On Nov 9, 2006, at 2:09 PM, Jim Redman wrote: Folks, I have to say, of all the lists I subscribe to, the vocal members of this list are the most arrogant and insulting. However, I consider comments such as Luca Gibelli's, bandwidth wasting, We are happy to suffer this loss. and Dennis Peterson's His specific problem is he lacks the skill to install and manage the product reflect more about the person making the comment, rather than the target. You're forgetting one detail that probably was the most provoking, though. He started right off saying he cherishes his ignorance. How many of our problems as sysadmins come from user ignorance? How much worse is it when you have to deal with another peer's ignorance, and worse yet, WILLFUL ignorance? Hi, I'm hired to do a complicated and skillful job as a sysadmin, but want to know nothing about how or why this software stuff works...can you help me? By, like, doing it for me? Maybe i missed it, but where in his original email did he ask anyone to help him by doing something for him? From what i can see, he didnt even ask for help at all. The way i took it was: Gee, I downloaded this package for clamav and installed it and now there are all sorts of other things that still need to be done to get it working correctly. Maybe clamav developers could work with the package maintainers to make this process go more smoothly? This is precisely a request for help and for someone, anyone but him, to build a product to his specification. Your statement is made illogical by your example. Says who, you? Sorry, but I really couldn't care less about what you have to say. By the way, it was a SUGGESTION, not precisely a request for help as you seem to think. In fact he went on to write several screens of rant about why he doesn't like the services of the ClamAV packagers. Had he written code instead of smearing their efforts he'd have a working installer now. Sorry, everyone isnt as smart as you think you are. In fact, apache, a far more common application than ClamAV, requires vastly more after-install configuration and management effort than does ClamAV, so his premise is farcical. Yes, but will it WORK without this after-install configuration and management? Yes, it will. There are no well-known IP ports for clamd and no well-known locations for Unix sockets. There is no master plan to tie various milter/filter programs together to use ClamAV. I use a milter and Sendmail. Others may prefer to use procmail. SpamAssassin is popular. Bringing it all together is what the admin is for. Continued user intervention is extremely necessary - this product has no brain - come prepared to use your own. Of course. This job is not for the braindead or those who would rather not exercise their mind. That is in no way a reason for a product not to be improved if there is room for improvement. Finally, it is a service not offered by the ClamAV team and personally I'd prefer they focus on getting 0.90 released than hand-holding slacker admins. My, aren't I being judgmental! Hell yes. I'm tired of sharing critical Internet services with admins who are not committed to their responsibilities. And the OP may very well not be one of those committed admins. Who cares? He is still human and may actually have a valid suggestion - imagine that?! You seem to have completely ignored the real reason for the post and instead focused on the negatives as you seem to have some personal vendetta against anyone that isnt as smart as you. I bet its lonely on top your little pedestal, no? The binaries page has several links to packagers who are in a position to help. One of them supports his package. Those two should get together and solve this hellish problem. And he should quit laying blame on everyone else for his dire condition. To think that there *might* actually be some packagers who are listening. Blasphemous! ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Cherishing my ignorance - An appeal to package rs
On Nov 9, 2006, at 7:23 PM, Tom Metro wrote: Dennis Peterson wrote: Jim Redman wrote: Your opinions, seem to be the prevalent attitude of the vocal members of this list - if you don't suffer, it wasn't worth it. His specific problem is he lacks the skill to install and manage the product. It's rather sad to see that this elitist attitude - which was commonplace on Usenet back in the early 90's - is still alive and well here in 2006. I'm not sure why people who otherwise are enthusiastic supporters of open source don't see how this damages the community. Probably because Open Source isn't about selling a product. It's people doing this as a hobby, in the end, and if you want to use it, there it is...if not, *shrug*. That's the attitude I see (except from the just plain rude and arrogant who want to keep their toys to themselves). And in the quote above, he isn't necessarily saying the poster is stupid, just lacking a skill. What's wrong in that? Maybe I don't remember what else was said, but if you lack a skill in something, you lack the skill. Approach the group with the attitude of, Can someone help me figure this out?, instead of, Fix this for me, and you might see a change in how people respond. The argument is also flawed. So, the people criticizing the OP's premise all build their software from scratch, build their own OS distributions, and never used packaged software - right? No? Do you at least review all the source code before you install a package? No? We've built up these layers not always because the end users don't have the knowledge to reproduce them themselves, but because it would be a waste of effort to replicate them. This hold as true for rewriting a virus scanning engine from scratch as it does for writing your own installation script. (If your environment requires custom behavior, then by all means, write your own installation script...or for that matter, customize the virus scanning engine.) And ClamAV has been built in a way that many people have not had this as a major stumbling block. I'm not a programmer, but had installed Clam on at least three platforms. I'm not a guru, hold no certs for A + or Cisco or MS or any other groups. So what's going on here...am I lying? Extremely lucky?... Ease of installation is valued by knowledgeable users also. Yes, especially if they already know why it is working and how to fix it if something goes wrong. Why spend time on a problem that others have already solved hundreds of times over. I'd much rather use my time in solving unexpected problems that are specific to my environment. But you advocate not knowing anything about that environment in the first place. Where did that email go? Well I have it filtered in the bastion server here first, then it goes to this scanner for spam, then this for antivirus, then forwarded to this queue and out to this server... But you want a drop-in solution so you don't need to know anything...how do you troubleshoot something when you don't know what it's doing in the first place? Maybe it's just my opinion, for what little it's worth. ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Cherishing my ignorance - An appeal to package rs
Bart Silverstrim wrote: On Nov 9, 2006, at 2:40 PM, Daniel J McDonald wrote: On Thu, 2006-11-09 at 10:24 -0500, Bart Silverstrim wrote: On Nov 7, 2006, at 6:48 PM, Jim Redman wrote: Chris, Christopher X. Candreva wrote: On Tue, 7 Nov 2006, Jim Redman wrote: My observation is that of all the modern packages ClamAV fails to install and run successfully and securely without operator intervention. I think that this should be refined to reference Fedora packages and perhaps not all of them. I don't use Fedora - I use Mandriva. And my experience has been that the RPMS provided by Mandriva do allow you to run out of the box with very little tweaking. That is important to me - I manage about 20 linux servers, but my primary responsibility is 196 routers and firewalls. I'm not ignorant of the build process - I learned how to build SRPM's working with this package - I merely don't have the time to mess with it. So, I understand the sentiment. There are a number of reasons why I consider this a bad thing (other opinions have been expressed by others on the list). 4) (Altruism) It limits the adoption of ClamAV which in turn increase the number/penetration of viruses. Maybe the project doesn't WANT people who have problems with their installs caused by willful ignorance...just a thought. I personally think that's a poor attitude. Clueless newbies are important too. I personally will dump a project that takes too long to get working at all. As long as I can see progress it will keep my interest. Cluelessness is one thing. Willful cluelessness is another. There is a difference. What you're talking about is hassle...if it's too much hassle, you move on to something else. That's fine and dandy. But there are many many many people who are using, for example, ClamAV without throwing a fit because there's too much in the conf file to set up. The distinction is you can get frustrated and ask for help, or you can get frustrated and bitch about it rather than read the comments in the conf file. There's a lot, it can be tedious to a degree, but you're not having to go through source code to figure out how to get it to work. I have found that *overall*, with all the different distros out there, it is impossible to come up with a one-size-fits-all solution but the config files and guides for installation and configuration on the Internet are enough that you need not invest a lifetime to getting this one project working. As I've said in other posts, the problem (as I see it) isn't necessarily that he's clueless, or a newbie. It's the attitude he approached the group with, the attitude of I don't know anything and want to stay ignorant. You should make it so I can stay ignorant but get this to work. This is something that can easily ruffle some feathers, especially when so many in the group have started in that position but learned how to get it to work. It's also shocking for a sysadmin to declare that they want to stay ignorant of the equipment they're using...I want to be a rocket scientist, but don't want to take that nasty physics stuff...you should make it easier! I understand completely what you are saying and also agree with it. However, regardless of how