[clamav-users] (no subject)

[John ff]

⁣Get TypeApp for Android ​___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Re: [clamav-users] (no subject)

[Arnaud Jacques]

Hello,

I’m using clamwin antivirus on windows server 2003 but now I can’t 
update anymore.


You probably can use ClamAV for Windows 
(https://www.clamav.net/downloads) and start learning how it works in 
command line.



--
Cordialement / Best regards,

Arnaud Jacques
Gérant de SecuriteInfo.com

Téléphone : +33-(0)3.60.47.09.81
E-mail : a...@securiteinfo.com
Site web : https://www.securiteinfo.com
Facebook : https://www.facebook.com/pages/SecuriteInfocom/132872523492286
Twitter : @SecuriteInfoCom
Signatures for ClamAV antivirus : http://ow.ly/LqfdL

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] (no subject)

[Joel Esler (jesler) via clamav-users]

ClamWin is not a ClamAV product.   They use our engine, but we don’t make it.

ClamWin needs to update to a more current version of ClamAV, they are very far 
behind.

— 
Sent from my  iPad

> On Mar 6, 2021, at 21:54, Tech Support via clamav-users 
>  wrote:
> 
> 
> Hi,
>  
>  
> I’m using clamwin antivirus on windows server 2003 but now I can’t update 
> anymore.
>  
> I hope there is a way that you can give me support on it.
>  
>  
> Regards,
>  
> 
> ___
> 
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml


smime.p7s
Description: S/MIME cryptographic signature

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] (no subject)

[Tech Support via clamav-users]

Hi,

 

 

I'm using clamwin antivirus on windows server 2003 but now I can't update
anymore. 

 

I hope there is a way that you can give me support on it.

 

 

Regards,

 


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] (no subject)

[Tim Hawkins]

Unsubscribe

Sent from Nine



DISCLAIMER

The information contained in this email and any attachments are confidential. 
It is intended solely for the individual or entity to whom they are addressed. 
Access to this email by anyone else is unauthorized.

If you are not the intended recipient, any disclosure, copying, distribution or 
any action taken or omitted to be taken in reliance on it, is prohibited and 
may be unlawful. If you have received this communication in error, please 
notify us immediately by responding to this email and then delete it from your 
system.

The Red Flag Group is neither liable for the proper and complete transmission 
of the information contained in this communication nor for any delay in its 
receipt.

Any advice, recommendations or opinion contained within this email or its 
attachments are not to be construed as legal advice.

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] (no subject)

[Albert o]

Can you guys please tell me the right way to disable MaxFileSize?
In my clamd.conf I'm using
MaxScanSize 10M
MaxFileSize 10M
Would placing a # in front of the parameters make it scan any file not
depending on its size?
What about using
MaxScanSize 0
MaxFileSize 0
or even deleting the parameters?
I would like to scan every file in my system since I believe there are
some big files with viruses (buffer overflows).
Would "sudo clamscan -r --remove=yes /" be the right command for
scanning the whole system?
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] (No Subject)

[Micah Snyder (micasnyd)]

I'm told that the current implementation for VirusEvent in clamd doesn't play 
well with OnAccess scanning due to the way clamd and OnAccess use threads and 
the way the current VirusEvent feature relies on forking.  VirusEvent was 
disabled when used with OnAccess until a better implementation can be 
implemented.

We have a bugzilla ticket here to track the issue: 
https://bugzilla.clamav.net/show_bug.cgi?id=12152.

Regards,
Micah

Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.


On Aug 3, 2018, at 10:38 PM, greengrasseyes 
mailto:greengrasse...@protonmail.com>> wrote:

I am having a similar issue can anyone confirm or deny this is the
reason for issue:

https://bbs.archlinux.org/viewtopic.php?id=237489

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] (No Subject)

[greengrasseyes]

I am having a similar issue can anyone confirm or deny this is the
reason for issue:

https://bbs.archlinux.org/viewtopic.php?id=237489

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] (no subject)

[Remi Bruggeman]

Welcome

1. Please see the documentation:
https://www.clamav.net/documents/installing-clamav
bash # yum install -y epel-release # yum install -y clamav

2. This is not clamav related. Though: You can use " yum install 
yum-plugin-downloadonly" to enable you to download the packages on another 
system, put it on a stick or dvd if you like and create a new repo locally on 
your offline system.
Much easier ould be to configure your iptables.



-Original Message-
From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On Behalf Of 
Robert Huth
Sent: Friday, April 20, 2018 1:49 PM
To: clamav-users@lists.clamav.net
Subject: [clamav-users] (no subject)

Hello,

I am new to the Linux world and I am learning as I go. I have a couple of
issues that I would like to get resolved.  Please feel free to provide me
answers as to how can I resolved these on my own.


My issues are as follow.

1. I am not able to install ClamAV 0.100.0. I have installed epel v7 with
no issue. When i usethe following command "yum install ClamAV" (File name)
the installation starts and then list errors (see attachment). The errors
look as if a previous version is trying to install.
2. How will I be able to install updates to the system.  The laptop will
not be allow to connected to other networks or the internet once it is
approved for processing information. This will be a standalone PC. Is there
any solution such as a CD/ DVD that can be used to download and tranfer the
definitions to the PC? If so what is the process for getting the updated
definitions.


System Configuration
One standalone laptop
Running Windows 10 (Host OS)
VMWare Pro 14 with RHEL 6.9 install as the guest
Clam AV version used is ClamAV 0.100.0


Thanks,
Robert
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

The information contained in this e-mail is for the exclusive use of the 
intended recipient(s) and may be confidential, proprietary, and/or 
legally privileged.  Inadvertent disclosure of this message does not 
constitute a waiver of any privilege.  If you receive this message in 
error, please do not directly or indirectly use, print, copy, forward,
or disclose any part of this message.  Please also delete this e-mail 
and all copies and notify the sender.  Thank you. 

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] (no subject)

[Robert Huth]

Hello,

I am new to the Linux world and I am learning as I go. I have a couple of
issues that I would like to get resolved.  Please feel free to provide me
answers as to how can I resolved these on my own.


My issues are as follow.

1. I am not able to install ClamAV 0.100.0. I have installed epel v7 with
no issue. When i usethe following command "yum install ClamAV" (File name)
the installation starts and then list errors (see attachment). The errors
look as if a previous version is trying to install.
2. How will I be able to install updates to the system.  The laptop will
not be allow to connected to other networks or the internet once it is
approved for processing information. This will be a standalone PC. Is there
any solution such as a CD/ DVD that can be used to download and tranfer the
definitions to the PC? If so what is the process for getting the updated
definitions.


System Configuration
One standalone laptop
Running Windows 10 (Host OS)
VMWare Pro 14 with RHEL 6.9 install as the guest
Clam AV version used is ClamAV 0.100.0


Thanks,
Robert
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] (no subject)

[Reindl Harald]

for the sake of archives and readers:

can mailing lists please start to reject posts with braindead "(no 
subject)" and people learn to compose readable mails where answers are 
not randomly on top, bottom and dozen times signatures quoted?


i could puke each time someone replies to this thread
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] (no subject)

[Ed Christiansen MS]

wget database.clamav.net/daily.cvd for the daily updates.

On 12/6/2017 12:03 PM, George wrote:

Thanks, but this doesn't update the daily.cvd. Should I wait for you to fix
the mirros or can I do something myself? Sorry for bothering you, but if
there was some guide on what to do in such cases, I would use it myself.

Best regards,
George

2017-12-06 18:32 GMT+02:00 Thomas McCourt (tmccourt) :


Hello,

Yeah, run the wget command

Wget database.clamav.net/main.cvd
That should download it


Thanks,


Tom





On 12/6/17, 11:18 AM, "clamav-users on behalf of George" <
clamav-users-boun...@lists.clamav.net on behalf of gdparlic...@gmail.com>
wrote:


wget
database.clamav.net/main.cvd'

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml





smime.p7s
Description: S/MIME Cryptographic Signature
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] (no subject)

[George]

Thanks, but this doesn't update the daily.cvd. Should I wait for you to fix
the mirros or can I do something myself? Sorry for bothering you, but if
there was some guide on what to do in such cases, I would use it myself.

Best regards,
George

2017-12-06 18:32 GMT+02:00 Thomas McCourt (tmccourt) :

> Hello,
>
> Yeah, run the wget command
>
> Wget database.clamav.net/main.cvd
> That should download it
>
>
> Thanks,
>
>
> Tom
>
>
>
>
>
> On 12/6/17, 11:18 AM, "clamav-users on behalf of George" <
> clamav-users-boun...@lists.clamav.net on behalf of gdparlic...@gmail.com>
> wrote:
>
> >wget
> >database.clamav.net/main.cvd'
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] (no subject)

[Thomas McCourt (tmccourt)]

Hello,

Yeah, run the wget command

Wget database.clamav.net/main.cvd
That should download it


Thanks,


Tom





On 12/6/17, 11:18 AM, "clamav-users on behalf of George" 
 
wrote:

>wget
>database.clamav.net/main.cvd'
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] (no subject)

[George]

Hi Tom,

Thanks for this timely reply. Could you provide a solution or link to
update the database by myself?

Best regards,
George


2017-12-06 16:57 GMT+02:00 Thomas McCourt (tmccourt) :

> Hello George,
>
> I will look into those mirrors to see if they are down. IF a mirror is not
> working, it should look to find another one. You could also try 'wget
> database.clamav.net/main.cvd'
> To see if it manually downloads it that way, then drop the file in the
> location
>
>
> We have been working hard to correct a lot of mirror issues, but as you
> can see- we still have a long way to go to make mirrors work better.
> It is my hope that I can get the mirrors more stable for everyone moving
> forward.
>
>
> Thank you,
>
>
> Tom M
>
>
>
>
> On 12/6/17, 7:14 AM, "clamav-users on behalf of George" <
> clamav-users-boun...@lists.clamav.net on behalf of gdparlic...@gmail.com>
> wrote:
>
> >Dear All,
> >
> >How do I update my ClamAV database? I can provide the following details
> >regarding my problem:
> >1. I run ClamAV 0.99.2/24010;
> >2. After starting clamscan, I get "The virus database is older than 7
> days!
> >Please update it as soon as possible."
> >3. Ran "sudo /etc/init.d/clamav-freshclam stop; sudo freshclam -v to
> >manually update the ClamAV database, however;
> >4. The following error keeps repeating:
> >
> >Retrieving http://db.local.clamav.net/daily-24011.cdiff
> >Ignoring mirror 193.92.150.194 (due to previous errors)
> >Ignoring mirror 193.92.150.194 (due to previous errors)
> >WARNING: getpatch: Can't download daily-24011.cdiff from
> db.local.clamav.net
> >...
> >Giving up on database.clamav.net...
> >
> >5. So I restarted the ClamAV daemon:
> >user@virus:~$ sudo /etc/init.d/clamav-freshclam start
> >[ ok ] Starting clamav-freshclam (via systemctl):
> clamav-freshclam.service.
> >
> >After reading the documentation (https://www.clamav.net/documents/) and
> the
> >Archives and finding no solution, I decided to ask the community.
> >Please find attached the full Clamscan error log and my trial to update
> the
> >database manually. Please find the log output below (between #START and
> >#END). Thanks in advance.
> >
> >Best regards,
> >George
> >
>
>I deleted the rest of the message
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] (no subject)

[Thomas McCourt (tmccourt)]

Hello George,

I will look into those mirrors to see if they are down. IF a mirror is not 
working, it should look to find another one. You could also try 'wget 
database.clamav.net/main.cvd'
To see if it manually downloads it that way, then drop the file in the location 


We have been working hard to correct a lot of mirror issues, but as you can 
see- we still have a long way to go to make mirrors work better.
It is my hope that I can get the mirrors more stable for everyone moving 
forward.


Thank you,


Tom M




On 12/6/17, 7:14 AM, "clamav-users on behalf of George" 
 
wrote:

>Dear All,
>
>How do I update my ClamAV database? I can provide the following details
>regarding my problem:
>1. I run ClamAV 0.99.2/24010;
>2. After starting clamscan, I get "The virus database is older than 7 days!
>Please update it as soon as possible."
>3. Ran "sudo /etc/init.d/clamav-freshclam stop; sudo freshclam -v to
>manually update the ClamAV database, however;
>4. The following error keeps repeating:
>
>Retrieving http://db.local.clamav.net/daily-24011.cdiff
>Ignoring mirror 193.92.150.194 (due to previous errors)
>Ignoring mirror 193.92.150.194 (due to previous errors)
>WARNING: getpatch: Can't download daily-24011.cdiff from db.local.clamav.net
>...
>Giving up on database.clamav.net...
>
>5. So I restarted the ClamAV daemon:
>user@virus:~$ sudo /etc/init.d/clamav-freshclam start
>[ ok ] Starting clamav-freshclam (via systemctl): clamav-freshclam.service.
>
>After reading the documentation (https://www.clamav.net/documents/) and the
>Archives and finding no solution, I decided to ask the community.
>Please find attached the full Clamscan error log and my trial to update the
>database manually. Please find the log output below (between #START and
>#END). Thanks in advance.
>
>Best regards,
>George
>
>#START
>user@virus:~$ freshclam
>ERROR: Can't open /var/log/clamav/freshclam.log in append mode (check
>permissions!).
>ERROR: Problem with internal logger (UpdateLogFile =
>/var/log/clamav/freshclam.log).
>user@virus:~$ man clamscan
>user@virus:~$ clamscan -r --max-filesize=5 -i --remove /home/user
>LibClamAV Warning: **
>LibClamAV Warning: ***  The virus database is older than 7 days!  ***
>LibClamAV Warning: ***   Please update it as soon as possible.***
>LibClamAV Warning: **
>
>--- SCAN SUMMARY ---
>Known viruses: 9515915
>Engine version: 0.99.2
>Scanned directories: 9277
>Scanned files: 73380
>Infected files: 0
>Total errors: 2
>Data scanned: 0.00 MB
>Data read: 44128.53 MB (ratio 0.00:1)
>Time: 324.804 sec (5 m 24 s)
>user@virus:~$ sudo /etc/init.d/clamav-freshclam stop
>[sudo] password for user:
>[ ok ] Stopping clamav-freshclam (via systemctl): clamav-freshclam.service.
>user@virus:~$ freshclam
>ERROR: Can't open /var/log/clamav/freshclam.log in append mode (check
>permissions!).
>ERROR: Problem with internal logger (UpdateLogFile =
>/var/log/clamav/freshclam.log).
>user@virus:~$ sudo freshclam -v
>Current working dir is /var/lib/clamav
>Max retries == 5
>ClamAV update process started at Tue Nov 21 11:07:07 2017
>Using IPv6 aware code
>Querying current.cvd.clamav.net
>TTL: 1748
>Software version from DNS: 0.99.2
>main.cvd version from DNS: 58
>main.cld is up to date (version: 58, sigs: 4566249, f-level: 60, builder:
>sigmgr)
>daily.cvd version from DNS: 24059
>Retrieving http://db.local.clamav.net/daily-24011.cdiff
>Ignoring mirror 193.92.150.194 (due to previous errors)
>Ignoring mirror 193.92.150.194 (due to previous errors)
>WARNING: getpatch: Can't download daily-24011.cdiff from db.local.clamav.net
>Retrieving http://db.local.clamav.net/daily-24011.cdiff
>Ignoring mirror 193.92.150.194 (due to previous errors)
>WARNING: getpatch: Can't download daily-24011.cdiff from db.local.clamav.net
>Retrieving http://db.local.clamav.net/daily-24011.cdiff
>Ignoring mirror 193.92.150.194 (due to previous errors)
>WARNING: getpatch: Can't download daily-24011.cdiff from db.local.clamav.net
>Retrieving http://db.local.clamav.net/daily-24011.cdiff
>Ignoring mirror 193.92.150.194 (due to previous errors)
>WARNING: getpatch: Can't download daily-24011.cdiff from db.local.clamav.net
>Retrieving http://db.local.clamav.net/daily-24011.cdiff
>Ignoring mirror 193.92.150.194 (due to previous errors)
>WARNING: getpatch: Can't download daily-24011.cdiff from db.local.clamav.net
>WARNING: Incremental update failed, trying to download daily.cvd
>Whitelisting short-term blacklisted mirrors
>Retrieving http://db.local.clamav.net/daily.cvd
>Ignoring mirror 193.92.150.194 (due to previous errors)
>Ignoring mirror 193.92.150.194 (due to previous errors)
>WARNING: Can't download daily.cvd from db.local.clamav.net
>Trying again in 5 secs...
>ClamAV update process started at Tue Nov 21 11:07:18 2017
>Using IPv6 aware code
>Querying current.cvd.clamav.net

