Mailing List Archive

1 2 3 4 5 6 7 8  View All
Re: (no subject) [ In reply to ]
On Apr 21, 2010, at 2:51 PM, Steve Holdoway wrote:

> On Thu, 2010-04-22 at 09:07 +1200, Spiro Harvey wrote:
>
>> But the distro are the ones who gave you outdated unsupported
>> software.
>> Had they provided you with a newer package, you wouldn't have had
>> this
>> problem.
> Spiro, you're missing the point of a distro completely. That is to
> provide a functionally static platform for people to use and release
> to.

Funny, every distro I have used has had numerous updates till it
reached EOL. Did I believe updates stopped because no new
vulnerabilities exist in the distro? Of course not.
> From that point on, only security patches are released. The fact that
> 0.94.x was current when debian lenny was released means that it should
> stay that way until EOL of the distro.
>
> Anything else is breaking at least the spirit of the distro release
> philosophy.
>
> Sure you can use a different model, like including the volatile
> and / or
> backports packages, but that's not the point. I've heard of these, but
> then I'm a career sysadmin. How many servers out there are managed by
> those, rather than just relying on the testing performed by
> debian/redhat/novell, etc?
>
> Steve.
>
>
> --
> Steve Holdoway <steve@greengecko.co.nz>
> http://www.greengecko.co.nz
> MSN: steve@greengecko.co.nz
> Skype: sholdowa
> _______________________________________________
> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
> http://www.clamav.net/support/ml

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: (no subject) [ In reply to ]
On Wed, 2010-04-21 at 17:00 -0700, Jim Preston wrote:
> On Apr 21, 2010, at 2:51 PM, Steve Holdoway wrote:
>
> > On Thu, 2010-04-22 at 09:07 +1200, Spiro Harvey wrote:
> >
> >> But the distro are the ones who gave you outdated unsupported
> >> software.
> >> Had they provided you with a newer package, you wouldn't have had
> >> this
> >> problem.
> > Spiro, you're missing the point of a distro completely. That is to
> > provide a functionally static platform for people to use and release
> > to.
>
> Funny, every distro I have used has had numerous updates till it
> reached EOL. Did I believe updates stopped because no new
> vulnerabilities exist in the distro? Of course not.
Read what I said. *functional* not security. Like, for example, php is
at 5.2.6 on lenny, unless you configure is differently. That's the whole
point of releases.

Get with it Jim (:

Steve

--
Steve Holdoway <steve@greengecko.co.nz>
http://www.greengecko.co.nz
MSN: steve@greengecko.co.nz
Skype: sholdowa
Re: Clubbing a deceased equine [ In reply to ]
Jim Preston wrote:
> On Apr 21, 2010, at 2:48 PM, Robert Wyatt wrote:
>
>> Eray Aslan wrote:
>>> Does anyone have access to legal opinion for a lawsuit against clamav
>>> developers or its parent company? Perhaps Germany is the better place
>>> for it.
>>
>> Yeah, I've got a legal opinion for you. You have no standing to
>> recover any damages and any suit you file would be subject to a
>> counterclaim for a frivolous lawsuit.
>> _______________________________________________
>>
>
> And I hope you do file a frivolous lawsuit and lose your shirt in court
> and lawyer fees. Lawyers will only be too happy to take your money for
> your lost cause.

Ahhh but it wouldn't be a civil case; it'd be a criminal case.

The prosecution would be the crown or government.


--
Please remember that an email is just like a postcard; it is not
confidential nor private nor secure and can be read by many other people
than the intended recipient. A postcard can be read by anyone at the mail
sorting office and expecting what is written on it to be private and secret
is not realistic. Please hold no higher expectation of email.

If you need to send confidential information in an email you need to use
encryption. PGP is Pretty good for this.
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: (no subject) [ In reply to ]
On Wed, Apr 21, 2010 at 12:15 AM, Simon Hobson <linux@thehobsons.co.uk> wrote:


> Jason Haar wrote:
>
>> ClamAV devs: your response was appropriate. I speak on behalf of the 99%
>> of sites unaffected by this. You can tell that as only 10 people seem to
>> be involved in this thread.
>
> Only 10 people who thought it worth while to put their hands up and say
> something about it. There will be many who will have seen the threads and
> decided they have nothing more to add than "me too", and probably a fair
> number that are waiting for their friendly tech to unbreak their appliance.