clueless the rocket scientist wants to remain (which, yes, is a poor attitude), IF there is room for improvement or IF some part of the process CAN be made easier, shouldnt it? This has nothing to do with the fact that he wants to remain ignorant. It really seems as if everyone read that part and COMPLETELY missed what he was really trying to say and instead focused on blasting the guy because of his willingness to remain ignorant. For example, the Hobbitmonitor project is buried deep on my todo list - There are about 15 post release patches that have to be individually applied in a certain order, and I have yet to get it right and have it compile. So I ignore it, and think If I ever get about 4 hours of un-interrupted time, I'm going to tackle that beast. Of course, I don't have 4 hours, so it just gets deeper on the pile, and I never get my monitoring server built, and I never am able to contribute back to the project by helping other clueless newbies... Then cut it loose. This seems to be a hard concept...similar problems crop up, and my response is something along the lines of, Well, your company isn't hiring enough to properly staff your department or manage the staff properly...if it were truly important, you'd get the time. So either suffer with the lack of XYZ, or have them hire more people, or move to another company that does respect their IT department's role more. Well, that's not realistic... Well, then it sounds like you are going with A, suffer the lack of XYZ. Accept it, quit complaining. crickets... I'm not saying every project requires you to cut off fingers and chant voodoo incantations to work. I'm just saying that ClamAV isn't rocket
Re: [Clamav-users] Cherishing my ignorance - An appeal to package rs
On Fri, 10 Nov 2006, Bart Silverstrim wrote: What you're talking about is hassle...if it's too much hassle, you move on to something else. That's fine and dandy. But there are many many many people who are using, for example, ClamAV without throwing a fit because there's too much in the conf file to set up. He didn't throw a fit, he suggested that if a package exists, it ought to work. I don't think that's unreasonable. Calling him lazy is obscuring and sidestepping the actual problem. It's also pointless, since if you've read the subject line, you already know that he's lazy. He's admitted it, hooray, you win. If some packages install without difficulty and others do not, then how about we work together to bring the less efficient packages in line with the more effective ones? Jeffrey Moskot System Administrator [EMAIL PROTECTED] ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Cherishing my ignorance - An appeal to package rs
James Kosin wrote: Like Dennis said Bringing it all together is what the admin is for. I disagree. There are some things which are the admin's job, but they are not the catch-all for all unresolved burdens (bringing it all together). Pardon my lecture, but lets review the root of our discipline: The purpose of computers is to shift the workload of as many tasks as possible away from the human and toward automation, freeing up the human to address more sophisticated problems they were previously unable to address due to those workloads. This is the mantra of the entirety of computing. If you are working with computers, and this isn't the focus of what you're doing, even indirectly, then you're not contributing to the domains of computer science and/or computer engineering. Period. No ifs ands nor buts. Even with games: the more sophisticated problem is having more complex/sophisticated environments for recreation. Notice that I did NOT say users, I said humans. This applies across the entire scope of computing, and not just at the level of what do we provide to the end user? For the hardware developer (whether it's chip developers or platform developers), their burden is to reduce the workload of everyone by increasing the overall capacity of the systems ... but more directly, they should also be reducing the workload of the system engineer. The system engineer has three groups whose workload they need to reduce: system administrators, application developers, and users. Application developers have two groups (depending upon the scope of the application): other application devleopers, system administrators, and users. System administrators have two groups they need to address: application developers and users. Users also have groups they need to address: themselves (if they're not going to leverage the tool to allow them to accomplish tasks that their previous drudgery was preventing them from addressing, then what's the point?), and non-computer users that are their customers (the bank teller who can not give you more information than they used to, because the information is all now at their finger tips ... before computers at the bank teller, they couldn't do that). ClamAV is an application. Its target audience is all three of the ones I mentioned for application developers. Therefore, the developers of ClamAV have the burden of reducing the workload of system administrators, users, and other application developers. The obvious manner in which they address this is making it easier to identify viruses so that the user or sysadmin can eliminate the virus from their environment, or so that other applications may leverage this identification process for automated deletion/interception of viruses. But, that is not the only manner in which application developers should reduce burdens (at the level of the problem being solved). They should also reduce other burdens where they can, such as reducing the ergonomic burden of the user (ie. better user interface design). And they should reduce the burden of the system administrator by making the application easier to maintain at the system administration level. That means doing things like using standard installation locations, using standard configuration tools, etc. It also means using easier and more reliable packaging and installation/removal mechanisms. Reduce the burden of the system administrator by making the installation task more streamlined, more reliable, and easier. So, to get back to the original quote: Bringing it all together is what the admin is for. No. You do not get to simply dump this burden upon the sysadmin. That burden is shared across the entire domain of computing. Each person is responsible for bringing it together for the community to which they are providing an automation. You might say but this subject is the responsibility, within 'Application Development' of the release engineer, and ClamAV doesn't have enough release engineering volunteers to address more sophisticated release engineering processes. OK, that's a reasonable response. But that's saying we don't have enough resources to address one of our burdens. That means the request was valid, but we can't address it. That is ENTIRELY different from a response of the request is unreasonable/invalid because our consumer should just be willing to do more work (effectively what the OP's detractors have been saying). BZZT. That response directly contradicts the central purpose of computing. Therefore, that response is inherently wrong and inappropriate. ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Cherishing my ignorance - An appeal to package rs
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jim Maul wrote: Are they really no package maintainers on this list? I find that hard to believe. Is it really necessary to punish someone for thinking that maybe, just maybe, a message about clamav packages on the clamav-users list might actually get seen by some packagers themselves? Yes, there are; but, most are looking here for updates, issues, etc. that may make thing easier for supporting the users of the packages. All package maintainers also have their own email addresses. Most are willing to take suggestions. Some even make changes. But, asking this community outright for a change like this to take place at ClamAV is difficult to manage, and misplaced. When you first install ClamAV (even from source), you have to make changes to the configuration. This I found out myself after a few days of ClamAV not working... my first time. Some package maintainers do make this easier and make a few changes themselves to get things working; but, then the users may have an inadequate configuration for their use and not know any better. Of course. Im not saying i completely agree with everything the OP wrote. Im simply saying that i believe people misinterpreted what he was ultimately trying to say, and then insulted him because of it. He insulted himself first with the very misdirected subject to the email. [Clamav-users] Cherishing my ignorance - An appeal to packagers: QUOTE I WANT to know NOTHING about ClamAV, I wish to remain ignorant. I even trust the folks who produce RPMs to come up with reasonable defaults for file locations, max sizes, etc. etc. etc. As _IS_ the case with just about every other install. /QUOTE He clearly states he wants to know NOTHING about the setup of ClamAV. This is not the tact to take when installing a package like this. How it is configured depends heavily on how you want to use it. You have to learn and overcome your ignorance to accomplish this. His email has no basis in reality as far as anyone can tell. WARNING: Your ClamAV installation is OUTDATED! Never will be fixed. I'm not spending another two days monkeying with configuration, so this install of ClamAV stays, just ignore the warning that it's OUTDATED until then next OS upgrade. So I'll never see any of the new and great features added. Yes, it is a WARNING, if you read the whole warning it says NOT to PANIC. Actually, EVERYONE gets theses once in a while. Unless you have a script that checks every hour for the latest version you are bound to get a few of these in the logs. Everyone knows the drill download the source, compile, install, done. Usually that simple. Packages are usually similar, but the maintainer needs to do the work of compiling, testing, etc before releasing. This means that much of the developers work is wasted, because I take the easiet way around an error, no clamav user, the hell with it, freshclam runs as root. config file, just take out Example keep hacking until it stops complaining. This is just BAD news. ClamAV should not be treated this way. Running as root aside, you have to READ the configuration file in its entirety to appreciate its usefulness. Nothing he said gave the problem clear details, suggestions or otherwise. Some questions he could have asked are: Why does ClamAV always complain about the configuration being bad after I just installed it on my machine? Why does ClamAV complain about being OUTDATED? How can I fix these problems? Where should I go to find out more about the configuration? What is the proper way to configure ClamAV for my system? Why can't freshclam write to the directory for the virus updates? How can I fix this? But, he didn't ASK a single question. - -James -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFVLLKkNLDmnu1kSkRAsUBAJ0Yi3gmtAdDW/PUfOg47zomTx6pAgCdHq6s YIItLVCd8stq3hLZ5+Erh60= =XBwq -END PGP SIGNATURE- -- Scanned by ClamAV - http://www.clamav.net ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Cherishing my ignorance - An appeal to package rs