Re: [clamav-users] (no subject)

[Thomas McCourt (tmccourt)]

Hey,

Firstly, this is a permissions issue with the freshclam.log file. I would 
verify that clamav can write to the log file and see what you have the 
permissions of that file as.
IF you created the clamav user when you first installed clamav, you might need 
to chown the file with the clamav user.

You can also check the freshclam.conf file to verify that it looks good with 
the logging (pointing in the right location..etc)


Thank you,


Tom M




On 12/6/17, 7:22 AM, "clamav-users on behalf of Rob Sterenborg" 
 
wrote:

>ERROR: Can't open /var/log/clamav/freshclam.log in append mode (check
>permissions!).
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] (no subject)

[Rob Sterenborg]

> ERROR: Can't open /var/log/clamav/freshclam.log in append mode (check
> permissions!).
> ERROR: Problem with internal logger (UpdateLogFile =
> /var/log/clamav/freshclam.log).

I expect you solved this already?

> WARNING: getpatch: Can't download daily-24011.cdiff from db.local.clamav.net

Whenever I see this and freshclam cannot resolve it by itself, what I usually 
do is just remove all signature files (or move them elsewhere) and re-run 
freshclam. Then it will download all signature files again and be fully 
updated. I don't know if there's another/better solution; it just works for me.


--
Rob

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] (no subject)

[George]

Dear All,

How do I update my ClamAV database? I can provide the following details
regarding my problem:
1. I run ClamAV 0.99.2/24010;
2. After starting clamscan, I get "The virus database is older than 7 days!
Please update it as soon as possible."
3. Ran "sudo /etc/init.d/clamav-freshclam stop; sudo freshclam -v to
manually update the ClamAV database, however;
4. The following error keeps repeating:

Retrieving http://db.local.clamav.net/daily-24011.cdiff
Ignoring mirror 193.92.150.194 (due to previous errors)
Ignoring mirror 193.92.150.194 (due to previous errors)
WARNING: getpatch: Can't download daily-24011.cdiff from db.local.clamav.net
...
Giving up on database.clamav.net...

5. So I restarted the ClamAV daemon:
user@virus:~$ sudo /etc/init.d/clamav-freshclam start
[ ok ] Starting clamav-freshclam (via systemctl): clamav-freshclam.service.

After reading the documentation (https://www.clamav.net/documents/) and the
Archives and finding no solution, I decided to ask the community.
Please find attached the full Clamscan error log and my trial to update the
database manually. Please find the log output below (between #START and
#END). Thanks in advance.

Best regards,
George

#START
user@virus:~$ freshclam
ERROR: Can't open /var/log/clamav/freshclam.log in append mode (check
permissions!).
ERROR: Problem with internal logger (UpdateLogFile =
/var/log/clamav/freshclam.log).
user@virus:~$ man clamscan
user@virus:~$ clamscan -r --max-filesize=5 -i --remove /home/user
LibClamAV Warning: **
LibClamAV Warning: ***  The virus database is older than 7 days!  ***
LibClamAV Warning: ***   Please update it as soon as possible.***
LibClamAV Warning: **

--- SCAN SUMMARY ---
Known viruses: 9515915
Engine version: 0.99.2
Scanned directories: 9277
Scanned files: 73380
Infected files: 0
Total errors: 2
Data scanned: 0.00 MB
Data read: 44128.53 MB (ratio 0.00:1)
Time: 324.804 sec (5 m 24 s)
user@virus:~$ sudo /etc/init.d/clamav-freshclam stop
[sudo] password for user:
[ ok ] Stopping clamav-freshclam (via systemctl): clamav-freshclam.service.
user@virus:~$ freshclam
ERROR: Can't open /var/log/clamav/freshclam.log in append mode (check
permissions!).
ERROR: Problem with internal logger (UpdateLogFile =
/var/log/clamav/freshclam.log).
user@virus:~$ sudo freshclam -v
Current working dir is /var/lib/clamav
Max retries == 5
ClamAV update process started at Tue Nov 21 11:07:07 2017
Using IPv6 aware code
Querying current.cvd.clamav.net
TTL: 1748
Software version from DNS: 0.99.2
main.cvd version from DNS: 58
main.cld is up to date (version: 58, sigs: 4566249, f-level: 60, builder:
sigmgr)
daily.cvd version from DNS: 24059
Retrieving http://db.local.clamav.net/daily-24011.cdiff
Ignoring mirror 193.92.150.194 (due to previous errors)
Ignoring mirror 193.92.150.194 (due to previous errors)
WARNING: getpatch: Can't download daily-24011.cdiff from db.local.clamav.net
Retrieving http://db.local.clamav.net/daily-24011.cdiff
Ignoring mirror 193.92.150.194 (due to previous errors)
WARNING: getpatch: Can't download daily-24011.cdiff from db.local.clamav.net
Retrieving http://db.local.clamav.net/daily-24011.cdiff
Ignoring mirror 193.92.150.194 (due to previous errors)
WARNING: getpatch: Can't download daily-24011.cdiff from db.local.clamav.net
Retrieving http://db.local.clamav.net/daily-24011.cdiff
Ignoring mirror 193.92.150.194 (due to previous errors)
WARNING: getpatch: Can't download daily-24011.cdiff from db.local.clamav.net
Retrieving http://db.local.clamav.net/daily-24011.cdiff
Ignoring mirror 193.92.150.194 (due to previous errors)
WARNING: getpatch: Can't download daily-24011.cdiff from db.local.clamav.net
WARNING: Incremental update failed, trying to download daily.cvd
Whitelisting short-term blacklisted mirrors
Retrieving http://db.local.clamav.net/daily.cvd
Ignoring mirror 193.92.150.194 (due to previous errors)
Ignoring mirror 193.92.150.194 (due to previous errors)
WARNING: Can't download daily.cvd from db.local.clamav.net
Trying again in 5 secs...
ClamAV update process started at Tue Nov 21 11:07:18 2017
Using IPv6 aware code
Querying current.cvd.clamav.net
TTL: 1736
Software version from DNS: 0.99.2
main.cvd version from DNS: 58
main.cld is up to date (version: 58, sigs: 4566249, f-level: 60, builder:
sigmgr)
daily.cvd version from DNS: 24059
Retrieving http://db.local.clamav.net/daily-24011.cdiff
Ignoring mirror 193.92.150.194 (due to previous errors)
WARNING: getpatch: Can't download daily-24011.cdiff from db.local.clamav.net
Retrieving http://db.local.clamav.net/daily-24011.cdiff
Ignoring mirror 193.92.150.194 (due to previous errors)
WARNING: getpatch: Can't download daily-24011.cdiff from db.local.clamav.net
Retrieving http://db.local.clamav.net/daily-24011.cdiff
Ignoring mirror 193.92.150.194 (due to previous errors)
WARNING: getpatch: Can't download daily-24011.cdiff from db.local.clamav.net

Re: [clamav-users] (no subject)

[Reindl Harald]

Am 10.03.2017 um 02:50 schrieb Benny Pedersen:

Reindl Harald skrev den 2017-03-10 00:42:

guess what the list-footer is for (idiot - since every day anotehr one
like you does the same bullshit mailing to a list of hunredts or
thounsands of people)


what was your point of reply public here and still complaining of abuse,
hmm very clever


yeah because others may recognize the purpose of the list footer and 
don't do the same



please filter it localy, and dont make it worse on maillists, problem is
that not much mua clients know how to use list-id headers for self
services, users just post to maillists to be subscribed, lol :=)


*lol* that's why 
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-user is on 
bottom of every single list mail and so you can't blame the MUA



if you reply here i will drop all future mails from you, no need to
fight with me on it


Benny, given the quality of your responses the past 5 years on several 
lists there is not much i could care less

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] (no subject)

[Joel Esler (jesler)]

These come in spurts.   When we suddenly get a rash of 50-100 new people on the 
list for whatever reason, we get one or two of these.   

Part of being a member of a community.  It sucks that we have these every now 
and again, and it can be annoying, but we just guide them to the exit and call 
it a day.  

Am going through the same in another community I manage, Snort, where we 
recently added about a thousand members to the list in a month, we had about 30 
want to pull the ejector handle.  

Just guide them to the exit, and move on.  

Thanks all.  

--
Sent from my iPhone

> On Mar 9, 2017, at 20:50, Benny Pedersen  wrote:
> 
> Reindl Harald skrev den 2017-03-10 00:42:
>> guess what the list-footer is for (idiot - since every day anotehr one
>> like you does the same bullshit mailing to a list of hunredts or
>> thounsands of people)
> 
> what was your point of reply public here and still complaining of abuse, hmm 
> very clever
> 
> please filter it localy, and dont make it worse on maillists, problem is that 
> not much mua clients know how to use list-id headers for self services, users 
> just post to maillists to be subscribed, lol :=)
> 
> if you reply here i will drop all future mails from you, no need to fight 
> with me on it
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] (no subject)

[Benny Pedersen]

Reindl Harald skrev den 2017-03-10 00:42:

guess what the list-footer is for (idiot - since every day anotehr one
like you does the same bullshit mailing to a list of hunredts or
thounsands of people)


what was your point of reply public here and still complaining of abuse, 
hmm very clever


please filter it localy, and dont make it worse on maillists, problem is 
that not much mua clients know how to use list-id headers for self 
services, users just post to maillists to be subscribed, lol :=)


if you reply here i will drop all future mails from you, no need to 
fight with me on it

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] (no subject)

[Reindl Harald]

guess what the list-footer is for (idiot - since every day anotehr one 
like you does the same bullshit mailing to a list of hunredts or 
thounsands of people)


> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Am 09.03.2017 um 17:04 schrieb bijan gilani:

Please take me off of your list. Unsubscribe me.

Bijan Gilani
BA, MA, MS, PhD
(310) 270-3000
bgil...@luenaarts.com

luenaarts.com

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] (no subject)

[Al Varnell]

You must do that for yourself near the bottom of this page: 
.

-Al-

On Thu, Mar 09, 2017 at 08:04 AM, bijan gilani wrote:
> 
> Please take me off of your list. Unsubscribe me.
> 
> Bijan Gilani


smime.p7s
Description: S/MIME cryptographic signature
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] (no subject)

[bijan gilani]

Please take me off of your list. Unsubscribe me.

Bijan Gilani
BA, MA, MS, PhD
(310) 270-3000
bgil...@luenaarts.com

luenaarts.com

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] (no subject)

[Steve Basford]

>LibClamaV Warning: fmap_readpage : preadfail : asked for 4085
>bytes@offset11, got 0

An old post but hopefully advice is still sound...

http://www.gossamer-threads.com/lists/clamav/users/50788

Cheers,

Steve
Web : sanesecurity.com
Blog: sanesecurity.blogspot.com
Twitter: @sanesecurity

___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] (no subject)

[Dennis Peterson]

Is the file currently being written to by another process?

dp

On 9/3/16 2:07 AM, Gérard Lemarié wrote:

Hello,


When I run a clamscan on my computer, clamav returns to me an lot of similar 
error messages :


LibClamaV Warning: fmap_readpage : preadfail : asked for 4085 bytes@offset11, 
got 0


Could you help me for this ?

Regards
Gérard Lemarié

___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml



___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] (no subject)

[Gérard Lemarié]

Hello,


When I run a clamscan on my computer, clamav returns to me an lot of similar 
error messages :


LibClamaV Warning: fmap_readpage : preadfail : asked for 4085 bytes@offset11, 
got 0


Could you help me for this ?

Regards
Gérard Lemarié

___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] (no subject)

[naresh hcu]

Respected Sir/Madam,

Could you  tell me  step-wise how to install stable version 0.98.5 from
source code in ubuntu???