I've been watching this thread, and several others, for a few days
now. I haven't said anything because I did not think I had anything
worth contributing to the discussion. It seems plain to me that
nothing is going to be solved here.

I am speaking up now because I do not want my silent observance to be
seen as 'approval' of what happened. I vehemently disagree with the
way the ClamAV developers handled this situation. I sincerely hope
that the FOSS community rises up to the challenge and an equally
capable virus scanner is born whose core developers are a little more
considerate in how they treat the many 'upgrade orphans' that will
always exist.

-Chris
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: (no subject) [ In reply to ]
On Apr 21, 2010, at 5:08 PM, Steve Holdoway wrote:

> On Wed, 2010-04-21 at 17:00 -0700, Jim Preston wrote:
>> On Apr 21, 2010, at 2:51 PM, Steve Holdoway wrote:
>>
>>> On Thu, 2010-04-22 at 09:07 +1200, Spiro Harvey wrote:
>>>
>>>> But the distro are the ones who gave you outdated unsupported
>>>> software.
>>>> Had they provided you with a newer package, you wouldn't have had
>>>> this
>>>> problem.
>>> Spiro, you're missing the point of a distro completely. That is to
>>> provide a functionally static platform for people to use and release
>>> to.
>>
>> Funny, every distro I have used has had numerous updates till it
>> reached EOL. Did I believe updates stopped because no new
>> vulnerabilities exist in the distro? Of course not.
> Read what I said. *functional* not security. Like, for example, php is
> at 5.2.6 on lenny, unless you configure is differently. That's the
> whole
> point of releases.
>
> Get with it Jim (:
>
Yeah, I saw that and went to close the email but ...... missed and hit
the send button instead and I never have been able to fine the undo
function for the send button :(

Jim
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: Clubbing a deceased equine [ In reply to ]
On Apr 21, 2010, at 5:42 PM, Steve Wray wrote:

> Jim Preston wrote:
>> On Apr 21, 2010, at 2:48 PM, Robert Wyatt wrote:
>>> Eray Aslan wrote:
>>>> Does anyone have access to legal opinion for a lawsuit against
>>>> clamav
>>>> developers or its parent company? Perhaps Germany is the better
>>>> place
>>>> for it.
>>>
>>> Yeah, I've got a legal opinion for you. You have no standing to
>>> recover any damages and any suit you file would be subject to a
>>> counterclaim for a frivolous lawsuit.
>>> _______________________________________________
>>>
>> And I hope you do file a frivolous lawsuit and lose your shirt in
>> court and lawyer fees. Lawyers will only be too happy to take your
>> money for your lost cause.
>
> Ahhh but it wouldn't be a civil case; it'd be a criminal case.
>
> The prosecution would be the crown or government.
>

And would still be a monumental waste of your tax revenue, but what
the heck, it's your money....

Jim

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: (no subject) [ In reply to ]
On Apr 21, 2010, at 6:02 PM, Chris Knight wrote:

> On Wed, Apr 21, 2010 at 12:15 AM, Simon Hobson
> <linux@thehobsons.co.uk> wrote:
>
>
>> Jason Haar wrote:
>>
>>> ClamAV devs: your response was appropriate. I speak on behalf of
>>> the 99%
>>> of sites unaffected by this. You can tell that as only 10 people
>>> seem to
>>> be involved in this thread.
>>
>> Only 10 people who thought it worth while to put their hands up and
>> say
>> something about it. There will be many who will have seen the
>> threads and
>> decided they have nothing more to add than "me too", and probably a
>> fair
>> number that are waiting for their friendly tech to unbreak their
>> appliance.
>
>
> I've been watching this thread, and several others, for a few days
> now. I haven't said anything because I did not think I had anything
> worth contributing to the discussion. It seems plain to me that
> nothing is going to be solved here.
>
> I am speaking up now because I do not want my silent observance to be
> seen as 'approval' of what happened. I vehemently disagree with the
> way the ClamAV developers handled this situation. I sincerely hope
> that the FOSS community rises up to the challenge and an equally
> capable virus scanner is born whose core developers are a little more
> considerate in how they treat the many 'upgrade orphans' that will
> always exist.
>
> -Chris

That is what FOSS is all about, start coding and I will take it for a
ride when you have a beta.