Dennis Peterson wrote: Jim Maul wrote: somebody else wrote: Gee, I downloaded this package for clamav and installed it and now there are all sorts of other things that still need to be done to get it working correctly. Maybe clamav developers could work with the package maintainers to make this process go more smoothly? This is precisely a request for help and for someone, anyone but him, to build a product to his specification. Your statement is made illogical by your example. Says who, you? Sorry, but I really couldn't care less about what you have to say. By the way, it was a SUGGESTION, not precisely a request for help as you seem to think. It was the ? at the end of your statement that gave it away. That forced it away from a suggestion to an actual beseeching. From Webster's beseech One entry found for beseech. Main Entry: beseech Pronunciation: bi-'sEch, bE- Function: verb Inflected Form(s): -seeched or besought /-'sot/; -seeching Etymology: Middle English besechen, from be- + sechen to seek transitive verb 1 : to beg for urgently or anxiously 2 : to request earnestly : IMPLORE intransitive verb : to make supplication synonym see BEG - beseechingly /-'sE-chi[ng]-lE/ adverb I like the synomym offered. Nothing to see here, people, let's get back to work. dp ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Cherishing my ignorance - An appeal to package rs
Dennis Peterson wrote: Dennis Peterson wrote: Jim Maul wrote: somebody else wrote: Gee, I downloaded this package for clamav and installed it and now there are all sorts of other things that still need to be done to get it working correctly. Maybe clamav developers could work with the package maintainers to make this process go more smoothly? This is precisely a request for help and for someone, anyone but him, to build a product to his specification. Your statement is made illogical by your example. Says who, you? Sorry, but I really couldn't care less about what you have to say. By the way, it was a SUGGESTION, not precisely a request for help as you seem to think. It was the ? at the end of your statement that gave it away. That forced it away from a suggestion to an actual beseeching. Thank you for your overly literal take on my post. Is this a question?: Hi? Adding a ? to the end of a sentence does not magically turn the sentence into a question. At least not one thats meant to be responded to as one. One can make a suggestion in a questioning manner in such a way that they are not actually looking for an answer to the question. Take this brief conversation for example: Customer: When im driving and my car reaches 50mph, my steering wheel shakes badly. Mechanic: Well there could be a couple things wrong that would cause that. Customer: Maybe its my new tires I just had installed? Would you take this to mean that the customer is actually asking if the new tires are at fault? It makes more sense to take this as the customer is SUGGESTING to the mechanic that MAYBE the tires are at fault and that it would be a good starting point to begin troubleshooting the problem. Just like the OP was suggesting that maybe the clamav team could work with package maintainers to make the process of installing clamav from packages more consistent/user friendly. If the clamav team does not like this suggestion, they are free to ignore it and if they do like it, then maybe something will be done with it some day. Either way, the OP in no way deserved the insults and harassment he received. From Webster's beseech One entry found for beseech. Main Entry: beseech Pronunciation: bi-'sEch, bE- Function: verb Inflected Form(s): -seeched or besought /-'sot/; -seeching Etymology: Middle English besechen, from be- + sechen to seek transitive verb 1 : to beg for urgently or anxiously 2 : to request earnestly : IMPLORE intransitive verb : to make supplication synonym see BEG - beseechingly /-'sE-chi[ng]-lE/ adverb I like the synomym offered. Thats nice. I like pizza. Nothing to see here, people, let's get back to work. I've been working all day, but thanks for the permission. -Jim ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Cherishing my ignorance - An appeal to package rs
On Nov 10, 2006, at 9:45 AM, Jim Maul wrote: Bart Silverstrim wrote: On Nov 9, 2006, at 2:09 PM, Jim Redman wrote: Folks, I have to say, of all the lists I subscribe to, the vocal members of this list are the most arrogant and insulting. However, I consider comments such as Luca Gibelli's, bandwidth wasting, We are happy to suffer this loss. and Dennis Peterson's His specific problem is he lacks the skill to install and manage the product reflect more about the person making the comment, rather than the target. You're forgetting one detail that probably was the most provoking, though. He started right off saying he cherishes his ignorance. How many of our problems as sysadmins come from user ignorance? How much worse is it when you have to deal with another peer's ignorance, and worse yet, WILLFUL ignorance? Hi, I'm hired to do a complicated and skillful job as a sysadmin, but want to know nothing about how or why this software stuff works...can you help me? By, like, doing it for me? Maybe i missed it, but where in his original email did he ask anyone to help him by doing something for him? From what i can see, he didnt even ask for help at all. The way i took it was: Gee, I downloaded this package for clamav and installed it and now there are all sorts of other things that still need to be done to get it working correctly. Maybe clamav developers could work with the package maintainers to make this process go more smoothly? Here is what I was reading from the original (I believe) email...correct me if I'm wrong... * I WANT to know NOTHING about ClamAV, I wish to remain ignorant. * Instead the packages need me to learn some of the inner workings of ClamAV and FreshClam (forget editing the conf files, the packages don't even seem to work together out of the box) ** This means that much of the developers work is wasted, because I take the easiet way around an error, no clamav user, the hell with it, freshclam runs as root. *** config file, just take out Example keep hacking until it stops complaining. *** Sorry if this sounds like a rant, it's not, it's an appeal to make a priority of simplifying the installation. *** If anything, these highlight that the user posting the message: A) wants to remain ignorant, despite being in charge of whatever system this is he's administrating B) is asking for others (packagers, clamav devs...) to fix his unwillingness to read a config file. If you want to know where it sounds like he's asking someone to do it for him, the last quoted line is making an appeal to make a braindead install routine a priority. That sounds like it's asking someone to do something to me. Is what he's asking for out of line? Not necessarily. But if I were one of the devs doing an install package, I would not be overly motivated to help someone who is SOOO not willing to work with me on it that his idea of making it work is to run the software as root and just delete the word example from the conf file instead of reading what the line says and comprehending what he's doing. He COULD have mailed in saying, I'm running distro XYZ and am looking for opinions on what the simplest installation package is, and where I can download it with as much preconfiguration as possible... Instead, he sends a message proclaiming that he wants to remain ignorant of what is going on despite being a sysadmin because things like the conf file are just too hard to comprehend. He works with other sourceforge projects, so how can it be so hard for him to understand a conf file? Worse, he just runs it as root, and then people talk about not knowing about configurations having security holes in it? Um... What kind of sysadmin proclaims it's too hard to read a conf file and wants everything as braindead simple as possible so he doesn't have to think? It's nice not to have to get headaches configuring things, but it kind of goes with the territory! If he's not a sysadmin, why is he running a mailserver on the Internet in the first place? How much spam and crap mail comes from misconfigured mail servers because their admins were too lazy or incompetent to configure it properly? To me it seems like everyone missed the point and made their own assumptions as to what he *really* meant. Maybe the title was worded poorly, or his post looked too similar to others that people have seen in the past and it triggered an immediate negative response from them, or maybe its just that some people on this list havent gotten any lately and are grumpy - who knows. But to berate someone like this over a post they made which i believe was interpreted incorrectly to begin with is completely wrong. I mean cmon, the subject clearly states its directed at packagers. Give the guy a flippin break. And it was posted to the users list, and sorry, but one of the neat things of
Re: [Clamav-users] Cherishing my ignorance - An appeal to package rs
On Fri, 10 Nov 2006, Bart Silverstrim wrote: On Nov 10, 2006, at 11:07 AM, jef moskot wrote: If some packages install without difficulty and others do not, then how about we work together to bring the less efficient packages in line with the more effective ones? Now see, that's a reasonably worded request, but see, he didn't do that. Couldn't we just pretend he did and move on from there? Jeffrey Moskot System Administrator [EMAIL PROTECTED] ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Cherishing my ignorance - An appeal to package rs