---

Naresh

On Sun, Dec 28, 2014 at 1:47 AM, jpff j...@codemist.co.uk wrote:

 Thank you Shawn; that fixes it.  I did look at the archive but clearly
 inadequately

 All working at company and university
 ==John ffitch
 ___
 Help us build a comprehensive ClamAV guide:
 https://github.com/vrtadmin/clamav-faq

 http://www.clamav.net/contact.html#ml

___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] (no subject)

[jpff]

Thank you Shawn; that fixes it.  I did look at the archive but clearly
inadequately

All working at company and university
==John ffitch
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] (no subject)

[jpff]

Since building 0.98.5 I am seeing

ERROR: This tool requires libclamav with functionality level 79 or higher 
(current f-level: 77)


when updating rules.  I assume I have some mis-configuration but what?
==John ff
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] (no subject)

[Shawn Webb]

On Sun, Dec 21, 2014 at 9:04 AM, jpff j...@codemist.co.uk wrote:

 Since building 0.98.5 I am seeing

 ERROR: This tool requires libclamav with functionality level 79 or higher
 (current f-level: 77)

 when updating rules.  I assume I have some mis-configuration but what?
 ==John ff


Hey John,

You can take a look at this email thread on the clamav-users mailing list
for a solution:
http://lurker.clamav.net/message/20141119.095431.a8b6e9c8.en.html

Thanks,

Shawn
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] (no subject)

[Steffen Ewert]

Hi,

with the newest DB (updated 4hours ago) I get the following virus detection:

/share/c-on/download/Netzwerk/WebTools/DokuWiki/dokuwiki-2011-05-25a.tgz: 
PHP.Exploit.CVE_2011_4153-2 FOUND
/share/c-on/download/Netzwerk/WebTools/DokuWiki/dokuwiki-2009-12-25c.tgz: 
PHP.Exploit.CVE_2011_4153-2 FOUND

I assume this must be a wrong detection because both files wasn't changed since 
I had downloaded it (my backup application calc's every night a checksum of 
each file and only if the checksum differs the file will be backup again and 
the last time of the backup of both files was the day I have downloaded and 
stored the files).

May be there are also other DokuWiki tgz files with this virus detection. I 
have only stored this both dokuwiki tgz files on my disk.

Any other there which can confirm this (hopefully) wrong virus detection with 
the newest DB?

Thanks and regards,
Steffen
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] (no subject)

[Al Varnell]

I sent a note out on this yesterday with reference to most Mac OS X users
who have /usr/php/install-pear-nozlib.phar on their hard drives, having
already submitted the file as an FP.  Since then there have been a couple of
other Unix users report similar results and a promise to get back to us, but
nothing yet.

Check the list archive for details.

Whether it's of any consequence or not depends on what version of PHP you
have.  The CVE was reported back in January and concerned PHP 5.3.8 which
was apparently patched with PHP 5.4.0, but that's all I can seem to find
out.


-Al-
 
-- 
Al Varnell
Mountain View, CA

On 10/17/12 12:11 AM, Steffen Ewert  wrote:

 Hi,
 
 with the newest DB (updated 4hours ago) I get the following virus detection:
 
 /share/c-on/download/Netzwerk/WebTools/DokuWiki/dokuwiki-2011-05-25a.tgz:
 PHP.Exploit.CVE_2011_4153-2 FOUND
 /share/c-on/download/Netzwerk/WebTools/DokuWiki/dokuwiki-2009-12-25c.tgz:
 PHP.Exploit.CVE_2011_4153-2 FOUND
 
 I assume this must be a wrong detection because both files wasn't changed
 since I had downloaded it (my backup application calc's every night a checksum
 of each file and only if the checksum differs the file will be backup again
 and the last time of the backup of both files was the day I have downloaded
 and stored the files).
 
 May be there are also other DokuWiki tgz files with this virus detection. I
 have only stored this both dokuwiki tgz files on my disk.
 
 Any other there which can confirm this (hopefully) wrong virus detection with
 the newest DB?


___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] (no subject)

[Steffen Ewert]

Found your message. Thanks Al!

(and sorry for my forgotten subject ... :-(  )

Steffen

 I sent a note out on this yesterday with reference to most Mac OS X users
 who have /usr/php/install-pear-nozlib.phar on their hard drives, having
 already submitted the file as an FP.  Since then there have been a couple of
 other Unix users report similar results and a promise to get back to us, but
 nothing yet.
 
 Check the list archive for details.
 
 Whether it's of any consequence or not depends on what version of PHP you
 have.  The CVE was reported back in January and concerned PHP 5.3.8 which
 was apparently patched with PHP 5.4.0, but that's all I can seem to find
 out.
 
 
 -Al-
  
 -- 
 Al Varnell
 Mountain View, CA
 
 On 10/17/12 12:11 AM, Steffen Ewert  wrote:
 
  Hi,
  
  with the newest DB (updated 4hours ago) I get the following virus detection:
  
  /share/c-on/download/Netzwerk/WebTools/DokuWiki/dokuwiki-2011-05-25a.tgz:
  PHP.Exploit.CVE_2011_4153-2 FOUND
  /share/c-on/download/Netzwerk/WebTools/DokuWiki/dokuwiki-2009-12-25c.tgz:
  PHP.Exploit.CVE_2011_4153-2 FOUND
  
  I assume this must be a wrong detection because both files wasn't changed
  since I had downloaded it (my backup application calc's every night a 
  checksum
  of each file and only if the checksum differs the file will be backup again
  and the last time of the backup of both files was the day I have downloaded
  and stored the files).
  
  May be there are also other DokuWiki tgz files with this virus detection. I
  have only stored this both dokuwiki tgz files on my disk.
  
  Any other there which can confirm this (hopefully) wrong virus detection 
  with
  the newest DB?
 
 
 ___
 Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
 http://www.clamav.net/support/ml

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] (no subject)

[Alain Zidouemba]

The signature has been updated this morning to:

PHP.Exploit.CVE_2011_4153-2:0:*:3c3f{-512}646566696e6528{-20}7374725f72657065617428{-20}2461726776

Please update your signatures to Daily CVD 15471 or later.

Thanks,

- Alain
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

[clamav-users] (no subject)

[Andrew Thompson]

Hello
We were seeing a number of files being quarantined earlier with the reference
BC.Exploit.CVE_2012_1847 FOUND and BC.Exploit.CVE_2012_0184 FOUND. The CVE
numbers point to vulnerabilities found in Microsoft's Excel and Office
suites. However, the files were not only excel spreadsheets but also some
.msi files and word .doc files. Our other AV scanners (Sophos and Avira) see
the files as clean, so is this a false positive ? I'm assuming yes. Also,
interestingly, a copy of one of the files put back on the affected server has
not been quarantined again. The various definitions have been updated by
freshclam, so we are all up to date currently on that score. If someone could
confirm if this was a signature that was wrong and causing the quarantine,
that would be great.

Version info below:
 clamscan -V
ClamAV 0.97.3/14913/Fri May 11 16:03:22 2012

running on a Centos 5.7 box.

Thanks in advance.

Andrew



--

Andrew Thompson

and...@x-2.org.uk
_
This mail sent using V-webmail - http://www.v-webmail.org

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] (no subject)

[Joel Esler]

Please run freshclam, an update has been pushed.

Joel

On May 11, 2012, at 11:40 AM, Andrew Thompson wrote:

 
 Hello
 We were seeing a number of files being quarantined earlier with the reference
 BC.Exploit.CVE_2012_1847 FOUND and BC.Exploit.CVE_2012_0184 FOUND. The CVE
 numbers point to vulnerabilities found in Microsoft's Excel and Office
 suites. However, the files were not only excel spreadsheets but also some
 .msi files and word .doc files. Our other AV scanners (Sophos and Avira) see
 the files as clean, so is this a false positive ? I'm assuming yes. Also,
 interestingly, a copy of one of the files put back on the affected server has
 not been quarantined again. The various definitions have been updated by
 freshclam, so we are all up to date currently on that score. If someone could
 confirm if this was a signature that was wrong and causing the quarantine,
 that would be great.
 
 Version info below:
 clamscan -V
 ClamAV 0.97.3/14913/Fri May 11 16:03:22 2012
 
 running on a Centos 5.7 box.
 
 Thanks in advance.
 
 Andrew
 
 
 
 --
 
 Andrew Thompson
 
 and...@x-2.org.uk
 _
 This mail sent using V-webmail - http://www.v-webmail.org
 
 ___
 Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
 http://www.clamav.net/support/ml

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

[clamav-users] (no subject)

[Jayson Brush]

Hello

I currently have ClamSMTP and ClamAV 0.97.3 installed on CentOS with
postfix and dovecot. The setup works and ClamAV properly scans all emails
and detects viruses. However, I have enabled the DLP module in Clamd to
detect CC numbers and SSNs and lowered the threshold to 1 for each. When I
send and SSN number Clam properly logs that there was a SSN attempted to be
sent. When I send any formatted Credit Card number, ClamAV does not
recognize that there is a credit card number contained in the body of the
text or as an attachment.

Does anyone have any knowledge about this? Am I missing something?

libclamav.so.6.1.12 lists

dlp_is_valid_ssn: SSN_%s: %s
dlp_is_valid_cc: AMEX (%s)
dlp_is_valid_cc: VISA [1] (%s)
dlp_is_valid_cc: Diners Club [1] (%s)
dlp_is_valid_cc: Diners Club [2] (%s)
dlp_is_valid_cc: JCB [1] (%s)
dlp_is_valid_cc: JCB [2] (%s)
dlp_is_valid_cc: VISA [2] (%s)
dlp_is_valid_cc: MASTERCARD (%s)
dlp_is_valid_cc: Discover (%s)


-- 
jayson
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] (no subject)

[Török Edwin]

On 03/03/2012 04:44 PM, Jayson Brush wrote:
 Hello
 
 I currently have ClamSMTP and ClamAV 0.97.3 installed on CentOS with
 postfix and dovecot. The setup works and ClamAV properly scans all emails
 and detects viruses. However, I have enabled the DLP module in Clamd to
 detect CC numbers and SSNs and lowered the threshold to 1 for each. When I
 send and SSN number Clam properly logs that there was a SSN attempted to be
 sent. When I send any formatted Credit Card number, ClamAV does not
 recognize that there is a credit card number contained in the body of the
 text or as an attachment.
 
 Does anyone have any knowledge about this? Am I missing something?

By default you need to have at least 3 Credit Card numbers to trigger a 
detection:

# This option sets the lowest number of Social Security Numbers found
# in a file to generate a detect.
# Default: 3
#StructuredMinSSNCount 5

Best regards,
--Edwin
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] (no subject)

[Jayson Brush]

Correct. I lowered the StructuredMinCreditCardCount from 3 to 1 and sent
five CC#s at a time with no detection. It does detect SSNs fine.

Thanks, any other suggestions?

2012/3/3 Török Edwin edwin+ml-cla...@etorok.net

 On 03/03/2012 04:44 PM, Jayson Brush wrote:
  Hello
 
  I currently have ClamSMTP and ClamAV 0.97.3 installed on CentOS with
  postfix and dovecot. The setup works and ClamAV properly scans all emails
  and detects viruses. However, I have enabled the DLP module in Clamd to
  detect CC numbers and SSNs and lowered the threshold to 1 for each. When
 I
  send and SSN number Clam properly logs that there was a SSN attempted to
 be
  sent. When I send any formatted Credit Card number, ClamAV does not
  recognize that there is a credit card number contained in the body of the
  text or as an attachment.
 
  Does anyone have any knowledge about this? Am I missing something?

 By default you need to have at least 3 Credit Card numbers to trigger a
 detection:

 # This option sets the lowest number of Social Security Numbers found
 # in a file to generate a detect.
 # Default: 3
 #StructuredMinSSNCount 5

 Best regards,
 --Edwin
 ___
 Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
 http://www.clamav.net/support/ml




-- 
jayson
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

[Clamav-users] (no subject)

[Eric Black]

Hi,

I'm having the same problem as described here: 
http://lurker.clamav.net/message/20100310.195831.c6c71431.en.html

I'm getting false positives on two older files starting today, so I uploaded 
the files and this was the server response: 

Result: 
This file is not detected by ClamAV. Please update your CVD database before 
reporting false-positives. If you are using third-party databases/unofficial 
signatures, please contact the author of the signature. We can only process 
false-positives generated by ClamAV Official signatures. 

Please correct the above errors and retry. Thank you for helping the ClamAV 
project.

Thank you,
Eric
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] (no subject)

[Al Varnell]

I had this issue last night.  It was fixed between the time I first reported 
the problem and the time I successfully uploaded the file.  I just updated the 
database one more time and no more false positives.

Sent from Janet's iPad

-Al-
-- 
Al Varnell

On Nov 8, 2010, at 1:21 PM, Eric Black ebl...@higherone.com wrote:

 
 Hi,
 
 I'm having the same problem as described here: 
 http://lurker.clamav.net/message/20100310.195831.c6c71431.en.html
 
 I'm getting false positives on two older files starting today, so I uploaded 
 the files and this was the server response: 
 
 Result: 
 This file is not detected by ClamAV. Please update your CVD database before 
 reporting false-positives. If you are using third-party databases/unofficial 
 signatures, please contact the author of the signature. We can only process 
 false-positives generated by ClamAV Official signatures. 
 
 Please correct the above errors and retry. Thank you for helping the ClamAV 
 project.
 
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] (no subject)

[Jobst Schmalenbach]

Until a few months ago I had 2(!!!) Redhat 7 servers in
full flight running compiled versions of sendmail and
clamav (amongst other things). I never had any problems 
to get the latest versions compiled 

Jobst


On Fri, Apr 16, 2010 at 01:22:53PM +0300, Török Edwin (edwinto...@gmail.com) 
wrote:
 On 04/16/2010 01:07 PM, Dima wrote:
 I have something very much doubt that this can be done on the old compiler
 using libraries of those times.
 
 People have successfully built ClamAV on various old systems, maybe
 not with all the features, but it surely built and run.
 
 Just give it a try.
 
 Best regards,
 --Edwin
 ___
 Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
 http://www.clamav.net/support/ml

-- 
best accelerated mac = 9.8 m/(s*s)

  | |0| |   Jobst Schmalenbach, jo...@barrett.com.au, General Manager
  | | |0|   Barrett Consulting Group P/L  The Meditation Room P/L
  |0|0|0|   +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] (no subject)

[Francesco Peeters]

On 4/21/10 05:38 , Jim Preston wrote:
 Steve Wray wrote:
 I am not a lawyer but I do think that this is something that the
 authorities might possibly examine.

 I do think that pushing out an update which disables functionality
 without explicitly requesting permission to make such a change
 *before* making that change *should* be criminal.

 Ie: without someone on the server which is about to have a service
 stopped having to at least press the 'y' key on their keyboard, for
 example.

 This kind of thing really is extremely arrogant, I can see no other
 way to put it. Sorry if that offends.

 PS: They did explicitly request permission by allowing users to
 comment on their proposed changes for 6 months. Where were your
 objections during that time?

 Jim
 ___
 Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
 http://www.clamav.net/support/ml

I always chuckle when aggressors shoot themselves in the foot like
that... Shows they've not actually READ the threads, and just jump on
their high horses like righteous knights... 
I was itching to type that reply, but - more like a just knight than a
righteous knight G - first read the rest of the posts... Thank you for
doing it, so I don't have to get in to the discussion again...