Jim

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: Clubbing a deceased equine [ In reply to ]
Jim Preston wrote:
> On Apr 21, 2010, at 5:42 PM, Steve Wray wrote:
>
>> Jim Preston wrote:
>>> On Apr 21, 2010, at 2:48 PM, Robert Wyatt wrote:
>>>> Eray Aslan wrote:
>>>>> Does anyone have access to legal opinion for a lawsuit against clamav
>>>>> developers or its parent company? Perhaps Germany is the better place
>>>>> for it.
>>>>
>>>> Yeah, I've got a legal opinion for you. You have no standing to
>>>> recover any damages and any suit you file would be subject to a
>>>> counterclaim for a frivolous lawsuit.
>>>> _______________________________________________
>>>>
>>> And I hope you do file a frivolous lawsuit and lose your shirt in
>>> court and lawyer fees. Lawyers will only be too happy to take your
>>> money for your lost cause.
>>
>> Ahhh but it wouldn't be a civil case; it'd be a criminal case.
>>
>> The prosecution would be the crown or government.
>>
>
> And would still be a monumental waste of your tax revenue, but what the
> heck, it's your money....


If there is the slightest chance that a legal precedent could be set that
would deter the likes of Apple or Sony disabling functionality in consumer
devices by remote control I would be ALL for spending tax money on this.

And I would have thought that virtually anyone in the FOSS community would
have agreed. Excuse me for my error.

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: Clubbing a deceased equine [ In reply to ]
On Apr 21, 2010, at 6:19 PM, Steve Wray wrote:

> Jim Preston wrote:
>> On Apr 21, 2010, at 5:42 PM, Steve Wray wrote:
>>> Jim Preston wrote:
>>>> On Apr 21, 2010, at 2:48 PM, Robert Wyatt wrote:
>>>>> Eray Aslan wrote:
>>>>>> Does anyone have access to legal opinion for a lawsuit against
>>>>>> clamav
>>>>>> developers or its parent company? Perhaps Germany is the
>>>>>> better place
>>>>>> for it.
>>>>>
>>>>> Yeah, I've got a legal opinion for you. You have no standing to
>>>>> recover any damages and any suit you file would be subject to a
>>>>> counterclaim for a frivolous lawsuit.
>>>>> _______________________________________________
>>>>>
>>>> And I hope you do file a frivolous lawsuit and lose your shirt in
>>>> court and lawyer fees. Lawyers will only be too happy to take
>>>> your money for your lost cause.
>>>
>>> Ahhh but it wouldn't be a civil case; it'd be a criminal case.
>>>
>>> The prosecution would be the crown or government.
>>>
>> And would still be a monumental waste of your tax revenue, but what
>> the heck, it's your money....
>
>
> If there is the slightest chance that a legal precedent could be set
> that would deter the likes of Apple or Sony disabling functionality
> in consumer devices by remote control I would be ALL for spending
> tax money on this.
>
> And I would have thought that virtually anyone in the FOSS community
> would have agreed. Excuse me for my error.
>

In the case of Apple or Sony disabling consumer devices, I agree, have
the crown start litigation against those companies if that is your goal.

Jim
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: illegal or not, make a valid argument (was "no subject") [ In reply to ]
In message <p06240832c7f4eb4691fe@simon.thehobsons.co.uk> Simon Hobson
<linux@thehobsons.co.uk> was claimed to have wrote:

>Here we go again, you are introducing something irrelevant to try and
>justify your actions. Yes, I know what the licence says - but that
>merely says I cannot expect support from you, and I can't complain if
>it doesn't work. That still does not mean I am giving you permission
>to enter my property and make changes

Once again, no one "entered your property", but rather, you configured
your server to request updates from an external source.

A minor difference, but an awfully significant one.

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: Clubbing a deceased equine [ In reply to ]
Simon Hobson wrote:
> The **ONLY** defence I can think of is that they assumed an implicit
> permission by virtue of the user running the update process to fetch
> signature updates. That's a very tenuous thing to infer when pushing an
> update that is so different in purpose to what would normally be fetched.


Well, it's not the only defense that I can think of. For exactly how
long had this message appeared before the ClamAV engine actually died?