Hmm, I wonder how many of the people who responded in one way or another is actually familiar with the package in question. I have been using Linux for a couple years now and have installed thousands of packages. In general, I have not had any problems navigating the package after it has been installed. Sure packages need configuration. Sure, time is well spent figuring out how to configure them. I would have been happy to use the package in question rather than compile from source, but after spending 30 minutes trying to get into the mindset of the packager so I could actually get clamav to function, I said f*** it. See, you do that much effort, but then the OP said he just hacks the word example out of the config file and runs the app as root. That means he took what, five minutes of effort? The conf for ClamAV is rather well documented from my experiences with it. The packages may have altered the defaults or where the files are located, but once it's in place, it's not normally that hard to get working. The hard part is integrating with other daemons and scanners. How do you expect THAT to be simplified for everyone and all situations? Yes, unlike the OP, I was willing to spend the time, but like the OP I wish I could have simply installed it and had it functioning (at least to the point I could then tweak it). This particular package appears to me it *is* trying to figure out and mold itself to environments like CLAMAV for POSTFIX filtered through AMAVISD-NEW using SPAMASSASSIN which in fact was my case, but somehow broke itself in the process of figuring this out. Your experience may differ. Heck, my experience may differ if I try to install the aforementioned packages in a different sequence, but I'm not sure my experience should differ. I would rather it simply put stuff in reasonably predictable places, then left it up to me to finish the configuration (if needed). The complexity of the package left me wanting something I could at least predict. Gary V _ Get today's hot entertainment gossip http://movies.msn.com/movies/hotgossip?icid=T002MSN03A07001 ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Cherishing my ignorance - An appeal to package rs
On Nov 10, 2006, at 4:10 PM, jef moskot wrote: On Fri, 10 Nov 2006, Bart Silverstrim wrote: On Nov 10, 2006, at 11:07 AM, jef moskot wrote: If some packages install without difficulty and others do not, then how about we work together to bring the less efficient packages in line with the more effective ones? Now see, that's a reasonably worded request, but see, he didn't do that. Couldn't we just pretend he did and move on from there? Not really...he didn't tell us what the specific problem is aside from mentioning that he is unwilling to read the config file. I shudder to think how he is going to get it to integrate with the MTA of choice... He didn't tell us his config, his distro, anything. How do you help him? Or are you going to create a custom out-of-box working package for him from the information the original message? ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Cherishing my ignorance - An appeal to package rs
On Nov 10, 2006, at 6:28 PM, Gary V wrote: Hmm, I wonder how many of the people who responded in one way or another is actually familiar with the package in question. I have been using Linux for a couple years now and have installed thousands of packages. In general, I have not had any problems navigating the package after it has been installed. Sure packages need configuration. Sure, time is well spent figuring out how to configure them. I would have been happy to use the package in question rather than compile from source, but after spending 30 minutes trying to get into the mindset of the packager so I could actually get clamav to function, I said f*** it. See, you do that much effort, but then the OP said he just hacks the word example out of the config file and runs the app as root. That means he took what, five minutes of effort? The conf for ClamAV is rather well documented from my experiences with it. The packages may have altered the defaults or where the files are located, but once it's in place, it's not normally that hard to get working. The hard part is integrating with other daemons and scanners. How do you expect THAT to be simplified for everyone and all situations? Yes, unlike the OP, I was willing to spend the time, but like the OP I wish I could have simply installed it and had it functioning (at least to the point I could then tweak it). This particular package appears to me it *is* trying to figure out and mold itself to environments like CLAMAV for POSTFIX filtered through AMAVISD- NEW using SPAMASSASSIN which in fact was my case, but somehow broke itself in the process of figuring this out. Your experience may differ. Heck, my experience may differ if I try to install the aforementioned packages in a different sequence, but I'm not sure my experience should differ. I would rather it simply put stuff in reasonably predictable places, then left it up to me to finish the configuration (if needed). The complexity of the package left me wanting something I could at least predict. The only way to solve this problem is to find someone willing to set up a Linux VMWare image of a turnkey mail server for people who can't figure out how to fulfill their sysadmin duties. Then you can answer the questions of how to set up VMWare Player or VMWare server. -Bart ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Cherishing my ignorance - An appeal to package rs
Bart Silverstrim wrote: On Nov 10, 2006, at 6:28 PM, Gary V wrote: Hmm, I wonder how many of the people who responded in one way or another is actually familiar with the package in question. I have been using Linux for a couple years now and have installed thousands of packages. In general, I have not had any problems navigating the package after it has been installed. Sure packages need configuration. Sure, time is well spent figuring out how to configure them. I would have been happy to use the package in question rather than compile from source, but after spending 30 minutes trying to get into the mindset of the packager so I could actually get clamav to function, I said f*** it. See, you do that much effort, but then the OP said he just hacks the word example out of the config file and runs the app as root. That means he took what, five minutes of effort? The conf for ClamAV is rather well documented from my experiences with it. The packages may have altered the defaults or where the files are located, but once it's in place, it's not normally that hard to get working. The hard part is integrating with other daemons and scanners. How do you expect THAT to be simplified for everyone and all situations? Yes, unlike the OP, I was willing to spend the time, but like the OP I wish I could have simply installed it and had it functioning (at least to the point I could then tweak it). This particular package appears to me it *is* trying to figure out and mold itself to environments like CLAMAV for POSTFIX filtered through AMAVISD-NEW using SPAMASSASSIN which in fact was my case, but somehow broke itself in the process of figuring this out. Your experience may differ. Heck, my experience may differ if I try to install the aforementioned packages in a different sequence, but I'm not sure my experience should differ. I would rather it simply put stuff in reasonably predictable places, then left it up to me to finish the configuration (if needed). The complexity of the package left me wanting something I could at least predict. The only way to solve this problem is to find someone willing to set up a Linux VMWare image of a turnkey mail server for people who can't figure out how to fulfill their sysadmin duties. Then you can answer the questions of how to set up VMWare Player or VMWare server. -Bart This isn't too far fetched an idea. At least with an Intel Mac running Parallels you can distribute a complete Fedora Linux VM complete with all the bells and whistles as a file in a CD. With Sendmail, Postfix, or what ever you want installed and running along with SpamAssassin and ClamAV. Once you have it built it is trivial to save it and distribute it as a VM SMTP gateway solution. Run it headless on a Core Duo Mac Mini and you have a nice small footprint, small office SMTP front end that has the best tools available. You can stuff a lot of Mini's in a refrigerator in your basement and offer them and yourself as an SMTP service provider. Or pick another VM package - same idea. I like the idea of Parallels, though for the price advantage. I've actually built some Mac Mini mail servers for remote sales offices and they run and run. And the underlying Unix foundation works very much the way a remote Linux system runs. And if the systems are low usage you can install mulitple VM's for multiple customers, and a second Mini to handle ClamAV chores. Somebody's taking it seriously: http://www.macminicolo.net/ dp dp ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Cherishing my ignorance - An appeal to package rs