--FP
Thinking it's always good to realize there's people standing behind you
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] (no subject)

[lists]

On Tue, 2010-04-20 at 20:34 -0700, Jim Preston wrote:
 Well, prosecution would be justified if ClamAV had actually done 
 something illegal. 

They did. Releasing 'code' that they new had a potential to harm or
interfere with the operation of systems. It's a clearly defined CRIMINAL
offence in my part of the world. I suspect that this state of affairs is
also true in the USA if the case of Gary McKinnon is used as a point of
reference. Perhaps, Jim, you would like to offer the name and address of
the person pushing this code out if it does not bother you at all? I'm
sure there are a few pissed people in the UK and Europe who would like
to even the score up on behalf of Gary McKinnon.

It is also clearly a case of blackmail. 'If you don't do this, I will
break that' - again, that is a criminal offence in most parts of the
civilised world. (I do accept that this may have been the work of
*Americans* who may have lower moral and ethical standards than the rest
of the world). 

The correct thing to do would be to warn users of older versions that no
update was possible, leaving it running. Not to deliberately and
purposely crash it, and anything that depends on it. The mechanism
clearly exists to do that, no??:

WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.94.2 Recommended version: 0.96

It was notable to see the difficulty people had trying to update. Try
googling this: 'update clamav', first hit:
http://www.clamav.net/lang/en/
Now, from that link, try and find instructions on *how* to upgrade. It's
pretty appalling to find the info needed. It's fair to say You've had a
number of months to make sure that good, easy to find information is
easy to find in order to match the carnage you knew it would create for
some people. Sure, there is an email support list, but when clam has
crashed your mail server, that's about as much use as a chocolate tea
pot.

But in all of this ding dong something else rather amazing strikes me.
In a world of over 6 billion people there was not much noise made about
this in real terms, which may suggest just how insignificant CLAM is as
a project - this rather amuses me given the clear intent of breaking
systems was, in my view, more sinister. I hold the opinion that it was,
in part, an attempt to get people to notice CLAM and how they depend on
it, and in reality only a handful of people in this big wide world even
noticed it. It did not even make news anywhere. In fact, all it has done
is piss off a few people who may well stop using it - after all, it's
mostly only protecting windows machines at the gateway, and it does such
a poor job of it they all tend to rely on local AV anyway. Save the
clock cycles and future hassle and ditch it being plausible advice.


I'm sure the big players like Trend  Barracuda who sell CLAM in their
own products were not hurt by this spiteful, malicious and wicked act.
Nor was I. I guess they are used to issues with CLAM having to make
daily apologies for all the stuff it misses, let alone this little
moment in it's history. The people who probably suffered were just a
chunk of small businesses struggling to make ends meet, tiny clinics in
the middle of Africa hanging off a dial-up, or other groups with  not
much money or time. I'm sure they really needed the hassle of this on
top of everything else. I do hope your mother would be very proud of
you :-)

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] (no subject)

[Maurice Lucas - TAOS-IT]

 From: clamav-users-boun...@lists.clamav.net [mailto:clamav-users-
 boun...@lists.clamav.net] On Behalf Of Jim Preston
 Steve Wray wrote:
  Spiro Harvey wrote:
  Shame you haven't talked to to others - like havp for example -
 before
  doing this.
 
  The announcement to EOL the old releases was made at the start of
  october last year. If people using clam as an integral part of their
  software don't read announcements, what fault is that of the clam
  developers?
 
  They had 6 months to sort it out.
 
  The thing is that there are a few little issues here that, as points
  of law are not clear yet. In what follows words like 'vendor' may not
  be used entirely legally precisely, IANAL, but I am certain that with
  a bit of squinting my meaning will be clear.
 
  I know that in certain jurisdictions, reaching out to someone elses
  computer (ie not your property) and disabling functionality on it
  could constitute a criminal act.
 
  I sincerely hope that someone somewhere under such a jurisdiction
 goes
  to the police and reports the Clamav developers for such an offense.
  
  
 
 Well, prosecution would be justified if ClamAV had actually done
 something illegal. What they did was modifiy their signature database
 to
 support new features with advance notice and the fact that any
 particular installation of unsupported software failed to handle it
 properly is the onus of the owners / sysadmins of the individual
 systems. If you happen to fall into that category, then it is time to
 upgrade your system.
 

If it aint broke - don't fix it
People it is broken because YOU didn't want to fix it.
There was a message (not everybody saw the message but it was there and every 
deb, rpm, god knows which format developer/owner/maker who case about his 
product had 6 months to FIX it so the system wasn't going to break.

If you 
- compiled by hand: it's your problem
- installed a deb/rpm and your distro isn't updating because you didn't want to 
upgrade it: your problem
  Who are you going to beat if your system is hacked? Debian/ubuntu/RedHat 
- installed a deb/rpm and your distro isn't updating because your distro is 
EOL: it's your problem
  Who are you going to beat if your system is hacked? Debian/ubuntu/RedHat 

If your lock of the front door is very easy to break open do you want to change 
locks?


People please forget stupid child plays like my uptime is bigger than your 
uptime.

The system broke, because of a good reason(more/beter signatures) so update.
If you don't want to update your complete server buy a very small new one 
($400) and install only clamav on it or install it with vmware/kvm/xen/


met vriendelijke groet,
 
Maurice Lucas
 
TAOS-IT

Paulus Buijsstraat 191
2613 HR  Delft
www.taos-it.nl
KvK Haaglanden nr. 27254410
 
  Denk aan het milieu; is het afdrukken van deze e-mail echt noodzakelijk?


___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] (no subject)

[Dave Warren]

In message 4bce64a1.8040...@cwa.co.nz Steve Wray
steve.w...@cwa.co.nz was claimed to have wrote:

The thing is that there are a few little issues here that, as points of law 
are not clear yet. In what follows words like 'vendor' may not be used 
entirely legally precisely, IANAL, but I am certain that with a bit of 
squinting my meaning will be clear.

I know that in certain jurisdictions, reaching out to someone elses 
computer (ie not your property) and disabling functionality on it could 
constitute a criminal act.

ClamAV developers didn't reach out to anyone.

Rather, most minimally competent ClamAV administrators configure their
systems to connect to ClamAV's servers on a regular basis and download
updated definition files.

More importantly, administrators configured their systems to stop
flowing mail in the event of a ClamAV failure.  This is a configuration
choice, it's fairly trivial to configure mail to flow through unscanned
if you value a false sense of security over the potential of an outage.

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] (no subject)

[Maurice Lucas - TAOS-IT]

 -Original Message-
 From: clamav-users-boun...@lists.clamav.net [mailto:clamav-users-
 boun...@lists.clamav.net] On Behalf Of lists
 Sent: woensdag 21 april 2010 8:10
 To: ClamAV users ML
 Subject: Re: [Clamav-users] (no subject)
 
 On Tue, 2010-04-20 at 20:34 -0700, Jim Preston wrote:
  Well, prosecution would be justified if ClamAV had actually done
  something illegal.
 
 They did. Releasing 'code' that they new had a potential to harm or
 interfere with the operation of systems. It's a clearly defined
 CRIMINAL
 offence in my part of the world. I suspect that this state of affairs
 is
 also true in the USA if the case of Gary McKinnon is used as a point of
 reference. Perhaps, Jim, you would like to offer the name and address
 of
 the person pushing this code out if it does not bother you at all? I'm
 sure there are a few pissed people in the UK and Europe who would like
 to even the score up on behalf of Gary McKinnon.
 
 It is also clearly a case of blackmail. 'If you don't do this, I will
 break that' - again, that is a criminal offence in most parts of the
 civilised world. (I do accept that this may have been the work of
 *Americans* who may have lower moral and ethical standards than the
 rest
 of the world).

Please show us some evidence that clamav made you install there free product on 
your server. 
Why didn't you install some other product? 
Is it your server? Then you have the power to install every product you want 
onto the machine but YOU choose Clamav and they didn't ordered/payed/beat you 
to dead if you didn't install there product.



met vriendelijke groet,
 
Maurice Lucas
 
TAOS-IT

Paulus Buijsstraat 191
2613 HR  Delft
www.taos-it.nl
KvK Haaglanden nr. 27254410
 
  Denk aan het milieu; is het afdrukken van deze e-mail echt noodzakelijk?


___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] (no subject)

[lists]

On Wed, 2010-04-21 at 08:27 +0200, Maurice Lucas - TAOS-IT wrote:
  -Original Message-
  From: clamav-users-boun...@lists.clamav.net [mailto:clamav-users-
  boun...@lists.clamav.net] On Behalf Of lists
  Sent: woensdag 21 april 2010 8:10
  To: ClamAV users ML
  Subject: Re: [Clamav-users] (no subject)
  
  On Tue, 2010-04-20 at 20:34 -0700, Jim Preston wrote:
   Well, prosecution would be justified if ClamAV had actually done
   something illegal.
  
  They did. Releasing 'code' that they new had a potential to harm or
  interfere with the operation of systems. It's a clearly defined
  CRIMINAL
  offence in my part of the world. I suspect that this state of affairs
  is
  also true in the USA if the case of Gary McKinnon is used as a point of
  reference. Perhaps, Jim, you would like to offer the name and address
  of
  the person pushing this code out if it does not bother you at all? I'm
  sure there are a few pissed people in the UK and Europe who would like
  to even the score up on behalf of Gary McKinnon.
  
  It is also clearly a case of blackmail. 'If you don't do this, I will
  break that' - again, that is a criminal offence in most parts of the
  civilised world. (I do accept that this may have been the work of
  *Americans* who may have lower moral and ethical standards than the
  rest
  of the world).
 
 Please show us some evidence that clamav made you install there free product 
 on your server. 
 Why didn't you install some other product? 
 Is it your server? Then you have the power to install every product you want 
 onto the machine but YOU choose Clamav and they didn't ordered/payed/beat you 
 to dead if you didn't install there product.
 
Doesn't change a thing. If you threaten me with a course of action, if I
fail to do something that is blackmail. It's nothing else. It does not
matter if the product is free. 

For instance, if I go to a shop and they give me a radio free. I take
that radio home and use it. If that shop then calls me up and says 'If
you don't change that radio, I'm going to break it' it is a case of
blackmail.

Have a nice day :-)

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] (no subject)

[Simon Hobson]

Steve Wray wrote:

I know that in certain jurisdictions, reaching out to someone elses 
computer (ie not your property) and disabling functionality on it 
could constitute a criminal act.


I am also of the opinion that it was illegal under UK law.

I sincerely hope that someone somewhere under such a jurisdiction 
goes to the police and reports the Clamav developers for such an 
offense.


Why?

snip

I don't. As already pointed out, there are enough threats to FOSS and 
we don't need to be shooting ourselves in the collective foot over 
this.



Jason Haar wrote:


ClamAV devs: your response was appropriate. I speak on behalf of the 99%
of sites unaffected by this. You can tell that as only 10 people seem to
be involved in this thread.


Only 10 people who thought it worth while to put their hands up and 
say something about it. There will be many who will have seen the 
threads and decided they have nothing more to add than me too, and 
probably a fair number that are waiting for their friendly tech to 
unbreak their appliance.



Jim Preston wrote:

Well, prosecution would be justified if ClamAV had actually done 
something illegal. What they did was modifiy their signature 
database to support new features with advance notice and the fact 
that any particular installation of unsupported software failed to 
handle it properly is the onus of the owners / sysadmins of the 
individual systems. If you happen to fall into that category, then 
it is time to upgrade your system.


So, suppose you live on some lane where there's a problem with people 
racing up and down at night on motorcycles with no lights etc. You've 
remonstrated with them to be more responsible, but they've not 
listened. Eventually, you put a notice up in your garden giving them 
6 months to sort themselves out as then you'll be doing something 
about it.
Do you really think the police and courts would accept an argument of 
it was their own fault, I warned them, they carried on so it's not 
my fault they decapitated themselves with the wire I strung across 
the lane ? There are so many areas where just telling someone you 
are going to do something does NOT make it legal - and for good 
reason.


You did not tell ME, therefore you did not have permission FROM ME to 
makes changes to the way MY server operates. Giving notice that you 
are going to trespass does not make that trespass legal, even if you 
had come directly to me door and told me in person - which of course 
no-one did even in computer terms of making any sort of related 
message appear on my system.
Describing it as issuing an update to signatures is just semantics 
- the signature was known to, and described as being solely to, break 
the system (or at least the ClamAV element of it. No matter how the 
server is configured, that is going to affect operations - either 
stop mail from moving, or stop it being scanned.
You also cannot claim that my downloading of updates constitutes an 
invite - it constitutes an invite to put AV sig updates on there for 
the purpose of detecting new threats. A poison pill update doesn't 
fit that description.



Jim Preston wrote:

PS: They did explicitly request permission by allowing users to 
comment on their proposed changes for 6 months. Where were your 
objections during that time?


See above, that does NOT in any way constitute requesting my 
permission. If you got up one morning and found your car gone from 
the drive, I'd guess you'd call the police and report it stolen. 
Would you accept if the manufacturer had recalled it, and in lieu of 
actually asking your personal permission, had placed an add in a few 
trade journals to say that they'd just be lifting them off owners 
drives ? Would you accept that by not responding to one of those ads, 
you'd given them permission ? Do you think the police and courts 
would ?



Dave Warren wrote:


ClamAV developers didn't reach out to anyone.

Rather, most minimally competent ClamAV administrators configure their
systems to connect to ClamAV's servers on a regular basis and download
updated definition files.


That again is trying to use fine points of language to excuse 
trespass. As stated above, the relation between users and the ClamAV 
team is based on by running Freshclam, the user is inviting the team 
to supply AV updates for the purposes of detecting new threats - and 
I'm fairly sure that any reasonable person would consider it stopped 
there.


By their own admission, the ClamAV team send an update which was not 
to detect new threats, it was specifically and solely to make certain 
installations stop working properly. No if's but's or maybe's, that 
is the stated intention of the update.


It caused computer systems to stop working correctly, it was 
deliberately designed to do so, and it was delivered in a manner that 
could not be considered to be covered by the implied consent of 
running Freshclam to fetch threat signature updates.


AND, it was not the only option 

Re: [Clamav-users] (no subject)

[Christer Boräng]

In message 1271831753.5073.28.ca...@localhost, lists writes:
For instance, if I go to a shop and they give me a radio free. I take
that radio home and use it. If that shop then calls me up and says 'If
you don't change that radio, I'm going to break it' it is a case of
blackmail.

