Team, Sniffer Folks, Beta Testers:
I've handled most of the testing and the development so I'll do my best to
reply: (I'll respond inline to A.Schmidt's inquiries.
_Andy Wallo
- The engine for "official" Windows build I found (http://w32.clamav.net/)
was out of date (but still usable) and had problems with trailing
backslashes the way that Declude was passing them.
Sadly, this is an issue of the very overworked and newly promoted head of
project management at ClamAV. He has handled the port up to this point, but
due to other demands, has not rebuilt the current stable windows port, nor
delegated that task. ClamAV does state that they intend to keep their
Windows port however. ( There has been some concern what with the cgwyn
versions come to a close etc. ) I am keeping tabs on this, so that at the
earliest possible moment, we can push a rebuild of ClamAID with the upgraded
port.
This does NOT affect the side of the system that downloads new/daily
databases, etc. ( Freshclam.exe is wrapped with XYNTService as FreshClamSVC
and will run periodically in the background. )
- The ClamWin build was current, but resisted any attempt to run it as a
service.
ClamD ( and FreshClam) are fully wrapped with XYNTService, and allow the
Declude users to use clamdscan.exe instead of the very time and cpu
consuming clamscan.exe ( Thus saving the re-booting of the clam databasses
etc. )
- Either one had the problem that the virus report generated by ClamAV is
not understood by Declude (which looks only for one, very specific
pattern)
- so one doesn't get the proper virus name passed to messages, log files
and
virus statistics
I have read about this in some reports, and I've used the Declude
recommended call for calling Clam... I'd like more information if you have
it on your specific solution of the name-dissconnect. < open issue? >
However, the ClamAID install sets the system up to have both Declude as well
as ClamAV log their results. So the correct view of what is happening
should be being logged on the ClamAV side, if not fully transparent through
Declude.
I ended up scripting some middleware between Declude and Clam that would
address the trailing backslash on the input side and the virus name on the
output site.
We haven't detected a trailing backslash issue with clamdscan.exe being
called from Declude.
Of course, we're not perfect, but we'd definately love to get your read on
the AID tool.
Thanks.
Andrew Wallo
#############################################################
This message is sent to you because you are subscribed to
the mailing list <sniffer@sortmonster.com>.
To unsubscribe, E-mail to: <sniffer-...@sortmonster.com>
To switch to the DIGEST mode, E-mail to <sniffer-dig...@sortmonster.com>
To switch to the INDEX mode, E-mail to <sniffer-in...@sortmonster.com>
Send administrative queries to <sniffer-requ...@sortmonster.com>