On Nov 7, 2006, at 6:48 PM, Jim Redman wrote: Chris, Christopher X. Candreva wrote: On Tue, 7 Nov 2006, Jim Redman wrote: Your opinions, seem to be the prevalent attitude of the vocal members of this list - if you don't suffer, it wasn't worth it. I would disagree, in that I don't see it as suffering. Forgive me if I missed it, but what is your specific problem ? Perhaps we have different definitions of suffering. The only specific complaint I saw was the message Your version is outdated, and that seems to me to be a very simple English declarative sentence, with a simple solution. You are running an old version, get a new one. Sorry, my point has nothing to do with my particular suffering or any particular aspect of that - or at least only indirectly. My observation is that of all the modern packages ClamAV fails to install and run successfully and securely without operator intervention. I think that this should be refined to reference Fedora packages and perhaps not all of them. There are a number of reasons why I consider this a bad thing (other opinions have been expressed by others on the list). 1) It sucks my time because I immediately have to learn more than I want to about ClamAV (and freshclam and clamav-milter and the interactions between all these applications). 2) The installation is probably going to be sub-optimal because I don't have enough time to spend on ClamAV to become the expert that others on this list clearly are. You don't have to be an expert to tune it if you're just reading the config file, though. If you have problems with the server spiking CPU usage or running out of RAM, it's not hard to look and see what settings would affect that. If you can't do this and the material is out there for people to easily refer to, maybe you're short on staff (and need more people in your department) or there's some management problems that keep you from effectively doing your job, from the sounds of it. 3) It encourages bad/insecure installations because people (including me) without enough time to spend on researching the best way to install ClamAV (and associated apps) will be ignorant of possible security hole (or not recognize the significance of them). Bad installations could be REALLY bad - is there any way ClamAV could be instrumental in generating mails to the SENDER of a virus e-mail? This can be a problem with ANY software. I don't know anything about AutoCAD, yet am expected to install and troubleshoot it at times. I rely on the people who know AutoCAD (but squat about computers) to tell me when something is wrong with their install and troubleshoot it from there (yes, we're understaffed, otherwise I'd dedicate more time to learning it; just the reality of the situation). It means that either they hire more people, let me dedicate more time to troubleshooting and repairing server work, or suffer the consequences of the short staffed. I'm not going to bitch to the software programmers that they need to fix my problems that are caused by management on my side, though, since there is documentation and references available for the software package...I just click through the defaults and mop up problems later on. 4) (Altruism) It limits the adoption of ClamAV which in turn increase the number/penetration of viruses. Maybe the project doesn't WANT people who have problems with their installs caused by willful ignorance...just a thought. The OP showed this right off with the title cherishing my ignorance. If someone wants a labor-centric job with no skills to enhance, apply at McBurger King. They cherish employees who cherish ignorance because they're easy to hire and fire. IT isn't a McJob that it seems to get treated as. One person doing overlapping job skills without an adequate staff to support them will cause problems, and the business needs to recognize that. ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Cherishing my ignorance - An appeal to package rs
On Nov 7, 2006, at 6:16 PM, Jim Redman wrote: Steve, Steve Holdoway wrote: You really do need to get out of the mindset that you don't actually need to know what you're doing to administer a server. It is *NOT* a trivial task, requires skills to support it, and years of experience to do it well. Your opinions, seem to be the prevalent attitude of the vocal members of this list - if you don't suffer, it wasn't worth it. Is it really suffering if the steps are documented and you can follow them? Suffering to me would be if the steps are outlined somewhere and in the course of following those directions, you get errors and failures. Or the routine isn't documented anywhere so you have to dig and hunt and infer how to configure something. If you're a sysadmin and following directions is defined as suffering, I think you may have other problems to deal with... I would argue that I'm know enough about server administration to realize that my knowledge of ClamAV will never be as deep as others on this list, how much better if they create a secure, stable, successful, packaged configuration and everyone (which happens to also include me!) benefits from their knowledge. Or does that sound like flamebait? Because what fits your needs may not fit other people's needs when you stop to consider how draconian or how absolutely loose-and-free different mail admins can be? There are still idiots running open relays out there. Encouraging people to know what the hell they're doing helps separate those idiots from the rest of the populace. Maybe what would actually be helpful is an automated uninstall/ reinstall that asks what options you want set to what values, and compares changes from the previous install. Makes it more tedious though. -Bart ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Cherishing my ignorance - An appeal to package rs
Folks, I have to say, of all the lists I subscribe to, the vocal members of this list are the most arrogant and insulting. However, I consider comments such as Luca Gibelli's, bandwidth wasting, We are happy to suffer this loss. and Dennis Peterson's His specific problem is he lacks the skill to install and manage the product reflect more about the person making the comment, rather than the target. I would also consider the prevalent attitude misplaced and wrong, and before you berate me for knowing nothing, let me say this I've been managing mail systems on Linux since the late 1.x releases and build and support embedded Linux distros. If you're following the logic here, that still doesn't prove that I know much, but at least I have some background... Somewhere between my teenage years and now, I have enough experience to realize that I don't know everything. I can't create faster/better optimized programs using assembler than a high level language, and I'm not the worlds most knowledgeable Linux security expert. The many packages that make up Linux are better understood by those who created and maintain them and these people are the most qualified to produce secure configurations of these packages. Even if I DID understand a package better than the maintainer, or have a better grasp of security than the person producing configuration, I would recognize that having more people look at the configuration WILL improve the system. This is one of the basic arguments of Eric Raymond's The Cathedral and the Bazaar http://www.firstmonday.org/issues/issue3_3/raymond/ I no longer possess the desire to build Linux systems from scratch, or to customize them so heavily that I cannot benefit from the work of some of the greats in the community, although I may occasionally humbly make suggestions that I think might be of benefit (some of these are not necessarily accepted as such). I'll further encourage these efforts because, having done this for a while, I realize that it _IS_ now possible for someone who knows almost nothing about Linux administration to take a distro, install it, update it using one of the package managers and have a secure, if sub-optimal installation, taking the defaults at installation. When I realize that this person might otherwise have put Windows on the net and become another spam and virus spewing Bot I feel that anything that can be done to make the standard distros easier to use, and so to encourage their uptake, is good. And yet, when you suggest that one of the advances that ClamAV could make is to be in a position to help these people, the responses represent an elitist (and mis-guided) attitude that everyone should be a highly skill sysadmin more knowledgeable of the ClamAV system. So, now you have some more flamebait. I'm signing off, because, for the vocal members of this list at least, Scott Adams seems to have the right idea (http://dilbertblog.typepad.com/): Let me begin by saying I don’t debate with advocates. An advocate says that everything is right about one position and everything is wrong about the other side. You might as well debate with a doorknob. Jim -- Jim Redman (505) 662 5156 x85 http://www.ergotech.com ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Cherishing my ignorance - An appeal to package rs
On Thu, 2006-11-09 at 10:24 -0500, Bart Silverstrim wrote: On Nov 7, 2006, at 6:48 PM, Jim Redman wrote: Chris, Christopher X. Candreva wrote: On Tue, 7 Nov 2006, Jim Redman wrote: My observation is that of all the modern packages ClamAV fails to install and run successfully and securely without operator intervention. I think that this should be refined to reference Fedora packages and perhaps not all of them. I don't use Fedora - I use Mandriva. And my experience has been that the RPMS provided by Mandriva do allow you to run out of the box with very little tweaking. That is important to me - I manage about 20 linux servers, but my primary responsibility is 196 routers and firewalls. I'm not ignorant of the build process - I learned how to build SRPM's working with this package - I merely don't have the time to mess with it. So, I understand the sentiment. There are a number of reasons why I consider this a bad thing (other opinions have been expressed by others on the list). 4) (Altruism) It limits the adoption of ClamAV which in turn increase the number/penetration of viruses. Maybe the project doesn't WANT people who have problems with their installs caused by willful ignorance...just a thought. I personally think that's a poor attitude. Clueless newbies are important too. I personally will dump a project that takes too long to get working at all. As long as I can see progress it will keep my interest. For example, the Hobbitmonitor project is buried deep on my todo list - There are about 15 post release patches that have to be individually applied in a certain order, and I have yet to get it right and have it compile. So I ignore it, and think If I ever get about 4 hours of un-interrupted time, I'm going to tackle that beast. Of course, I don't have 4 hours, so it just gets deeper on the pile, and I never get my monitoring server built, and I never am able to contribute back to the project by helping other clueless newbies... -- Daniel J McDonald, CCIE # 2495, CISSP # 78281, CNX Austin Energy http://www.austinenergy.com ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Cherishing my ignorance - An appeal to package rs