A better analogy would be that the shop calls you up to say We're
switching to digital, your analog radio will stop working in six
months, and, in six months time, the radio no longer has anything to
listen to...

//Christer

-- 
| Hagåkersgatan 18C | Phone: Home +46 31 43 52 03   CTH: +46 31 772 5431  |
| S-431 41 Mölndal  |Cell: +46 707 53 57 57   |
| Sweden| Mail:  m...@chalmers.se |
An NT server can be run by an idiot, and usually is. -- Tom Holub, a.h.b-o-i


___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] (no subject)

[Stephan von Krawczynski]

On Wed, 21 Apr 2010 08:20:08 +0200
Maurice Lucas - TAOS-IT mslu...@taos-it.nl wrote:

 If your lock of the front door is very easy to break open do you want to 
 change locks?

Sorry to jump in.
There is a pretty famous film made by Michael Moore where he tested exactly
this topic (closed doors) in Canada and found out that leaving doors unlocked
right away can indeed make more sense than shooting anybody coming in because
of own paranoia.
If one really does not have the moral insight to understand that you never
should harm others' systems only because you feel that it is your right to do
so, well, how would you argue with someone like that?
Isn't the project all about fighting software that tries to harm your computer
_somehow_?
I see no signs that the project team feels to have crossed a border line they
shouldn't have. And that is even more sad. Nobody beats you for making a
mistake. People only beat you for not being able to learn from it and simply
say sorry, we did not foresee the problems we created. This was not our
intention. we try to avoid this in the future.
Instead they only say Bad luck. Your fault. Expect equivalent for future
releases.
There have already been projects in the past that suffered a lot from such a
point of view. The ones still alive mostly got forked.
Btw, I was not hit by the problem - this time.

 [...]
 met vriendelijke groet,
  
 Maurice Lucas


-- 
Regards,
Stephan

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] (no subject)

[Simon Hobson]

Christer Boräng wrote:

In message 1271831753.5073.28.ca...@localhost, lists writes:

For instance, if I go to a shop and they give me a radio free. I take
that radio home and use it. If that shop then calls me up and says 'If
you don't change that radio, I'm going to break it' it is a case of
blackmail.


A better analogy would be that the shop calls you up to say We're
switching to digital, your analog radio will stop working in six
months, and, in six months time, the radio no longer has anything to
listen to...


Not a good analogy either.
If you want to use that one, it's more like a 
major broadcaster deciding to go digital - and 
then comeing round to blow up your radio to stop 
you listening to the local station you actually 
want to listen to that is still on analogue.

--
Simon Hobson

Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
author Gladys Hobson. Novels - poetry - short stories - ideal as
Christmas stocking fillers. Some available as e-books.
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] (no subject)

[Jerry]

On Wed, 21 Apr 2010 08:15:35 +0100
Simon Hobson li...@thehobsons.co.uk articulated:

[snip]

I had thought by now that this thread would have died a natural death.
Obviously, I was mistaken. It has continued to pollute this forum for
nearly a week.

What has become conspicuously apparent is that if those who are doing
the most complaining had spend even one percent of that time keeping
their systems up-to-date and keeping themselves abreast of current
development and deployment strategies with the software they employ,
this whole discussion would be academic.

In the interest of eliminating any further waste of my time or computer
resources, I am now instigating a kill filter on this thread.

Have a nice day!

-- 
Jerry
clamav.u...@seibercom.net

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the Reply-To header.
__

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] (no subject)

[tBB]

Jerry wrote:

 What has become conspicuously apparent is that if those who are doing
 the most complaining had spend even one percent of that time keeping
 their systems up-to-date and keeping themselves abreast of current
 development and deployment strategies with the software they employ,
 this whole discussion would be academic.
 
 In the interest of eliminating any further waste of my time or computer
 resources, I am now instigating a kill filter on this thread.

+1


-- 

 Q: Because it reverses the logical flow of conversation.
 A: Why is putting a reply at the top of the message frowned upon?
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] (no subject)

[Rob Sterenborg]

  In the interest of eliminating any further waste of my time or
  computer resources, I am now instigating a kill filter on this
  thread.
 
 +1

+1

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] (no subject)

[Steve Basford]

 +1

+0x1

but if you *really* must...
http://www.acepolls.com/polls/1116421-clamav-eol-what-do-you-think

Steve
Sanesecurity



___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] (no subject)

[Jim Preston]

lists wrote:


Please show us some evidence that clamav made you install there free product on your server. 
Why didn't you install some other product? 
Is it your server? Then you have the power to install every product you want onto the machine but YOU choose Clamav and they didn't ordered/payed/beat you to dead if you didn't install there product.




Doesn't change a thing. If you threaten me with a course of action, if I
fail to do something that is blackmail. It's nothing else. It does not
matter if the product is free. 


For instance, if I go to a shop and they give me a radio free. I take
that radio home and use it. If that shop then calls me up and says 'If
you don't change that radio, I'm going to break it' it is a case of
blackmail.

Have a nice day :-)
  
How is warning you that there is a change blackmail? I think the notices 
from banks and credit card companies that they are going jack my 
interest rate to 30% (inject whatever percentage you like) and if I do 
not like it I can immediately pay off my debt. Now THAT is blackmail. 
ClamAV gave you warning. Why did you not simply unistall ClamAV and go 
with another product?


Have a nice day :^)

Jim
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] (no subject)

[Simon Hobson]

Jerry wrote:


I had thought by now that this thread would have died a natural death.
Obviously, I was mistaken. It has continued to pollute this forum for
nearly a week.

What has become conspicuously apparent is that if those who are doing
the most complaining had spend even one percent of that time keeping
their systems up-to-date and keeping themselves abreast of current
development and deployment strategies with the software they employ,
this whole discussion would be academic.

In the interest of eliminating any further waste of my time or computer
resources, I am now instigating a kill filter on this thread.


That's right - if I can't bully everyone round to my way of thinking, 
then I'm taking my ball home. A very grown up attitude !


You (and I mean a small subset of people who are unconditionally 
supporting the action taken by the ClamAV team) have consistently 
used false logic, outright lies, personal insults, and arguments 
worthy of criminal defences to try and weasel out of any blame 
whatsoever for having misjudged things rather badly.


Put bluntly, if people had admitted early on that perhaps it could 
have been handled better, that perhaps they didn't consider all 
classes/types of user, and that it is perhaps not unreasonable that 
users could be a trifle annoyed ... then this **WOULD** have blown 
over ages ago.


It's not that you had to do something that people are complaining 
about, it's not that you ended support for updates to older versions 
that people are complaining about, it's the way you did it and the 
way you refuse to accept that there can be any other valid viewpoint 
that really p***es people off. You may, if you'd read the messages, 
have noted that even people who were not affected by this thought you 
got it wrong.


--
Simon Hobson

Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
author Gladys Hobson. Novels - poetry - short stories - ideal as
Christmas stocking fillers. Some available as e-books.
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] (no subject)

[Eric Rostetter]

Quoting lists li...@retrochoons.co.uk:


Doesn't change a thing. If you threaten me with a course of action, if I
fail to do something that is blackmail. It's nothing else. It does not
matter if the product is free.


This is not the definition of blackmail, in common usage or in law in most
areas.

In common usage, it means:

Blackmail is the crime of threatening to reveal substantially true  
information about a person to the public, a family member, or  
associates unless a demand made upon the victim is met. This  
information is usually of an embarrassing, socially damaging, and/or  
incriminating nature. As the information is substantially true, the  
act of revealing the information may not be criminal in its own right  
nor amount to a civil law defamation; the crime is making demands in  
exchange for withholding it. [1]


In English law, which extends it to menaces and hence might cover this,
there are exceptions to blackmail which state:

... unless the person making it does so in the belief:
(a) that he has reasonable grounds for making the demand; and
(b) that the use of the menaces is a proper means of reinforcing  
the demand.


And I'm sure the clamav folks thought they were being reasonable and using the
proper means, so there.

So, you are totally wrong calling this blackmail.


For instance, if I go to a shop and they give me a radio free. I take
that radio home and use it. If that shop then calls me up and says 'If
you don't change that radio, I'm going to break it' it is a case of
blackmail.


Nope, sorry.  It is not.  Maybe you mean Coercion?


Have a nice day :-)


Will do! :)

[1] http://en.wikipedia.org/wiki/Blackmail


--
Eric Rostetter
The Department of Physics
The University of Texas at Austin

Go Longhorns!
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] (no subject)

[Eric Rostetter]

Quoting Simon Hobson li...@thehobsons.co.uk:

Put bluntly, if people had admitted early on that perhaps it could  
have been handled better, that perhaps they didn't consider all  
classes/types of user, and that it is perhaps not unreasonable that  
users could be a trifle annoyed ... then this **WOULD** have blown  
over ages ago.


I've admitted this often, from the beginning, and my posts are largely
ignored, or refuted, or I'm insulted/slandered/etc.  So, this isn't
a true statement.

--
Eric Rostetter
The Department of Physics
The University of Texas at Austin

Go Longhorns!
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] (no subject)

[Simon Hobson]

Eric Rostetter wrote:

Put bluntly, if people had admitted early on that perhaps it could 
have been handled better, that perhaps they didn't consider all 
classes/types of user, and that it is perhaps not unreasonable that 
users could be a trifle annoyed ... then this **WOULD** have blown 
over ages ago.


I've admitted this often, from the beginning, and my posts are largely
ignored, or refuted, or I'm insulted/slandered/etc.  So, this isn't
a true statement.


If I've overlooked the one person who did admit that, then I 
apologise to you. there are plenty of people who have not, and it 
appears will never, make such an admission.



--
Simon Hobson

Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
author Gladys Hobson. Novels - poetry - short stories - ideal as
Christmas stocking fillers. Some available as e-books.
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] (no subject)

[Spiro Harvey]

On Wed, 21 Apr 2010 14:36:17 +1200
Steve Wray steve.w...@cwa.co.nz wrote:

 I know that in certain jurisdictions, reaching out to someone elses 
 computer (ie not your property) and disabling functionality on it
 could constitute a criminal act.
 I sincerely hope that someone somewhere under such a jurisdiction
 goes to the police and reports the Clamav developers for such an
 offense.

Points to consider:

1. Everybody on the planet had 6 months warning. (In fact more if you
look at the outdated software warnings in your logs).

2. They chose to stop releasing updates for a prehistoric version of
the software.

3. Had they continued to allow these updates, and your systems got
borked because it wasn't stopping any current viruses, you'd still want
to sue. So basically, they were damned if they did, and they'd be
damned if they didn't.

4. What did you pay for the software?

5. Where's your contract with them?

6. The only people who are pissy about it appear to be set and forget
admins -- the ones who don't seem to properly maintain their systems
and monitor really important software like ClamAV. 

7. The only systems that broke were badly configured ones. I can stop
ClamAV on my mail servers and mail will continue to flow happily, and
other milters will continue to scan mail. It's just Clam that stops. 

8. Had the developers just silently stopped publishing updates for old
versions of ClamAV, then the customers of set-and-forget mail admins
would potentially be in a world of crap. Doing it this way *forced*
people to realise that their software was old and out of date, and
potentially harmful to them and their customers.



signature.asc
Description: PGP signature
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] (no subject)

[Steve Wray]

Spiro Harvey wrote:

On Wed, 21 Apr 2010 14:36:17 +1200
Steve Wray steve.w...@cwa.co.nz wrote:

I know that in certain jurisdictions, reaching out to someone elses 
computer (ie not your property) and disabling functionality on it

could constitute a criminal act.
I sincerely hope that someone somewhere under such a jurisdiction
goes to the police and reports the Clamav developers for such an
offense.


Points to consider:

4. What did you pay for the software?

5. Where's your contract with them?


This is part of the attitude problem from many open source projects.

They are (too often) run by technicians and programmers with no input from 
the business side.


What the Clamav team did, I can't believe it would have made it through a 
business analyst and I can't believe that any executive would have signed 
off on something like that after considering the potential impact it could 
have on their clients.


For the last 4 years or so I have had to shift my mindset from that of pure 
sysadmin to taking business considerations into account; its very easy for 
someone who is absorbed with programming and engineering to forget that IT 
is there to support business and that business is not there to support IT.


This is something that I personally have struggled hard with, it can be 
difficult for a 'geek' to move in that direction. But its very very 
important if OSS is to be taken seriously in the enterprise.


So many OSS projects do not view their users as clients or customers; they 
view them either as experimental subjects or as fellow experimenters. They 
only take the technical considerations into account and largely ignore 
potential impact on business.


This is true both of the Clamav developers and of those people who didn't 
take precautions against potential problems such as the Clamav developers 
introduced. (And make no mistake; a problem was *created* by the Clamav 
team, a problem that did not exist prior to the changes they made).


I have been using Linux since 1991 and I have seen a lot of positive change 
in that time. I have seen it go from crazy 'fringe' to being widely 
accepted in the enterprise. But shenanigans like this can risk all of that 
hard work.


This is why I raised the legal and ethical issue; because that is what the 
business end should be considering and its what the technical end only 
rarely considers.


I understand that Clamav is free as in 'beer' and that there is no legal 
contract with the Clamav team. However, Clamav has a parent company, 
Sourcefire, which is listed on Nasdaq and is a 'proper' corporation.


I have written to them to find out what they think of this, if anything at 
all...


Sourcefire actually have executives and a general council and I am sure 
that they employ business analysts as well. I will be interested to see if 
what the Clamav team did is condoned by the parent company which clearly 
has some business acumen behind it.



Don't get distracted by issues such as Oh those bad silly sysadmins out 
there who messed up, its really *their* fault not the fault of the Clamav 
developers! That is just *not* helpful. The damage is already done; damage 
to peoples systems and damage to the reputation not only of Clamav but of 
OSS in general.




--
Please remember that an email is just like a postcard; it is not 
confidential nor private nor secure and can be read by many other people 
than the intended recipient. A postcard can be read by anyone at the mail 
sorting office and expecting what is written on it to be private and secret 
is not realistic. Please hold no higher expectation of email.


If you need to send confidential information in an email you need to use 
encryption. PGP is Pretty good for this.

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] (no subject)

[Spiro Harvey]

On Thu, 22 Apr 2010 08:19:31 +1200
Steve Wray steve.w...@cwa.co.nz wrote:

 Don't get distracted by issues such as Oh those bad silly sysadmins
 out there who messed up, its really *their* fault not the fault of
 the Clamav developers! That is just *not* helpful. The damage is
 already done; damage to peoples systems and damage to the reputation
 not only of Clamav but of OSS in general.