LibClamAV Warning: ****************************************************
LibClamAV Warning: *** This version of the ClamAV engine is outdated.
***
LibClamAV Warning: *** DON’T PANIC! Read
http://www.clamav.net/support/faq ***
LibClamAV Warning: *****************************************************

... they're called "idiot lights" for a reason and are disregarded at
the user's peril.
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: Clubbing a deceased equine [ In reply to ]
Robert Wyatt wrote:
> Simon Hobson wrote:
>> The **ONLY** defence I can think of is that they assumed an implicit
>> permission by virtue of the user running the update process to fetch
>> signature updates. That's a very tenuous thing to infer when pushing an
>> update that is so different in purpose to what would normally be fetched.
>
>
> Well, it's not the only defense that I can think of. For exactly how
> long had this message appeared before the ClamAV engine actually died?
>
> LibClamAV Warning: ****************************************************
> LibClamAV Warning: *** This version of the ClamAV engine is outdated.
> ***
> LibClamAV Warning: *** DON’T PANIC! Read
> http://www.clamav.net/support/faq ***
> LibClamAV Warning: *****************************************************
>
> ... they're called "idiot lights" for a reason and are disregarded at
> the user's peril.

I believe that best practice with this sort of thing is to only issue
warnings and not to actually force a potentially harmful change without
*express* consent of the user.

Ie: NOT passive or implicit consent.

Making potentially harmful changes based only on passive or implicit
consent is.. well 'inconsiderate' is about as mild a phrase as I care to use.



--
Please remember that an email is just like a postcard; it is not
confidential nor private nor secure and can be read by many other people
than the intended recipient. A postcard can be read by anyone at the mail
sorting office and expecting what is written on it to be private and secret
is not realistic. Please hold no higher expectation of email.

If you need to send confidential information in an email you need to use
encryption. PGP is Pretty good for this.
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: Clubbing a deceased equine [ In reply to ]
On 4/21/10 8:03 PM, Steve Wray wrote:

>
> I believe that best practice with this sort of thing is to only issue
> warnings and not to actually force a potentially harmful change without
> *express* consent of the user.

Suggest at least one way to inform all the users successfully that obsolete
software is going to die soon - and don't let it slip past you in your solution
that the ClamAV people have know way of knowing who they need to inform. And
recall too, this: Filling their logs with warnings didn't work. Posting the
notice on the front page of their website didn't work. Running commentary in
this list didn't work. Announcing it in their Announcements list didn't work.

You don't know a way, they don't know a way, and I know for a fact it cannot be
done, and the reasons why have been listed and the results show that despite
adequate notification, some people failed to heed. They have to explain this
inadequacy to management. It must have been a long day for them. I'm over it.

What the team did worked for me, but I pay attention - it's my job. And you know
something? It really wasn't difficult. It takes me maybe 10 minutes to deal with
a ClamAV upgrade and less time to discover one is necessary.

We're left with this: The "problem" affected only those that did not pay
adequate attention. There is no cure for that.

So here's a message to everyone that was surprised: PAY ATTENTION because
there's going to be a next time!

dp
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: Clubbing a deceased equine [ In reply to ]
On 4/21/10 8:20 PM, Dennis Peterson wrote:


> know way of knowing

What the hell? Did I write that? :)

dp
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: Clubbing a deceased equine [ In reply to ]
I can't believe this thread.
This is like biting the hand that feeds.
I upgrade Clam every time there's a new release. Across 20+ servers.
Maybe the guys who are complaining should get into this habit too.

It's just good practice if you want a secure antivirus solution.
Do you think they are improving and extending the product for their own
health?
No.
It's for the users.
Stop being so lazy.