On Thu, 9 Nov 2006, Daniel J McDonald wrote: My observation is that of all the modern packages ClamAV fails to install and run successfully and securely without operator intervention. I think that this should be refined to reference Fedora packages and perhaps not all of them. I don't use Fedora - I use Mandriva. And my experience has been that the RPMS provided by Mandriva do allow you to run out of the box with You've just hit the problem: Which distributions should the Clam Team be spending time on - Fedora, Mandriva, Ubuntu, SUSE - - - my favorite, your favorite ? This is not a unique complaint to Clam - I see similar problems on the MailMan list, and RedHat/Fedora again is a big source of complaints. As far as I know, across Linux, packages for distibutions are the responibility of the distro, not the project in question. Fedora is fairly well known for making changes to the default way that applications are set up, often moving things around (files, sockets, etc). I think what the OP is asking for misses this fact. When you install Clam from Fedora packages, basicly you need to get support from Fedora. Maybe you need a different distro, that keeps things in default locations. == Chris Candreva -- [EMAIL PROTECTED] -- (914) 967-7816 WestNet Internet Services of Westchester http://www.westnet.com/ ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Cherishing my ignorance - An appeal to package rs
Jim Redman wrote: snippage I no longer possess the desire to build Linux systems from scratch, or to customize them so heavily that I cannot benefit from the work of some of the greats in the community, although I may occasionally humbly make suggestions that I think might be of benefit (some of these are not necessarily accepted as such). more snippage I have to agree with the general request made by Jim. Unfortunately, most of us end user sysadmins have a lot on our plates. Compiling is not that hard, but it is definitely harder than using something like an RPM. And as the config file is normally not replaced, setting things up the way you want it normally is left alone. I really can't imagine trying to keep up with a full linux server these days with all the security issues, if I had to compile each and every update to each and every program... thus the success of distros such as Redhat, Suse and Debian to name just a few. I personally run CentOS for all my systems. I use the dag repository for many additional packages, ClamAV being one of the main packages. I find his ClamAV RPM works right out of the box, and is updated as needed, which allows the use of yum or up2date to keep Clam updated. But his repository is aimed at Redhat. I have to compliment the ClamAV team for providing a great list of other sources for obtaining ClamAV. Perhaps taking a careful look there first is something we should all consider, if that resource has been overlooked. http://clamav.net/binary.html Thanks for a great product. John Hinton ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Cherishing my ignorance - An appeal to package rs
Jim Redman wrote: I have to say, of all the lists I subscribe to, the vocal members of this list are the most arrogant and insulting. However, I consider comments such as Luca Gibelli's, bandwidth wasting, We are happy to suffer this loss. and Dennis Peterson's His specific problem is he lacks the skill to install and manage the product reflect more about the person making the comment, rather than the target. I really hope this thread dies a quick death. If you consider L.Gibelli's and D.Petterson's replys a bandwidth wasting, what are you calling your repetitive mindless blather like I'm not spending another two days monkeying with configuration? None of the comparably few and well documented options in ClamAv's config files should be hard to understand for someone who is allegedly administrating Linux servers since late 1.x release, not to mention a software developer like you also alleged to be. As for your comparison with a doorknob, if a doorknob has the better arguments it's reasonable that you don't want to debate with it. I'm sorry for the probably arrogant and insulting tone but you're literally asking for it. -- Q: Because it reverses the logical flow of conversation. A: Why is putting a reply at the top of the message frowned upon? ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Cherishing my ignorance - An appeal to package rs
Dennis Peterson wrote: Jim Redman wrote: Your opinions, seem to be the prevalent attitude of the vocal members of this list - if you don't suffer, it wasn't worth it. His specific problem is he lacks the skill to install and manage the product. It's rather sad to see that this elitist attitude - which was commonplace on Usenet back in the early 90's - is still alive and well here in 2006. I'm not sure why people who otherwise are enthusiastic supporters of open source don't see how this damages the community. The argument is also flawed. So, the people criticizing the OP's premise all build their software from scratch, build their own OS distributions, and never used packaged software - right? No? Do you at least review all the source code before you install a package? No? We've built up these layers not always because the end users don't have the knowledge to reproduce them themselves, but because it would be a waste of effort to replicate them. This hold as true for rewriting a virus scanning engine from scratch as it does for writing your own installation script. (If your environment requires custom behavior, then by all means, write your own installation script...or for that matter, customize the virus scanning engine.) Ease of installation is valued by knowledgeable users also. Why spend time on a problem that others have already solved hundreds of times over. I'd much rather use my time in solving unexpected problems that are specific to my environment. There are good reasons why distributions providing packaged software are the dominant distributions in use today. Instead of attacking the OP's premise, a more productive response is suggesting other repositories that offer better packages, and other distributions that provide better designed packages, and fortunately this information was provided by others in among the noise. It would also be nice to see the project leaders show a better attitude towards package maintainers. Not to say they necessarily have a poor attitude towards them, but there wasn't anything positive put forth in this thread. No one expects ClamAV to natively support specific distributions, but a statement along the lines of yeah, we've heard the Fedora RPM isn't the smoothest install, but we're working with the maintainer to improve it. Or, we've accepted and incorporated numerous patches from downstream packagers, so if you're having a problem with a specific package, your best recourse is to report the problem to the maintainer and have them report to us any changes that need to be made. A related issue is how often it is recommended on the list just to build from source. It's an understandable way to respond to packaging problems on a project list, where the project has no direct control over the packages. It's the fastest work-around, and the only short-term solution. But it suggests that packaging for ClamAV seems to be more problematic than for other comparable apps., and maybe that's because more could be done in the core project to accommodate packagers. -Tom -- Tom Metro Venture Logic, Newton, MA, USA Enterprise solutions through open source. Professional Profile: http://tmetro.venturelogic.com/ ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Cherishing my ignorance - An appeal to package rs
tBB wrote: I'm sorry for the probably arrogant and insulting tone but you're literally asking for it. Perhaps he is asking for it, but he's also right. ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Cherishing my ignorance - An appeal to package rs
On Thu, Nov 09, 2006 at 07:23:22PM -0500, Tom Metro said: Dennis Peterson wrote: Jim Redman wrote: Your opinions, seem to be the prevalent attitude of the vocal members of this list - if you don't suffer, it wasn't worth it. His specific problem is he lacks the skill to install and manage the product. It's rather sad to see that this elitist attitude - which was commonplace on Usenet back in the early 90's - is still alive and well here in 2006. I'm not sure why people who otherwise are enthusiastic supporters of open source don't see how this damages the community. I agree that the argument you don't want to spend your time looking at gdb/valgrind/whatever output, so your input isn't welcome is a flawed argument. I do feel that we have to ask a little bit from people who intend to run servers, though. I have always felt that one of the reasons we have giant waves of botnets is the idea that anyone can run an internet facing computer. Not to say we can't be more welcoming to newcomers, but I do think we have to ask for something in return. It would also be nice to see the project leaders show a better attitude towards package maintainers. Not to say they necessarily have a poor attitude towards them, but there wasn't anything positive put forth in this thread. No one expects ClamAV to natively support specific distributions, but a statement along the lines of yeah, we've heard the Fedora RPM isn't the smoothest install, but we're working with the maintainer to improve it. Or, we've accepted and incorporated numerous patches from downstream packagers, so if you're having a problem with a specific package, your best recourse is to report the problem to the maintainer and have them report to us any changes that need to be made. Speaking as a downstream packager, I have always had a very good relationship with all of the clamav team members, except when I manage to put my foot in my mouth. They have always been curteous, respectful, and willing to accomodate issues that arise from the specific wierdnesses of working within distro restraints. Even when I manage to put my foot in my mouth, they have managed to have the good grace to forget reasonably quickly :) It's true that, in general, it's best to run as recent a version of the code base as possible for support and/or security issues, but that's the same with every codebase, and not particular to clamav. -- -- | Stephen Gran | Catharsis is something I associate with | | [EMAIL PROTECTED] | pornography and crossword puzzles. -- | | http://www.lobefin.net/~steve | Howard Chaykin | -- signature.asc Description: Digital signature ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Cherishing my ignorance - An appeal to package rs
Dennis Peterson wrote: Jim Redman wrote: Your opinions, seem to be the prevalent attitude of the vocal members of this list - if you don't suffer, it wasn't worth it. His specific problem is he lacks the skill to install and manage the product. It's rather sad to see that this elitist attitude - which was commonplace on Usenet back in the early 90's - is still alive and well here in 2006. I'm not sure why people who otherwise are enthusiastic supporters of open source don't see how this damages the community. Everyone is a volunteer - the best that can be done in an all-volunteer market place is being done now. In this case it was not good enough for the OP. He could have offered to pay somebody to teach him or an employee how to package things to his liking but he did not. Like you, he expects that somebody will hear the whine and respond with a turnkey package. And in a year when an upgrade is needed he will wonder why that volunteer abandonded the project and left all his customers hanging, never realizing they he has no customers, as he volunteered his labor. Open source is a beautiful thing but it does not come with a promise of endentured servitude on the part of the maintainers. If one cannot do what is needed to install and maintain a product one should hire it out or find another product. One should not get pissy with the volunteer support group that is a keystone to this product's success. Better than ranting here about it you could write the turnkey package for him in the spirit of Kum-Bay-Yah and good fellowship. He's desperate for a solution as long as he doesn't have to put any effort into it. As for providing alternate solutions, that what Google is for - this is 2006, afterall. dp ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Cherishing my ignorance - An appeal to package rs
My god! This topic hasn't been killed yet?!? ___ http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] Cherishing my ignorance - An appeal to package rs
John Rudd wrote: Dennis Peterson wrote: My not-so-automated update process looks like this: wget (link to current clamav-XXX.tar.gz) tar xzf clamav-XXX.tar.gz cd clamav-XXX configure --disable-zlib-vcheck make su make install service clamav restart service freshclam restart You would be wise to uninstall the previous installation so that you don't end up with split versions. The man pages have not always been consistent nor have library names, and uninstall (make uninstall) helps prevent this. It would be nice, though, if there was a clamav-current.tar.gz to download, so that such automated processes could be done more ... automated. I don't know that I would want to automate a build script that much. I generally want to be available whenever I install software (source or RPM) just in case something breaks. I've never even bothered to automate the process. ClamAV doesn't update THAT frequently and when it does, the download and build process is very fast even when done manually. Of course, if I had to install it on more than a couple of machines, I might want a script that I could feed the current filename, but I haven't gotten there yet. -- Bowie ___ http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] Cherishing my ignorance - An appeal to package rs
Jim Redman wrote: James, James Kosin wrote: Jim Redman wrote: Of all the packages I install (Fedora), clamav is the only modern package that fails to install and just work. -- snip -- Jim You are ranting to the wrong group of people. ClamAV has nothing to do with RPM packages or maintaining Fedora releases of the extra packages they have. If you want to stay more up to date on these, you should consider maybe ATRPMs or DAG for a repository for ClamAV. Or take the route many here will offer of compiling from SOURCE. If you assume that people want to go back to the good old days of compiling from source and dealing with the hassle of dependencies, manually updating with every release, etc. etc. then I think your mistaken - I can say for sure that I don't. Similarly for downloading only the official tar or whatever and starting configuration from there. Hassle? My not-so-automated update process looks like this: wget (link to current clamav-XXX.tar.gz) tar xzf clamav-XXX.tar.gz cd clamav-XXX configure --disable-zlib-vcheck make su make install service clamav restart service freshclam restart I've never had any problems with this. ClamAV is very stable and doesn't rely on much of anything else. For the initial install, I think I had to manually create the 'clamav' user before I built it, and after the install, I had to drop the init files into place so that it would start on bootup. -- Bowie ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Cherishing my ignorance - An appeal to package rs
My not-so-automated update process looks like this: wget (link to current clamav-XXX.tar.gz) tar xzf clamav-XXX.tar.gz cd clamav-XXX configure --disable-zlib-vcheck make su make install service clamav restart service freshclam restart You would be wise to uninstall the previous installation so that you don't end up with split versions. The man pages have not always been consistent nor have library names, and uninstall (make uninstall) helps prevent this. dp ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Cherishing my ignorance - An appeal to package rs
Bowie, Bowie Bailey wrote: Hassle? My not-so-automated update process looks like this: wget (link to current clamav-XXX.tar.gz) tar xzf clamav-XXX.tar.gz cd clamav-XXX configure --disable-zlib-vcheck make su make install service clamav restart service freshclam restart The obvious observation that while this might work for you it's not a general solution, so now everyone needs to create a script. If you use only one computer for a firewall and mail machine (as I do) it is a generally considered a bad idea to have gcc on that system - a missing compiler provides one more challenge once the system is hacked. So, while this might work for you, assuming your ClamAV machine is behind a firewall, this is probably not a good general solution. IF you ARE running this on a machine that is not behind a firewall, then you are tending to validate my point that a good, solid, foolproof installation would help people to avoid security problems - like having gcc on a firewall. In this case, if such an install existed you might not have been tempted to build from source and so closed one more hole on your system. Jim -- Jim Redman (505) 662 5156 x85 http://www.ergotech.com ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Cherishing my ignorance - An appeal to package rs
On Tue, 07 Nov 2006 14:43:11 -0700 Jim Redman [EMAIL PROTECTED] wrote: Bowie, Bowie Bailey wrote: Hassle? My not-so-automated update process looks like this: wget (link to current clamav-XXX.tar.gz) tar xzf clamav-XXX.tar.gz cd clamav-XXX configure --disable-zlib-vcheck make su make install service clamav restart service freshclam restart The obvious observation that while this might work for you it's not a general solution, so now everyone needs to create a script. If you use only one computer for a firewall and mail machine (as I do) it is a generally considered a bad idea to have gcc on that system - a missing compiler provides one more challenge once the system is hacked. As opposed to downloading an executable, running a script? If you've got access to the machine at a level that a compiler can be of use to you then the server's lost anyway. Do you offer webmail services? Then you've probably got php installed on your mail server... You really do need to get out of the mindset that you don't actually need to know what you're doing to administer a server. It is *NOT* a trivial task, requires skills to support it, and years of experience to do it well. Unfortunately, nobody thinks that way until they've seen the mess. Sorry to take this off topic, but I've made my living as a freelance sysadmin since 1987 and I've seen the results time and time again. Steve ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Cherishing my ignorance - An appeal to package rs
Bowie, The obvious observation that while this might work for you it's not a general solution, so now everyone needs to create a script. F'chrissake... It is trivial to do this. Less than 10 minutes, start to stop. I wrote the script I use 3 years and it took just minutes. I have 10 mail servers in 5 timezones and three continents. They are all updated within 30 minutes of a new drop. This is not rocket science - in fact this is very simple stuff. If you are challenged by *any* of this you are in the wrong business. dp ___ http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] Cherishing my ignorance - An appeal to package rs
If it runs out of cron it runs for just milli- seconds - other wise it is in the proc table Assuming of course that you don't end up with hundreds of spawned cron jons. For some reason, I have seen more often than I care to think, multiple cron jobs firing off freshclam and then not hanging up. This can very very quickly eat away machine resource and lead to fatal failures. I have never had this behaviour using the freshclam daemon. So running freshclam in daemon mode may well use a tad more resource, in my life it has proved hundreds of time more reliable. (I run FC3, 4 and 5 in 32 and 64bit platforms and have seen this behaviour on only my 64 bit systems) B ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Cherishing my ignorance - An appeal to package rs
Dennis Peterson wrote: My not-so-automated update process looks like this: wget (link to current clamav-XXX.tar.gz) tar xzf clamav-XXX.tar.gz cd clamav-XXX configure --disable-zlib-vcheck make su make install service clamav restart service freshclam restart You would be wise to uninstall the previous installation so that you don't end up with split versions. The man pages have not always been consistent nor have library names, and uninstall (make uninstall) helps prevent this. This only serves to illustrate the OP's point. -- Craig ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Cherishing my ignorance - An appeal to package rs
Steve, Steve Holdoway wrote: You really do need to get out of the mindset that you don't actually need to know what you're doing to administer a server. It is *NOT* a trivial task, requires skills to support it, and years of experience to do it well. Your opinions, seem to be the prevalent attitude of the vocal members of this list - if you don't suffer, it wasn't worth it. I would argue that I'm know enough about server administration to realize that my knowledge of ClamAV will never be as deep as others on this list, how much better if they create a secure, stable, successful, packaged configuration and everyone (which happens to also include me!) benefits from their knowledge. Or does that sound like flamebait? Jim -- Jim Redman (505) 662 5156 x85 http://www.ergotech.com ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Cherishing my ignorance - An appeal to package rs
On Tue, 7 Nov 2006, Jim Redman wrote: Your opinions, seem to be the prevalent attitude of the vocal members of this list - if you don't suffer, it wasn't worth it. I would disagree, in that I don't see it as suffering. Forgive me if I missed it, but what is your specific problem ? Perhaps we have different definitions of suffering. The only specific complaint I saw was the message Your version is outdated, and that seems to me to be a very simple English declarative sentence, with a simple solution. You are running an old version, get a new one. == Chris Candreva -- [EMAIL PROTECTED] -- (914) 967-7816 WestNet Internet Services of Westchester http://www.westnet.com/ ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Cherishing my ignorance - An appeal to package rs
Chris, Christopher X. Candreva wrote: On Tue, 7 Nov 2006, Jim Redman wrote: Your opinions, seem to be the prevalent attitude of the vocal members of this list - if you don't suffer, it wasn't worth it. I would disagree, in that I don't see it as suffering. Forgive me if I missed it, but what is your specific problem ? Perhaps we have different definitions of suffering. The only specific complaint I saw was the message Your version is outdated, and that seems to me to be a very simple English declarative sentence, with a simple solution. You are running an old version, get a new one. Sorry, my point has nothing to do with my particular suffering or any particular aspect of that - or at least only indirectly. My observation is that of all the modern packages ClamAV fails to install and run successfully and securely without operator intervention. I think that this should be refined to reference Fedora packages and perhaps not all of them. There are a number of reasons why I consider this a bad thing (other opinions have been expressed by others on the list). 1) It sucks my time because I immediately have to learn more than I want to about ClamAV (and freshclam and clamav-milter and the interactions between all these applications). 2) The installation is probably going to be sub-optimal because I don't have enough time to spend on ClamAV to become the expert that others on this list clearly are. 3) It encourages bad/insecure installations because people (including me) without enough time to spend on researching the best way to install ClamAV (and associated apps) will be ignorant of possible security hole (or not recognize the significance of them). Bad installations could be REALLY bad - is there any way ClamAV could be instrumental in generating mails to the SENDER of a virus e-mail? 4) (Altruism) It limits the adoption of ClamAV which in turn increase the number/penetration of viruses. Of course 1) is entirely negated by the amount of time spent this afternoon answering e-mails to the list (I really DO have other things that I should be doing other than dealing with ClamAV). Jim -- Jim Redman (505) 662 5156 x85 http://www.ergotech.com ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Cherishing my ignorance - An appeal to package rs
You would be wise to uninstall the previous installation so that you don't end up with split versions. The man pages have not always been consistent nor have library names, and uninstall (make uninstall) helps prevent this. This only serves to illustrate the OP's point. I agree - this simple step is far too complex for anyone to manage alone. By all means bring on the spoon feeders and lift this burden from our frail selves. Don't be confused by such things as best practices and self reliance when all we need do is wait for the packagers to come to our rescue. Except the packagers don't always agree on where to put things and what to call them and so damn, we're still left to follow best practices and make sure all the work is done correctly. dp ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Cherishing my ignorance - An appeal to package rs
If it runs out of cron it runs for just milli- seconds - other wise it is in the proc table Assuming of course that you don't end up with hundreds of spawned cron jons. rocket science Run the following fc.sh script from cron every hour #!/bin/sh # usage: fc.sh [now] # Any argument will bypass the random sleep period if /usr/bin/pgrep -x freshclam /dev/null 21; then echo 'Killing a stale instance of freshclam.' |\ /usr/bin/mailx -s '[mailhost05] freshclam error' [EMAIL PROTECTED] /usr/bin/pkill freshclam || echo 'Unable to kill freshclam' fi # if no arg to script, sleep random = 1800 seconds if [ -z $1 ]; then /usr/bin/bash -c '/usr/bin/sleep $[ RANDOM % 1800 ]' fi /usr/local/bin/freshclam --quiet --daemon-notify=/usr/local/etc/clamd.conf /dev/null 21 # end of script /rocket science dp ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Cherishing my ignorance - An appeal to package rs
On Tue, 7 Nov 2006, Jim Redman wrote: Your opinions, seem to be the prevalent attitude of the vocal members of this list - if you don't suffer, it wasn't worth it. I would disagree, in that I don't see it as suffering. Forgive me if I missed it, but what is your specific problem ? Perhaps we have different definitions of suffering. His specific problem is he lacks the skill to install and manage the product. He thinks the responsibility for correcting this deficiency belongs to unnamed packagers. So far he's not offered to pay anyone to do his job for him, but I'm available at my usual $300/hour. dp ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Cherishing my ignorance - An appeal to package rs
Dennis Peterson wrote: My not-so-automated update process looks like this: wget (link to current clamav-XXX.tar.gz) tar xzf clamav-XXX.tar.gz cd clamav-XXX configure --disable-zlib-vcheck make su make install service clamav restart service freshclam restart You would be wise to uninstall the previous installation so that you don't end up with split versions. The man pages have not always been consistent nor have library names, and uninstall (make uninstall) helps prevent this. It would be nice, though, if there was a clamav-current.tar.gz to download, so that such automated processes could be done more ... automated. ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Cherishing my ignorance - An appeal to package rs
Dennis Peterson wrote: Bowie, The obvious observation that while this might work for you it's not a general solution, so now everyone needs to create a script. F'chrissake... It is trivial to do this. Less than 10 minutes, start to stop. I wrote the script I use 3 years and it took just minutes. I have 10 mail servers in 5 timezones and three continents. They are all updated within 30 minutes of a new drop. This is not rocket science - in fact this is very simple stuff. If you are challenged by *any* of this you are in the wrong business. Care to share your script? (and, hopefully its written in a fashion that is portable, instead of being linux specific ... or worse yet, specific to a given linux distro) ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Cherishing my ignorance - An appeal to package rs
John Rudd wrote: Dennis Peterson wrote: Bowie, The obvious observation that while this might work for you it's not a general solution, so now everyone needs to create a script. F'chrissake... It is trivial to do this. Less than 10 minutes, start to stop. I wrote the script I use 3 years and it took just minutes. I have 10 mail servers in 5 timezones and three continents. They are all updated within 30 minutes of a new drop. This is not rocket science - in fact this is very simple stuff. If you are challenged by *any* of this you are in the wrong business. Care to share your script? (and, hopefully its written in a fashion that is portable, instead of being linux specific ... or worse yet, specific to a given linux distro) I don't care for any flavor of Linux. The only Linux system I manage has Postfix installed and I don't care for it, either. The script is simply what has been suggested already. I run Solaris and korn shell but bourne shell works the same: Download the new release to a download directory Burst the tar.gz file in a working directory, gzip the tar file and put it into a permanent central repository. run buildit.sh (see below) cd to the build directory of the currently running version, run svcadm disable clamd, run make uninstall, cd - and run make install. While that's happening I examine the new config files to see what changes are made since the last version. I tweak them to suit my needs and put them in RCS and the working directory. I then run svcadm enable clamd, and then perform some tests on example viruses I have for the purpose. On the next cycle, within the hour, cfengine propagates the binaries to all the managed systems and restarts them. The buildit.sh script is just a short script that consistently configures the build between versions and then runs make. I use user smmsp because that is also the user that my milter runs as it it simplifies ownerships. And it means I don't have to install a new account. buildit.sh: #!/bin/sh ./configure \ --enable-milter \ --enable-bigstack \ --disable-clamuko \ --with-user=smmsp \ --with-group=smmsp \ --without-curl \ --without-clamav-milter |tee config.txt make |tee build.log # end Your requirements will likely vary and you probably don't have cfengine installed. I'd hate to be without it. dp ___ http://lurker.clamav.net/list/clamav-users.html