If you were to talk about helpful, perhaps you should be proposing a
way for them to do it better next time. That would really be in the
spirit of OSS. 


signature.asc
Description: PGP signature
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] (no subject)

[Christopher X. Candreva]

On Thu, 22 Apr 2010, Steve Wray wrote:

 This is part of the attitude problem from many open source projects.
 
 They are (too often) run by technicians and programmers with no input from the
 business side.

IMHO, open source projects don't have a business side.

Opensource projects exist for the developers to get the software they need, 
faster, through colaboration with others. If anyone else finds it usefull 
that's an added bonus. But if no one other than the devs use it themselves, 
the project has fullfilled it's purpose.

Adding business value is the job of the distros, or Apple if they include 
it, or myself as an ISP. That's why I said before I think the real let-down 
here are the distros that didn't do anything about it.

Extreme ? Maybe, but that's why I use open-source, for getting best of 
breed, newest, breaking with history when needed.



==
Chris Candreva  -- ch...@westnet.com -- (914) 948-3162
WestNet Internet Services of Westchester
http://www.westnet.com/
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] (no subject)

[Steve Wray]

Spiro Harvey wrote:

On Thu, 22 Apr 2010 08:19:31 +1200
Steve Wray steve.w...@cwa.co.nz wrote:


Don't get distracted by issues such as Oh those bad silly sysadmins
out there who messed up, its really *their* fault not the fault of
the Clamav developers! That is just *not* helpful. The damage is
already done; damage to peoples systems and damage to the reputation
not only of Clamav but of OSS in general.


If you were to talk about helpful, perhaps you should be proposing a
way for them to do it better next time. That would really be in the
spirit of OSS. 


But I am; involve business people in the decision making process *at* 
Clamav. I'm sure that Sourcefire have the resources to do that. I'm just 
not sure what the status of this is. I'd like to know.



--
Please remember that an email is just like a postcard; it is not 
confidential nor private nor secure and can be read by many other people 
than the intended recipient. A postcard can be read by anyone at the mail 
sorting office and expecting what is written on it to be private and secret 
is not realistic. Please hold no higher expectation of email.


If you need to send confidential information in an email you need to use 
encryption. PGP is Pretty good for this.

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] (no subject)

[Peter Bonivart]

On Wed, Apr 21, 2010 at 10:39 PM, Christopher X. Candreva
ch...@westnet.com wrote:
 IMHO, open source projects don't have a business side.

 Opensource projects exist for the developers to get the software they need,
 faster, through colaboration with others. If anyone else finds it usefull
 that's an added bonus. But if no one other than the devs use it themselves,
 the project has fullfilled it's purpose.

 Adding business value is the job of the distros, or Apple if they include
 it, or myself as an ISP. That's why I said before I think the real let-down
 here are the distros that didn't do anything about it.

 Extreme ? Maybe, but that's why I use open-source, for getting best of
 breed, newest, breaking with history when needed.

Well put. Luckily I read your post just before having to mute yet
another endless thread on this list.

-- 
/peter
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] (no subject)

[Steve Wray]

Peter Bonivart wrote:

On Wed, Apr 21, 2010 at 10:39 PM, Christopher X. Candreva
ch...@westnet.com wrote:

IMHO, open source projects don't have a business side.

Opensource projects exist for the developers to get the software they need,
faster, through colaboration with others. If anyone else finds it usefull
that's an added bonus. But if no one other than the devs use it themselves,
the project has fullfilled it's purpose.

Adding business value is the job of the distros, or Apple if they include
it, or myself as an ISP. That's why I said before I think the real let-down
here are the distros that didn't do anything about it.

Extreme ? Maybe, but that's why I use open-source, for getting best of
breed, newest, breaking with history when needed.


This would be ok if the distros maintained the servers which their 
distributed version of Clamav updated from.


They don't. The responsibility in this case is that of those who maintain 
Clamav, not the distros.


I would suggest that distros may want to take note of this situation; its 
perhaps not unreasonable for them to maintain eg their own Clamav update 
servers.




--
Please remember that an email is just like a postcard; it is not 
confidential nor private nor secure and can be read by many other people 
than the intended recipient. A postcard can be read by anyone at the mail 
sorting office and expecting what is written on it to be private and secret 
is not realistic. Please hold no higher expectation of email.


If you need to send confidential information in an email you need to use 
encryption. PGP is Pretty good for this.

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] (no subject)

[Jim Preston]

On Apr 21, 2010, at 12:15 AM, Simon Hobson wrote:


Steve Wray wrote:

I know that in certain jurisdictions, reaching out to someone elses  
computer (ie not your property) and disabling functionality on it  
could constitute a criminal act.


I am also of the opinion that it was illegal under UK law.

I sincerely hope that someone somewhere under such a jurisdiction  
goes to the police and reports the Clamav developers for such an  
offense.


Why?

snip

I don't. As already pointed out, there are enough threats to FOSS  
and we don't need to be shooting ourselves in the collective foot  
over this.



Jason Haar wrote:

ClamAV devs: your response was appropriate. I speak on behalf of  
the 99%
of sites unaffected by this. You can tell that as only 10 people  
seem to

be involved in this thread.


Only 10 people who thought it worth while to put their hands up and  
say something about it. There will be many who will have seen the  
threads and decided they have nothing more to add than me too, and  
probably a fair number that are waiting for their friendly tech to  
unbreak their appliance.



Jim Preston wrote:

Well, prosecution would be justified if ClamAV had actually done  
something illegal. What they did was modifiy their signature  
database to support new features with advance notice and the fact  
that any particular installation of unsupported software failed to  
handle it properly is the onus of the owners / sysadmins of the  
individual systems. If you happen to fall into that category, then  
it is time to upgrade your system.


So, suppose you live on some lane where there's a problem with  
people racing up and down at night on motorcycles with no lights  
etc. You've remonstrated with them to be more responsible, but  
they've not listened. Eventually, you put a notice up in your garden  
giving them 6 months to sort themselves out as then you'll be doing  
something about it.
Do you really think the police and courts would accept an argument  
of it was their own fault, I warned them, they carried on so it's  
not my fault they decapitated themselves with the wire I strung  
across the lane ? There are so many areas where just telling  
someone you are going to do something does NOT make it legal - and  
for good reason.


You did not tell ME, therefore you did not have permission FROM ME  
to makes changes to the way MY server operates. Giving notice that  
you are going to trespass does not make that trespass legal, even if  
you had come directly to me door and told me in person - which of  
course no-one did even in computer terms of making any sort of  
related message appear on my system.
Describing it as issuing an update to signatures is just semantics  
- the signature was known to, and described as being solely to,  
break the system (or at least the ClamAV element of it. No matter  
how the server is configured, that is going to affect operations -  
either stop mail from moving, or stop it being scanned.
You also cannot claim that my downloading of updates constitutes an  
invite - it constitutes an invite to put AV sig updates on there for  
the purpose of detecting new threats. A poison pill update doesn't  
fit that description.



Jim Preston wrote:

PS: They did explicitly request permission by allowing users to  
comment on their proposed changes for 6 months. Where were your  
objections during that time?


See above, that does NOT in any way constitute requesting my  
permission. If you got up one morning and found your car gone from  
the drive, I'd guess you'd call the police and report it stolen.  
Would you accept if the manufacturer had recalled it, and in lieu of  
actually asking your personal permission, had placed an add in a few  
trade journals to say that they'd just be lifting them off owners  
drives ? Would you accept that by not responding to one of those  
ads, you'd given them permission ? Do you think the police and  
courts would ?



Dave Warren wrote:


ClamAV developers didn't reach out to anyone.

Rather, most minimally competent ClamAV administrators configure  
their
systems to connect to ClamAV's servers on a regular basis and  
download

updated definition files.


That again is trying to use fine points of language to excuse  
trespass. As stated above, the relation between users and the ClamAV  
team is based on by running Freshclam, the user is inviting the  
team to supply AV updates for the purposes of detecting new threats  
- and I'm fairly sure that any reasonable person would consider it  
stopped there.


By their own admission, the ClamAV team send an update which was not  
to detect new threats, it was specifically and solely to make  
certain installations stop working properly. No if's but's or  
maybe's, that is the stated intention of the update.


It caused computer systems to stop working correctly, it was  
deliberately designed to do so, and it was delivered in a manner  
that could not be considered to be covered 

Re: [Clamav-users] (no subject)

[Ken Campney]

I can't believe I've been suckered into this nonsense



This is part of the attitude problem from many open source projects.

They are (too often) run by technicians and programmers with no input 
from the business side.

OH, lets not forget certain users


What the Clamav team did, I can't believe it would have made it 
through a business analyst and I can't believe that any executive 
would have signed off on something like that after considering the 
potential impact it could have on their clients.


For the last 4 years or so I have had to shift my mindset from that of 
pure sysadmin to taking business considerations into account; its very 
easy for someone who is absorbed with programming and engineering to 
forget that IT is there to support business and that business is not 
there to support IT.


This is something that I personally have struggled hard with, it can 
be difficult for a 'geek' to move in that direction. 


You're giving yourself too much credit. Lets look at this (yet again) 
shall we?


People (and you) are upset because they (not me, not them, not the 
clamav dev team) decided to ignore the notifications and warnings and 
their ( and your) out of date and E-O-L'd AV stopped working. On top of 
this due to MTA configuration choices made by some of these same people 
when their AV died, so did their mail system.  S it must be 
somebody's fault other than the person(s) in charge of the configuration 
and maintenance of these boxes that fault tolerance was not taken into 
consideration? Who set up the mail system to die if clam-av was not 
available? Not the the Clam dev team.


So many OSS projects do not view their users as clients or customers; 
they view them either as experimental subjects or as fellow 
experimenters. They only take the technical considerations into 
account and largely ignore potential impact on business.
Business impact was caused by the person(s) maintaining, and configuring 
the systems that tears are being spilled over.  Speaking of impact, what 
would the impact be if certain affected customers should find out that 
the reason for the service interruption they experienced was because 
their service provider couldn't be bothered to take notice of EOL 
warnings and properly update their Anti-Virus?


This is true both of the Clamav developers and of those people who 
didn't take precautions against potential problems such as the Clamav 
developers introduced. (And make no mistake; a problem was *created* 
by the Clamav team, a problem that did not exist prior to the changes 
they made).


There is no problem. If you want to run a EOL version of ClamAV all you 
have to do (I believe) is stop running freshclam. The obvious issue with 
this is that you will no longer be receiving virus updates.
If you want to receive virus updates, then UPDATE your version to the 
current and functional version.


But no, you expect ClamAV to do what no other company would do. Keep the 
old supported and fork the new version so both can be ran.
Perhaps all the fuss is because your dist is also out of date, and not 
capable of supporting or compiling the new version? This too can be 
fixed by upgrading either your dist, or components.

(Hint: The later only requires sources and the knowledge to use a compiler)

Like I'm sure Microsoft would support a EOL'd OS past it's DOD (Date of 
Death). It's just not going to happen. And on the business side, it 
doesn't make business sense for them to do so.


This isn't a vendor problem.


___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] (no subject)

[Spiro Harvey]

On Thu, 22 Apr 2010 08:51:00 +1200
Steve Wray steve.w...@cwa.co.nz wrote:

 This would be ok if the distros maintained the servers which their 
 distributed version of Clamav updated from.
 They don't. The responsibility in this case is that of those who
 maintain Clamav, not the distros.
 I would suggest that distros may want to take note of this situation;
 its perhaps not unreasonable for them to maintain eg their own Clamav
 update servers.

But the distro are the ones who gave you outdated unsupported software.
Had they provided you with a newer package, you wouldn't have had this
problem.

Are you suggesting that if your distribution had packaged ClamAV 0.96
and your server(s) didn't break, that you would *still* be upset? Just
on principle?

I honestly doubt it for one simple reason: You don't read the
announcement list, nor do you follow their twitter account, nor do you
read sites like LWN, (all of which, among others, had announcements 6
months ago) so you would never have known.


signature.asc
Description: PGP signature
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] (no subject)

[Steve Wray]

Spiro Harvey wrote:

On Thu, 22 Apr 2010 08:51:00 +1200
Steve Wray steve.w...@cwa.co.nz wrote:

This would be ok if the distros maintained the servers which their 
distributed version of Clamav updated from.

They don't. The responsibility in this case is that of those who
maintain Clamav, not the distros.
I would suggest that distros may want to take note of this situation;
its perhaps not unreasonable for them to maintain eg their own Clamav
update servers.


But the distro are the ones who gave you outdated unsupported software.
Had they provided you with a newer package, you wouldn't have had this
problem.


I didn't have this problem

I am just worried that OSS is *still* having problems dealing with basic 
business commonsense.




Are you suggesting that if your distribution had packaged ClamAV 0.96
and your server(s) didn't break, that you would *still* be upset? Just
on principle?


I am not upset; I am concerned for OSS and for the way that this reflects 
badly on it. And yes I really do think it has been bad PR



___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] (no subject)

[Jim Preston]

On Apr 21, 2010, at 8:45 AM, Simon Hobson wrote:


Jerry wrote:

I had thought by now that this thread would have died a natural  
death.

Obviously, I was mistaken. It has continued to pollute this forum for
nearly a week.

What has become conspicuously apparent is that if those who are doing
the most complaining had spend even one percent of that time keeping
their systems up-to-date and keeping themselves abreast of current
development and deployment strategies with the software they employ,
this whole discussion would be academic.

In the interest of eliminating any further waste of my time or  
computer

resources, I am now instigating a kill filter on this thread.


That's right - if I can't bully everyone round to my way of  
thinking, then I'm taking my ball home. A very grown up attitude !




You certainly are being the bully here, what with throwing buckets of  
acid around..
You (and I mean a small subset of people who are unconditionally  
supporting the action taken by the ClamAV team) have consistently  
used false logic, outright lies, personal insults, and arguments  
worthy of criminal defences to try and weasel out of any blame  
whatsoever for having misjudged things rather badly.


Put bluntly, if people had admitted early on that perhaps it could  
have been handled better, that perhaps they didn't consider all  
classes/types of user, and that it is perhaps not unreasonable that  
users could be a trifle annoyed ... then this **WOULD** have blown  
over ages ago.


But we did on the very first day of this thread. I said that it was  
ClamAV's decision to make.


It's not that you had to do something that people are complaining  
about, it's not that you ended support for updates to older versions  
that people are complaining about, it's the way you did it and the  
way you refuse to accept that there can be any other valid viewpoint  
that really p***es people off. You may, if you'd read the messages,  
have noted that even people who were not affected by this thought  
you got it wrong.