> On 4/21/10 8:03 PM, Steve Wray wrote:
>
>>
>> I believe that best practice with this sort of thing is to only issue
>> warnings and not to actually force a potentially harmful change without
>> *express* consent of the user.
>
> Suggest at least one way to inform all the users successfully that
> obsolete
> software is going to die soon - and don't let it slip past you in your
> solution
> that the ClamAV people have know way of knowing who they need to inform.
> And
> recall too, this: Filling their logs with warnings didn't work. Posting
> the
> notice on the front page of their website didn't work. Running commentary
> in
> this list didn't work. Announcing it in their Announcements list didn't
> work.
>
> You don't know a way, they don't know a way, and I know for a fact it
> cannot be
> done, and the reasons why have been listed and the results show that
> despite
> adequate notification, some people failed to heed. They have to explain
> this
> inadequacy to management. It must have been a long day for them. I'm over
> it.
>
> What the team did worked for me, but I pay attention - it's my job. And
> you know
> something? It really wasn't difficult. It takes me maybe 10 minutes to
> deal with
> a ClamAV upgrade and less time to discover one is necessary.
>
> We're left with this: The "problem" affected only those that did not pay
> adequate attention. There is no cure for that.
>
> So here's a message to everyone that was surprised: PAY ATTENTION because
> there's going to be a next time!
>
> dp
> _______________________________________________
> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
> http://www.clamav.net/support/ml
>



_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: (no subject) [ In reply to ]
Quoting Steve Holdoway <steve@greengecko.co.nz>:

> Spiro, you're missing the point of a distro completely. That is to
> provide a functionally static platform for people to use and release to.
> From that point on, only security patches are released. The fact that
> 0.94.x was current when debian lenny was released means that it should
> stay that way until EOL of the distro.
>
> Anything else is breaking at least the spirit of the distro release
> philosophy.

There are distros that follow that philosophy, but not all of them.
A distro can set any release philosophy they want, and indeed people
want different release philosophies from their distros...

--
Eric Rostetter
The Department of Physics
The University of Texas at Austin

Go Longhorns!
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: Clubbing a deceased equine [ In reply to ]
On 22.4.2010 6:03, Steve Wray wrote:
> Robert Wyatt wrote:
>> Simon Hobson wrote:
>> Well, it's not the only defense that I can think of. For exactly how
>> long had this message appeared before the ClamAV engine actually died?
>>
>> LibClamAV Warning: ****************************************************
>> LibClamAV Warning: *** This version of the ClamAV engine is outdated.
>> ***
>> LibClamAV Warning: *** DON’T PANIC! Read
>> http://www.clamav.net/support/faq ***
>> LibClamAV Warning: *****************************************************
>>
>> ... they're called "idiot lights" for a reason and are disregarded at
>> the user's peril.
>
> I believe that best practice with this sort of thing is to only issue
> warnings and not to actually force a potentially harmful change without
> *express* consent of the user.
>
> Ie: NOT passive or implicit consent.
>
> Making potentially harmful changes based only on passive or implicit
> consent is.. well 'inconsiderate' is about as mild a phrase as I care to
> use.
>

Yeah. well, but what's this? Temporary I hope

ClamAV update process started at Thu Apr 22 07:09:06 2010
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.95.3 Recommended version: 0.96
DON'T PANIC! Read http://www.clamav.net/support/faq
main.cld is up to date (version: 52, sigs: 704727, f-level: 44, builder:
sven)
WARNING: getpatch: Can't download daily-10781.cdiff from database.clamav.net
WARNING: getpatch: Can't download daily-10781.cdiff from database.clamav.net
WARNING: getpatch: Can't download daily-10781.cdiff from database.clamav.net
WARNING: getpatch: Can't download daily-10781.cdiff from database.clamav.net
ERROR: getpatch: Can't download daily-10781.cdiff from database.clamav.net
WARNING: Incremental update failed, trying to download daily.cvd
ERROR: Can't download daily.cvd from database.clamav.net
Giving up on database.clamav.net...
Update failed. Your network may be down or none of the mirrors listed in
/etc/clamav/freshclam.conf is working. Check
http://www.clamav.net/support/mirror-problem for possible reasons.




--
http://www.iki.fi/jarif/

You have many friends and very few living enemies.
Re: (no subject) [ In reply to ]
Quoting Jim Preston <jimlinux@commspeed.net>:

>> Read what I said. *functional* not security. Like, for example, php is
>> at 5.2.6 on lenny, unless you configure is differently. That's the whole
>> point of releases.

There are distros that release functional (feature) upgrades as well
as security/bug upgrades... Just as there are ones that don't.

Most distros will provide:
1) Security updates.
2) Bug fixes for major bugs.
3) Additional new features (even in the kernel, such as new hardware support)

Most distros will not provide:
1) Kernel changes to existing kernel functionality.
2) Changes to major system libraries which change existing functionality.
3) Changes to major packages which could impact services or processes
(like a major compiler upgrade, major system library upgrade, etc)

This is sometimes called "preserving the runtime environment", defined
as "the area where the kernel interacts with applications", while
allowing for updates/upgrades which are outside this "runtime environment".