--
Simon Hobson



Jim

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] (no subject)

[Jim Preston]

On Apr 21, 2010, at 1:19 PM, Steve Wray wrote:


Spiro Harvey wrote:

On Wed, 21 Apr 2010 14:36:17 +1200
Steve Wray steve.w...@cwa.co.nz wrote:
I know that in certain jurisdictions, reaching out to someone  
elses computer (ie not your property) and disabling functionality  
on it

could constitute a criminal act.
I sincerely hope that someone somewhere under such a jurisdiction
goes to the police and reports the Clamav developers for such an
offense.

Points to consider:
4. What did you pay for the software?
5. Where's your contract with them?


This is part of the attitude problem from many open source projects.

They are (too often) run by technicians and programmers with no  
input from the business side.


What the Clamav team did, I can't believe it would have made it  
through a business analyst and I can't believe that any executive  
would have signed off on something like that after considering the  
potential impact it could have on their clients.


Possibly true for a commercial company, but that would have been to  
protect their revenue stream. In this case, ClamAV's revenue stream  
was not affected so, needlessly spend money on alternate methods would  
most likely have been prohibited by the same business analyst.


For the last 4 years or so I have had to shift my mindset from that  
of pure sysadmin to taking business considerations into account; its  
very easy for someone who is absorbed with programming and  
engineering to forget that IT is there to support business and that  
business is not there to support IT.


This is something that I personally have struggled hard with, it can  
be difficult for a 'geek' to move in that direction. But its very  
very important if OSS is to be taken seriously in the enterprise.


So many OSS projects do not view their users as clients or  
customers; they view them either as experimental subjects or as  
fellow experimenters. They only take the technical considerations  
into account and largely ignore potential impact on business.


This is true both of the Clamav developers and of those people who  
didn't take precautions against potential problems such as the  
Clamav developers introduced. (And make no mistake; a problem was  
*created* by the Clamav team, a problem that did not exist prior to  
the changes they made).


I have been using Linux since 1991 and I have seen a lot of positive  
change in that time. I have seen it go from crazy 'fringe' to being  
widely accepted in the enterprise. But shenanigans like this can  
risk all of that hard work.


This is why I raised the legal and ethical issue; because that is  
what the business end should be considering and its what the  
technical end only rarely considers.


I understand that Clamav is free as in 'beer' and that there is no  
legal contract with the Clamav team. However, Clamav has a parent  
company, Sourcefire, which is listed on Nasdaq and is a 'proper'  
corporation.


Yes, but still the same business analysts would not want to spend  
money where it was not affecting a revenue stream.


I have written to them to find out what they think of this, if  
anything at all...


Sourcefire actually have executives and a general council and I am  
sure that they employ business analysts as well. I will be  
interested to see if what the Clamav team did is condoned by the  
parent company which clearly has some business acumen behind it.



Don't get distracted by issues such as Oh those bad silly sysadmins  
out there who messed up, its really *their* fault not the fault of  
the Clamav developers! That is just *not* helpful. The damage is  
already done; damage to peoples systems and damage to the reputation  
not only of Clamav but of OSS in general.


Jim
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] (no subject)

[Jim Preston]

On Apr 21, 2010, at 1:51 PM, Steve Wray wrote:


Peter Bonivart wrote:

On Wed, Apr 21, 2010 at 10:39 PM, Christopher X. Candreva
ch...@westnet.com wrote:

IMHO, open source projects don't have a business side.

Opensource projects exist for the developers to get the software  
they need,
faster, through colaboration with others. If anyone else finds it  
usefull
that's an added bonus. But if no one other than the devs use it  
themselves,

the project has fullfilled it's purpose.

Adding business value is the job of the distros, or Apple if they  
include
it, or myself as an ISP. That's why I said before I think the real  
let-down

here are the distros that didn't do anything about it.

Extreme ? Maybe, but that's why I use open-source, for getting  
best of

breed, newest, breaking with history when needed.


This would be ok if the distros maintained the servers which their  
distributed version of Clamav updated from.


They don't. The responsibility in this case is that of those who  
maintain Clamav, not the distros.


I would suggest that distros may want to take note of this  
situation; its perhaps not unreasonable for them to maintain eg  
their own Clamav update servers.




Why would you think that it is not the distro's responsibility? They  
are the ONLY ones responsible for what they include and all the  
software they include is OSS or they could not afford to give it away.


There is absolutely nothing to stop them from doing so and this list  
is filled with instructions on how to do so.


Jim
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] (no subject)

[Jim Preston]

On Apr 21, 2010, at 2:09 PM, Steve Wray wrote:


Spiro Harvey wrote:

On Thu, 22 Apr 2010 08:51:00 +1200
Steve Wray steve.w...@cwa.co.nz wrote:
This would be ok if the distros maintained the servers which their  
distributed version of Clamav updated from.

They don't. The responsibility in this case is that of those who
maintain Clamav, not the distros.
I would suggest that distros may want to take note of this  
situation;
its perhaps not unreasonable for them to maintain eg their own  
Clamav

update servers.
But the distro are the ones who gave you outdated unsupported  
software.
Had they provided you with a newer package, you wouldn't have had  
this

problem.


I didn't have this problem

I am just worried that OSS is *still* having problems dealing with  
basic business commonsense.




Are you suggesting that if your distribution had packaged ClamAV 0.96
and your server(s) didn't break, that you would *still* be upset?  
Just

on principle?


I am not upset; I am concerned for OSS and for the way that this  
reflects badly on it. And yes I really do think it has been bad PR




I would look again if you think that to be true. Outside of this and  
other mailing lists, there is very little mention of this as compared  
to the big news of McAfee's db update debacle today.


Jim

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] (no subject)

[Steve Holdoway]

On Wed, 2010-04-21 at 17:00 -0700, Jim Preston wrote:
 On Apr 21, 2010, at 2:51 PM, Steve Holdoway wrote:
 
  On Thu, 2010-04-22 at 09:07 +1200, Spiro Harvey wrote:
 
  But the distro are the ones who gave you outdated unsupported  
  software.
  Had they provided you with a newer package, you wouldn't have had  
  this
  problem.
  Spiro, you're missing the point of a distro completely. That is to
  provide a functionally static platform for people to use and release  
  to.
 
 Funny, every distro I have used has had numerous updates till it  
 reached EOL. Did I believe updates stopped because no new  
 vulnerabilities exist in the distro? Of course not.
Read what I said. *functional* not security. Like, for example, php is
at 5.2.6 on lenny, unless you configure is differently. That's the whole
point of releases.

Get with it Jim (:

Steve

-- 
Steve Holdoway st...@greengecko.co.nz
http://www.greengecko.co.nz
MSN: st...@greengecko.co.nz
Skype: sholdowa
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] (no subject)

[Chris Knight]

On Wed, Apr 21, 2010 at 12:15 AM, Simon Hobson li...@thehobsons.co.uk wrote:


 Jason Haar wrote:

 ClamAV devs: your response was appropriate. I speak on behalf of the 99%
 of sites unaffected by this. You can tell that as only 10 people seem to
 be involved in this thread.

 Only 10 people who thought it worth while to put their hands up and say
 something about it. There will be many who will have seen the threads and
 decided they have nothing more to add than me too, and probably a fair
 number that are waiting for their friendly tech to unbreak their appliance.


I've been watching this thread, and several others, for a few days
now.  I haven't said anything because I did not think I had anything
worth contributing to the discussion.  It seems plain to me that
nothing is going to be solved here.

I am speaking up now because I do not want my silent observance to be
seen as 'approval' of what happened.  I vehemently disagree with the
way the ClamAV developers handled this situation.  I sincerely hope
that the FOSS community rises up to the challenge and an equally
capable virus scanner is born whose core developers are a little more
considerate in how they treat the many 'upgrade orphans' that will
always exist.

-Chris
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] (no subject)

[Jim Preston]

On Apr 21, 2010, at 6:02 PM, Chris Knight wrote:

On Wed, Apr 21, 2010 at 12:15 AM, Simon Hobson  
li...@thehobsons.co.uk wrote:




Jason Haar wrote:

ClamAV devs: your response was appropriate. I speak on behalf of  
the 99%
of sites unaffected by this. You can tell that as only 10 people  
seem to

be involved in this thread.


Only 10 people who thought it worth while to put their hands up and  
say
something about it. There will be many who will have seen the  
threads and
decided they have nothing more to add than me too, and probably a  
fair
number that are waiting for their friendly tech to unbreak their  
appliance.



I've been watching this thread, and several others, for a few days
now.  I haven't said anything because I did not think I had anything
worth contributing to the discussion.  It seems plain to me that
nothing is going to be solved here.

I am speaking up now because I do not want my silent observance to be
seen as 'approval' of what happened.  I vehemently disagree with the
way the ClamAV developers handled this situation.  I sincerely hope
that the FOSS community rises up to the challenge and an equally
capable virus scanner is born whose core developers are a little more
considerate in how they treat the many 'upgrade orphans' that will
always exist.

-Chris


That is what FOSS is all about, start coding and I will take it for a  
ride when you have a beta.


Jim

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] (no subject)

[Jim Preston]

On Apr 21, 2010, at 5:08 PM, Steve Holdoway wrote:


On Wed, 2010-04-21 at 17:00 -0700, Jim Preston wrote:

On Apr 21, 2010, at 2:51 PM, Steve Holdoway wrote:


On Thu, 2010-04-22 at 09:07 +1200, Spiro Harvey wrote:


But the distro are the ones who gave you outdated unsupported
software.
Had they provided you with a newer package, you wouldn't have had
this
problem.

Spiro, you're missing the point of a distro completely. That is to
provide a functionally static platform for people to use and release
to.


Funny, every distro I have used has had numerous updates till it
reached EOL. Did I believe updates stopped because no new
vulnerabilities exist in the distro? Of course not.

Read what I said. *functional* not security. Like, for example, php is
at 5.2.6 on lenny, unless you configure is differently. That's the  
whole

point of releases.

Get with it Jim (:

Yeah, I saw that and went to close the email but .. missed and hit  
the send button instead and I never have been able to fine the undo  
function for the send button :(


Jim
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] (no subject)

[Eric Rostetter]

Quoting Steve Holdoway st...@greengecko.co.nz:


Spiro, you're missing the point of a distro completely. That is to
provide a functionally static platform for people to use and release to.
From that point on, only security patches are released. The fact that
0.94.x was current when debian lenny was released means that it should
stay that way until EOL of the distro.

Anything else is breaking at least the spirit of the distro release
philosophy.


There are distros that follow that philosophy, but not all of them.
A distro can set any release philosophy they want, and indeed people
want different release philosophies from their distros...

--
Eric Rostetter
The Department of Physics
The University of Texas at Austin

Go Longhorns!
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] (no subject)

[Eric Rostetter]

Quoting Jim Preston jimli...@commspeed.net:


Read what I said. *functional* not security. Like, for example, php is
at 5.2.6 on lenny, unless you configure is differently. That's the whole
point of releases.


There are distros that release functional (feature) upgrades as well
as security/bug upgrades...  Just as there are ones that don't.

Most distros will provide:
1) Security updates.
2) Bug fixes for major bugs.
3) Additional new features (even in the kernel, such as new hardware support)

Most distros will not provide:
1) Kernel changes to existing kernel functionality.
2) Changes to major system libraries which change existing functionality.
3) Changes to major packages which could impact services or processes
   (like a major compiler upgrade, major system library upgrade, etc)

This is sometimes called preserving the runtime environment, defined
as the area where the kernel interacts with applications, while
allowing for updates/upgrades which are outside this runtime environment.

Some distros may, and some may not, provide:
1) Functional updates to various non-critical programs or services
2) Functional updates to various critical programs or services which are
   deemed to not cause any changes to the runtime environment of the system.

Compounding this issue are terminology issues such as the difference
between a release and a version of the distro, etc.  (For example,
when I talk about a RHEL release I mean RHEL 4 or RHEL 5, and when I talk
about a RHEL versions I mean RHEL 5.1 or RHEL 5.2.  Red Hat calls
these the opposite way (5.1 is a dot release where as 4 to 5 is an
version).  So it can be confusing, to say the least.  If I'm using
release in a way you don't intend, then I apologize...

--
Eric Rostetter
The Department of Physics
The University of Texas at Austin

Go Longhorns!
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] (no subject)

[Dennis Peterson]

On 4/21/10 10:06 PM, Eric Rostetter wrote:

Quoting Jim Preston jimli...@commspeed.net:


Read what I said. *functional* not security. Like, for example, php is
at 5.2.6 on lenny, unless you configure is differently. That's the whole
point of releases.


There are distros that release functional (feature) upgrades as well
as security/bug upgrades... Just as there are ones that don't.

Most distros will provide:


Show me the contract.

dp
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] (no subject)

[Simon Hobson]

Dennis Peterson wrote:

The question wasn't directed to my but I'd like to see them be more 
selective as to who should be allowed to use this product. Maybe an 
IQ test.


Really that is an insulting statement - and completely un called for. 
It's exactly the sort of attitude that drives people away from the 
FOSS movement - an almost religious zeal in supporting a closed shop 
mentality.


On one hand, people see a FOSS world inhabited by these religious 
zealots espousing the notion that to use a computer you must be some 
sort of uber nerd, fluent in multiple languages, and capable of 
programming a bare metal computer by thought transference (OK, so 
that's a slight exaggeration !). On the other hand, they see 
commercial offerings that appear to be made by people who actually 
care about people using their stuff - ie making it usable by mere 
human beings.


Some people in the FOSS movement understand this - that's why there's 
so much work to make things usable by ordinary people. It's just a 
pity there are still the bigots around espousing your view.


Now, if you want a project that employs such restrictions - go and 
build one. Being under an open licence, this one is available to all 
- either like it or lump it, but either way, keep your insults to 
yourself.


--
Simon Hobson

Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
author Gladys Hobson. Novels - poetry - short stories - ideal as
Christmas stocking fillers. Some available as e-books.
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] (no subject)

[Bernd Petrovitsch]

On Mon, 2010-04-19 at 17:28 -0700, Dennis Peterson wrote:
[...]
 The question wasn't directed to my but I'd like to see them be more selective 
 as 
 to who should be allowed to use this product. Maybe an IQ test.

No. Everyone should be allowed to shoot in the foot - with free/open
source or proprietary software.

Bernd
-- 
Bernd Petrovitsch  Email : be...@petrovitsch.priv.at
 LUGA : http://www.luga.at

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] (no subject)

[Steve Wray]

Spiro Harvey wrote:

Shame you haven't talked to to others - like havp for example - before
doing this.