Some distros may, and some may not, provide:
1) Functional updates to various non-critical programs or services
2) Functional updates to various critical programs or services which are
deemed to not cause any changes to the runtime environment of the system.

Compounding this issue are terminology issues such as the difference
between a "release" and a "version" of the distro, etc. (For example,
when I talk about a RHEL release I mean RHEL 4 or RHEL 5, and when I talk
about a RHEL versions I mean RHEL 5.1 or RHEL 5.2. Red Hat calls
these the opposite way (5.1 is a "dot release" where as 4 to 5 is an
version). So it can be confusing, to say the least. If I'm using
release in a way you don't intend, then I apologize...

--
Eric Rostetter
The Department of Physics
The University of Texas at Austin

Go Longhorns!
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: (no subject) [ In reply to ]
On 4/21/10 10:06 PM, Eric Rostetter wrote:
> Quoting Jim Preston <jimlinux@commspeed.net>:
>
>>> Read what I said. *functional* not security. Like, for example, php is
>>> at 5.2.6 on lenny, unless you configure is differently. That's the whole
>>> point of releases.
>
> There are distros that release functional (feature) upgrades as well
> as security/bug upgrades... Just as there are ones that don't.
>
> Most distros will provide:

Show me the contract.

dp
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: Clubbing a deceased equine [ In reply to ]
On 22.04.2010 06:44, Conrad Zane (Via Webmail) wrote:
> I can't believe this thread.
> This is like biting the hand that feeds.
> I upgrade Clam every time there's a new release. Across 20+ servers.
> Maybe the guys who are complaining should get into this habit too.

You are missing the point. I did not get bitten by this. I am
complaining because it is the principle that bothers me. Knowingly
turning off services on other people's computers is an immoral,
unethical, selfish and arragont act which is hopefully illegal some
parts of the world. This is just not acceptable behaviour.

--
Eray
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: Clubbing a deceased equine [ In reply to ]
On 22.04.2010 06:20, Dennis Peterson wrote:
> Suggest at least one way to inform all the users successfully that
> obsolete software is going to die soon - and don't let it slip past you
> in your solution that the ClamAV people have know way of knowing who
> they need to inform. And recall too, this: Filling their logs with
> warnings didn't work. Posting the notice on the front page of their
> website didn't work. Running commentary in this list didn't work.
> Announcing it in their Announcements list didn't work.

Every major software project hits this road block sooner or later and
solves it in an acceptable way. This is not rocket science. I am
pretty sure some way of versioning support was on the table during the
decision making process and was rejected. Knowing the rationale behind
it would be nice. I think it was a bad decision but knowing how the
decision was made (the other side of the argument so to speak) would help.

[...]
> We're left with this: The "problem" affected only those that did not pay
> adequate attention. There is no cure for that.

Our problem statements differ. I am against clamav's "right" to turn
off services on other people's computers which does not say anything on
sysadmins who may or may not be paying attention.

> So here's a message to everyone that was surprised: PAY ATTENTION
> because there's going to be a next time!

I hope not.

--
Eray
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: Clubbing a deceased equine [ In reply to ]
Dennis Peterson wrote:

>>I believe that best practice with this sort of thing is to only issue
>>warnings and not to actually force a potentially harmful change without
>>*express* consent of the user.
>
>Suggest at least one way to inform all the users successfully that
>obsolete software is going to die soon - and don't let it slip past
>you in your solution that the ClamAV people have know way of knowing
>who they need to inform. And recall too, this: Filling their logs
>with warnings didn't work. Posting the notice on the front page of
>their website didn't work. Running commentary in this list didn't
>work. Announcing it in their Announcements list didn't work.
>
>You don't know a way, they don't know a way, and I know for a fact
>it cannot be done

If you start with the pre-requisite that you must stop old versions
working then you are correct. Remove that pre-requisite and you are
not.

More than one suggestion has been made of how the team could have
"just moved on" and left the old versions behind - without having to
kill them. These suggestions have been rubbished for various (mostly
false) reasons.

People keep saying it's the user/admin's fault, that the user/admin
should take all the blame, and that the user/admin should suffer the
consequences. Fair enough - how this for a really odd idea - why not
just stop providing AV updates to the older versions, and let the
users/admins take the responsibility and consequences if they
continue to ignore the warnings that updates have stopped working. If
they ignore "things aren't working" errors then I'd agree with you -
let them deal with it. I don't agree with the argument that "things
are not optimal" is a warning to upgrade before things go bang.

--
Simon Hobson

Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
author Gladys Hobson. Novels - poetry - short stories - ideal as
Christmas stocking fillers. Some available as e-books.
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: Clubbing a deceased equine [ In reply to ]
Eray Aslan wrote:
> On 22.04.2010 06:20, Dennis Peterson wrote:
>
>> Suggest at least one way to inform all the users successfully that
>> obsolete software is going to die soon - and don't let it slip past you
>> in your solution that the ClamAV people have know way of knowing who
>> they need to inform. And recall too, this: Filling their logs with
>> warnings didn't work. Posting the notice on the front page of their
>> website didn't work. Running commentary in this list didn't work.
>> Announcing it in their Announcements list didn't work.
>>
>
> Every major software project hits this road block sooner or later and
> solves it in an acceptable way. This is not rocket science. I am
> pretty sure some way of versioning support was on the table during the
> decision making process and was rejected. Knowing the rationale behind
> it would be nice. I think it was a bad decision but knowing how the
> decision was made (the other side of the argument so to speak) would help.
>
> [...]
>
>> We're left with this: The "problem" affected only those that did not pay
>> adequate attention. There is no cure for that.
>>
>
> Our problem statements differ. I am against clamav's "right" to turn
> off services on other people's computers which does not say anything on
> sysadmins who may or may not be paying attention.
>
>
>> So here's a message to everyone that was surprised: PAY ATTENTION
>> because there's going to be a next time!
>>
>
> I hope not.
>
>
If you bothered to read this entire thread you would understand that
ClamAV did no such thing. In a couple of weeks these very same systems
would have failed when the new signature format went into affect. The
issue is that without code changes to <0.95 installations the new
signatures will crash Clamd by design of <0.95 versions. This was built
into the versions NOT as a method of breaking clamd but as preventing
loading of what this version considers malformed databases. They are not
guilty of intentionally turn off services but of not WASTING their money
to protect users who want to continue to use EOL software.

Jim
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: (no subject) [ In reply to ]
Until a few months ago I had 2(!!!) Redhat 7 servers in
full flight running compiled versions of sendmail and
clamav (amongst other things). I never had any problems
to get the latest versions compiled ....

Jobst


On Fri, Apr 16, 2010 at 01:22:53PM +0300, Török Edwin (edwintorok@gmail.com) wrote:
> On 04/16/2010 01:07 PM, Dima wrote:
> >I have something very much doubt that this can be done on the old compiler
> >using libraries of those times.
>
> People have successfully built ClamAV on various old systems, maybe
> not with all the features, but it surely built and run.
>
> Just give it a try.
>
> Best regards,
> --Edwin
> _______________________________________________
> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
> http://www.clamav.net/support/ml

--
best accelerated mac = 9.8 m/(s*s)

| |0| | Jobst Schmalenbach, jobst@barrett.com.au, General Manager
| | |0| Barrett Consulting Group P/L & The Meditation Room P/L
|0|0|0| +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: (no subject) [ In reply to ]
I had this issue last night. It was fixed between the time I first reported the problem and the time I successfully uploaded the file. I just updated the database one more time and no more false positives.

Sent from Janet's iPad

-Al-
--
Al Varnell

On Nov 8, 2010, at 1:21 PM, Eric Black <eblack@higherone.com> wrote:

>
> Hi,
>
> I'm having the same problem as described here: http://lurker.clamav.net/message/20100310.195831.c6c71431.en.html
>
> I'm getting false positives on two older files starting today, so I uploaded the files and this was the server response:
>
> Result:
> This file is not detected by ClamAV. Please update your CVD database before reporting false-positives. If you are using third-party databases/unofficial signatures, please contact the author of the signature. We can only process false-positives generated by ClamAV Official signatures.
>
> Please correct the above errors and retry. Thank you for helping the ClamAV project.
>
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

1 2 3 4 5 6 7 8  View All