The announcement to EOL the old releases was made at the start of
october last year. If people using clam as an integral part of their
software don't read announcements, what fault is that of the clam
developers?

They had 6 months to sort it out.


The thing is that there are a few little issues here that, as points of law 
are not clear yet. In what follows words like 'vendor' may not be used 
entirely legally precisely, IANAL, but I am certain that with a bit of 
squinting my meaning will be clear.


I know that in certain jurisdictions, reaching out to someone elses 
computer (ie not your property) and disabling functionality on it could 
constitute a criminal act.


I sincerely hope that someone somewhere under such a jurisdiction goes to 
the police and reports the Clamav developers for such an offense.


Why?

Because Clamav is now in the same category as Apple, Amazon and Sony (to 
name three that come to mind right away). This is the category of vendors 
who have remotely disabled (or removed) software running on computers or 
devices belonging to their customers. Not on computers or devices belonging 
to the vendor and which are leased to customers, but the *property* of 
those customers.


I believe that this is extremely inappropriate behavior for *any* vendor. I 
am shocked that an OSS vendor would even consider such an action.


Note the massive amount of negative press that Amazon got for remotely 
deleting copies of George Orwell's 1984 from the Kindle. Sony have recently 
started remotely disabling Linux functionality on the PS3 iirc. Do we 
really want the OSS community to be tarred with the same brush?


This kind of high-handed arrogance NEEDS to be put down and hard.

I imagine that the Clamav team would be hard put to raise a decent legal 
defense against this and, so, if they lose such a case a legal precedent 
could be set which could conceivably deter this kind of thing from larger 
organisations.


I would really love to see that happen even if it destroys the Clamav project.

No hard feelings against them, but if Clamav want to set themselves up as 
sacrificial lambs to test a point of law and it ultimately benefits society 
at large, great.





--
Please remember that an email is just like a postcard; it is not 
confidential nor private nor secure and can be read by many other people 
than the intended recipient. A postcard can be read by anyone at the mail 
sorting office and expecting what is written on it to be private and secret 
is not realistic. Please hold no higher expectation of email.


If you need to send confidential information in an email you need to use 
encryption. PGP is Pretty good for this.

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] (no subject)

[Jason Haar]

On 04/21/2010 02:36 PM, Steve Wray wrote:

 Because Clamav is now in the same category as Apple, Amazon and Sony
 (to name three that come to mind right away). This is the category of
 vendors who have remotely disabled (or removed) software running on
 computers or devices belonging to their customers. Not on computers or
 devices belonging to the vendor and which are leased to customers, but
 the *property* of those customers.
...
 I would really love to see that happen even if it destroys the Clamav
 project.

Whoah! Really long brush you've got there... I invoke GODWIN'S LAW on
this thread. If people developing Open Source software took your threats
seriously - THERE WOULD BE NO OPEN SOURCE

ClamAV devs: your response was appropriate. I speak on behalf of the 99%
of sites unaffected by this. You can tell that as only 10 people seem to
be involved in this thread.

-- 
Cheers

Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] (no subject)

[Jim Preston]

Steve Wray wrote:

Spiro Harvey wrote:

Shame you haven't talked to to others - like havp for example - before
doing this.


The announcement to EOL the old releases was made at the start of
october last year. If people using clam as an integral part of their
software don't read announcements, what fault is that of the clam
developers?

They had 6 months to sort it out.


The thing is that there are a few little issues here that, as points 
of law are not clear yet. In what follows words like 'vendor' may not 
be used entirely legally precisely, IANAL, but I am certain that with 
a bit of squinting my meaning will be clear.


I know that in certain jurisdictions, reaching out to someone elses 
computer (ie not your property) and disabling functionality on it 
could constitute a criminal act.


I sincerely hope that someone somewhere under such a jurisdiction goes 
to the police and reports the Clamav developers for such an offense.


Why?

Because Clamav is now in the same category as Apple, Amazon and Sony 
(to name three that come to mind right away). This is the category of 
vendors who have remotely disabled (or removed) software running on 
computers or devices belonging to their customers. Not on computers or 
devices belonging to the vendor and which are leased to customers, but 
the *property* of those customers.


I believe that this is extremely inappropriate behavior for *any* 
vendor. I am shocked that an OSS vendor would even consider such an 
action.


Note the massive amount of negative press that Amazon got for remotely 
deleting copies of George Orwell's 1984 from the Kindle. Sony have 
recently started remotely disabling Linux functionality on the PS3 
iirc. Do we really want the OSS community to be tarred with the same 
brush?


This kind of high-handed arrogance NEEDS to be put down and hard.

I imagine that the Clamav team would be hard put to raise a decent 
legal defense against this and, so, if they lose such a case a legal 
precedent could be set which could conceivably deter this kind of 
thing from larger organisations.


I would really love to see that happen even if it destroys the Clamav 
project.


No hard feelings against them, but if Clamav want to set themselves up 
as sacrificial lambs to test a point of law and it ultimately benefits 
society at large, great.


Well, prosecution would be justified if ClamAV had actually done 
something illegal. What they did was modifiy their signature database to 
support new features with advance notice and the fact that any 
particular installation of unsupported software failed to handle it 
properly is the onus of the owners / sysadmins of the individual 
systems. If you happen to fall into that category, then it is time to 
upgrade your system.


Jim
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] (no subject)

[Steve Wray]

Jim Preston wrote:

Steve Wray wrote:

Spiro Harvey wrote:

Shame you haven't talked to to others - like havp for example - before
doing this.


The announcement to EOL the old releases was made at the start of
october last year. If people using clam as an integral part of their
software don't read announcements, what fault is that of the clam
developers?

They had 6 months to sort it out.


The thing is that there are a few little issues here that, as points 
of law are not clear yet. In what follows words like 'vendor' may not 
be used entirely legally precisely, IANAL, but I am certain that with 
a bit of squinting my meaning will be clear.


I know that in certain jurisdictions, reaching out to someone elses 
computer (ie not your property) and disabling functionality on it 
could constitute a criminal act.


I sincerely hope that someone somewhere under such a jurisdiction goes 
to the police and reports the Clamav developers for such an offense.


Why?

Because Clamav is now in the same category as Apple, Amazon and Sony 
(to name three that come to mind right away). This is the category of 
vendors who have remotely disabled (or removed) software running on 
computers or devices belonging to their customers. Not on computers or 
devices belonging to the vendor and which are leased to customers, but 
the *property* of those customers.


I believe that this is extremely inappropriate behavior for *any* 
vendor. I am shocked that an OSS vendor would even consider such an 
action.


Note the massive amount of negative press that Amazon got for remotely 
deleting copies of George Orwell's 1984 from the Kindle. Sony have 
recently started remotely disabling Linux functionality on the PS3 
iirc. Do we really want the OSS community to be tarred with the same 
brush?


This kind of high-handed arrogance NEEDS to be put down and hard.

I imagine that the Clamav team would be hard put to raise a decent 
legal defense against this and, so, if they lose such a case a legal 
precedent could be set which could conceivably deter this kind of 
thing from larger organisations.


I would really love to see that happen even if it destroys the Clamav 
project.


No hard feelings against them, but if Clamav want to set themselves up 
as sacrificial lambs to test a point of law and it ultimately benefits 
society at large, great.


Well, prosecution would be justified if ClamAV had actually done 
something illegal. What they did was modifiy their signature database to 
support new features with advance notice and the fact that any 
particular installation of unsupported software failed to handle it 
properly is the onus of the owners / sysadmins of the individual 
systems. If you happen to fall into that category, then it is time to 
upgrade your system.


I am not a lawyer but I do think that this is something that the 
authorities might possibly examine.


I do think that pushing out an update which disables functionality without 
explicitly requesting permission to make such a change *before* making that 
change *should* be criminal.


Ie: without someone on the server which is about to have a service stopped 
having to at least press the 'y' key on their keyboard, for example.


This kind of thing really is extremely arrogant, I can see no other way to 
put it. Sorry if that offends.





--
Please remember that an email is just like a postcard; it is not 
confidential nor private nor secure and can be read by many other people 
than the intended recipient. A postcard can be read by anyone at the mail 
sorting office and expecting what is written on it to be private and secret 
is not realistic. Please hold no higher expectation of email.


If you need to send confidential information in an email you need to use 
encryption. PGP is Pretty good for this.

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] (no subject)

[Jim Preston]

Well, prosecution would be justified if ClamAV had actually done 
something illegal. What they did was modifiy their signature database to 
support new features with advance notice and the fact that any 
particular installation of unsupported software failed to handle it 
properly is the onus of the owners / sysadmins of the individual 
systems. If you happen to fall into that category, then it is time to 
upgrade your system.


I am not a lawyer but I do think that this is something that the 
authorities might possibly examine.


I do think that pushing out an update which disables functionality 
without explicitly requesting permission to make such a change 
*before* making that change *should* be criminal.


Ie: without someone on the server which is about to have a service 
stopped having to at least press the 'y' key on their keyboard, for 
example.


This kind of thing really is extremely arrogant, I can see no other 
way to put it. Sorry if that offends.


And I am sure that authorities will examine it and I sincerely hope they 
waste as much of YOUR tax dollars as possible doing so.


And no offense taken by your posting.

Jim
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] (no subject)

[Jim Preston]

Steve Wray wrote:
I am not a lawyer but I do think that this is something that the 
authorities might possibly examine.


I do think that pushing out an update which disables functionality 
without explicitly requesting permission to make such a change 
*before* making that change *should* be criminal.


Ie: without someone on the server which is about to have a service 
stopped having to at least press the 'y' key on their keyboard, for 
example.


This kind of thing really is extremely arrogant, I can see no other 
way to put it. Sorry if that offends.


PS: They did explicitly request permission by allowing users to comment 
on their proposed changes for 6 months. Where were your objections 
during that time?


Jim
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] (no subject)

[Jim Preston]

 2) If it aint broke - don't fix it. There's no way I'd attempt a
major upgrade in-place when it's a live server used 24*7. For  
various

internal reasons (which I'm sure you can guess) I don't have the
resources to do anything but an in-place upgrade if I want to  
upgrade.


Well if they don't want patches on it, and they're not prepared to  
give

you money to have a backup server to do upgrades on, then it can't be
as critical as they're telling you.


Or it could be a reflection of management priorities - the job pays  
the bills, it doesn't mean I like all of it.


Yes, and most likely the case and most likely the managers screaming  
that it should not have failed because they did not authorize the  
server to fail. And yes this a weak attempt at humor on my part and  
not in need of retort.





 3) I can accept that software will go out of support - but I never

expected a Miscrosoft-esque remote shutdown.


You should have expected it 6 months ago when the announcement was  
made.


Well I could have if I'd seen that - but that ground's been covered  
to death already.


But on a more serious note, what method would you like to have had  
them take to make you aware of the impending failure? I think they did  
due diligence although they failed to provide a link to the EOL page  
which should have been prominently displayed on the page the ClamAV  
log warning links to. If there are more notification methods they  
should have used, then that is where improvement should be made not  
debating if they should protect users from signature and other  
improvements that may break unsupported versions...



--
Simon Hobson




___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] (no subject)

[Simon Hobson]

Yes, and most likely the case and most likely the managers screaming 
that it should not have failed because they did not authorize the 
server to fail. And yes this a weak attempt at humor on my part and 
not in need of retort.


Not so weak - but it sounds like you've met some of my past managers !

--
Simon Hobson

Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
author Gladys Hobson. Novels - poetry - short stories - ideal as
Christmas stocking fillers. Some available as e-books.
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] (no subject)

[Dennis Peterson]

On 4/19/10 9:22 AM, Jim Preston wrote:



But on a more serious note, what method would you like to have had them
take to make you aware of the impending failure?


The question wasn't directed to my but I'd like to see them be more selective as 
to who should be allowed to use this product. Maybe an IQ test.


dp

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] (no subject)

[Spiro Harvey]

 Shame you haven't talked to to others - like havp for example - before
 doing this.

The announcement to EOL the old releases was made at the start of
october last year. If people using clam as an integral part of their
software don't read announcements, what fault is that of the clam
developers?

They had 6 months to sort it out.

-- 
Spiro Harvey  Knossos Networks Ltd
021-295-1923  www.knossos.net.nz


signature.asc
Description: PGP signature
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] (no subject)

[Spiro Harvey]

 1) If it aint broke, don't fix it. It works, has worked reliably for 
 several years, and was working fine yesterday. It's uptime is 

And now it's broken. So you have to fix it. Life on the edge is scary
for some sysadmins, eh?

 currently 405 days, and then the last downtime was to physically move 
 the server.

So for 405 days you've done no kernel patches? Awesome. I bet that
server's a bunch of remote exploits waiting to happen (if they haven't
already).

Using massive uptimes to prove how cool your server is actually just
shows that you're not doing the right maintenance.

 2) If it aint broke - don't fix it. There's no way I'd attempt a 
 major upgrade in-place when it's a live server used 24*7. For various 
 internal reasons (which I'm sure you can guess) I don't have the 
 resources to do anything but an in-place upgrade if I want to upgrade.

Well if they don't want patches on it, and they're not prepared to give
you money to have a backup server to do upgrades on, then it can't be
as critical as they're telling you.

 3) I can accept that software will go out of support - but I never 
 expected a Miscrosoft-esque remote shutdown.

You should have expected it 6 months ago when the announcement was made.




signature.asc
Description: PGP signature
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] (no subject)

[Dennis Peterson]

On 4/18/10 1:27 PM, Spiro Harvey wrote:

Shame you haven't talked to to others - like havp for example - before
doing this.


The announcement to EOL the old releases was made at the start of
october last year. If people using clam as an integral part of their
software don't read announcements, what fault is that of the clam
developers?

They had 6 months to sort it out.


The people that had problems probably download signatures straight into the 
signature directory that clamd uses. I drop mine into a holding directory where 
I can test them first. Yes, I know that is all built into freshclam, but I'd 
rather know ahead of time if a sig is going to be harmful. I use the exact same 
process for checking SaneSecurity and other third-party signatures. I didn't 
need it this time because I'd upgraded long ago, but it's not a bad process.


dp
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] (no subject)

[Ken Campney]

Sh

They've simmered down, I don't need the issue stirred up again

Spiro Harvey wrote:

Shame you haven't talked to to others - like havp for example - before
doing this.



The announcement to EOL the old releases was made at the start of
october last year. If people using clam as an integral part of their
software don't read announcements, what fault is that of the clam
developers?

They had 6 months to sort it out.

  



___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml