Mailing List Archive

On 18.02.2020 17:24, Ralph Seichter via clamav-users wrote:
> After the recent discussion of various security risks posed by the
> clamav-unofficial-sigs script, I have written "Fangfrisch" as a secure
> and convenient replacement. It was meant for personal use at first, but
> it works so well for me that I have taken the time to write a full
> documentation, in the hope that others might also find Fangfrisch
> useful. Documentation is available here:
>
> https://rseichter.github.io/fangfrisch/
>
> The Python code has 100% test coverage and works reliably on my own
> servers, so I am confident that it has reached the necessary maturity
> for a public beta test.
>
> If you wish to give Fangfrisch a spin, check out the link above for
> detailed instructions on setup and usage. I'd be grateful for your
> feedback.
>
> -Ralph

Hello!

Is Python 3.7 a hard requirement?

RHEL/CentOS 8 are on version 3.6 of Python and they would be excluded
from running the script.

Thanks!
Reio

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

* Reio Remma via clamav-users:

> RHEL/CentOS 8 are on version 3.6 of Python and they would be excluded
> from running the script.

I don't actually know if Python 3.6 would work, not having any machine
with this old version available.

Python version 3.7 was released in June 2018, and version 3.8 in October
2019. Are you certain the Linux distributions you mentioned have no way
of installing Python 3.7 ?

-Ralph

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

I just remembered that I use a feature of the subprocess module that was
introduced with Python 3.7. So yes, version 3.7 is a hard requirement.

-Ralph

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

On 18.02.2020 19:28, Ralph Seichter via clamav-users wrote:
> * Reio Remma via clamav-users:
>
>> RHEL/CentOS 8 are on version 3.6 of Python and they would be excluded
>> from running the script.
> I don't actually know if Python 3.6 would work, not having any machine
> with this old version available.
>
> Python version 3.7 was released in June 2018, and version 3.8 in October
> 2019. Are you certain the Linux distributions you mentioned have no way
> of installing Python 3.7 ?

That's the trouble with RHEL/CentOS - they stick with the major software
versions they initially come with for the lifetime of their distribution
version.

Reio

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

That is a perl library pcre isnt it?
On Feb 18, 2020 1:51 PM, Reio Remma via clamav-users <clamav-users@lists.clamav.net> wrote:

On 18.02.2020 19:28, Ralph Seichter via clamav-users wrote:
> * Reio Remma via clamav-users:
>
>> RHEL/CentOS 8 are on version 3.6 of Python and they would be excluded
>> from running the script.
> I don't actually know if Python 3.6 would work, not having any machine
> with this old version available.
>
> Python version 3.7 was released in June 2018, and version 3.8 in October
> 2019. Are you certain the Linux distributions you mentioned have no way
> of installing Python 3.7 ?

That's the trouble with RHEL/CentOS - they stick with the major software
versions they initially come with for the lifetime of their distribution
version.

Reio

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

* Reio Remma via clamav-users:

> That's the trouble with RHEL/CentOS - they stick with the major
> software versions they initially come with for the lifetime of
> their distribution version.

If there are no official Python 3.7 packages for these distributions,
maybe community packages are available? Failing that, there is also the
alternative of building Python from its sources.

I don't mean to pressure you, of course, but I also don't feel like
limiting my code to Python 3.6, as you can surely understand.

-Ralph

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

* Rxx Mxxxxxx via clamav-users:

> That is a perl library pcre isnt it?

I don't understand your question -- if it was actually intended for me,
that is.

-Ralph

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

I think he responded to the wrong thread. But I may as well answer his question. Pcre is a perl-compatible regex library for C. Pcre2 is the same, but with a new & improved API, with more features, and better stability.

?On 2/18/20, 5:39 PM, "clamav-users on behalf of Ralph Seichter via clamav-users" <clamav-users-bounces@lists.clamav.net on behalf of clamav-users@lists.clamav.net> wrote:

* Rxx Mxxxxxx via clamav-users:

> That is a perl library pcre isnt it?

I don't understand your question -- if it was actually intended for me,
that is.

-Ralph

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml



_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

> On 18-Feb-2020, at 8:54 PM, Ralph Seichter via clamav-users <clamav-users@lists.clamav.net> wrote:
>
> After the recent discussion of various security risks posed by the
> clamav-unofficial-sigs script, I have written "Fangfrisch" as a secure
> and convenient replacement.

Is it a drop-in replacement (more or less) for clamav-unofficial-sigs?

Then I can give it a try for few servers I manage.

Regards,

Amish

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

* Amish V.:

> Is it a drop-in replacement (more or less) for clamav-unofficial-sigs?

Indeed. I set out to write a replacement, one that is more secure and
convenient to configure than clamav-unofficial-sigs, and that is also
how I use Fangfrisch on production servers.

-Ralph

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

On 22/02/20 4:47 pm, Ralph Seichter wrote:

> * Amish V.:
>
>> Is it a drop-in replacement (more or less) for clamav-unofficial-sigs?
> Indeed. I set out to write a replacement, one that is more secure and
> convenient to configure than clamav-unofficial-sigs, and that is also
> how I use Fangfrisch on production servers.
>
> -Ralph

Created AUR package for Arch Linux. (uses systemd timer instead of cron)

https://aur.archlinux.org/packages/python-fangfrisch/

Hope that more people will try it out.

Amish.



_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

* Amish via clamav-users:

> Created AUR package for Arch Linux. (uses systemd timer instead of cron)

Nice, thank you. May I ask why you did not enable support for both
Malwarepatrol and SecuriteInfo in your packaged configuration?

I have opened a pull request for Gentoo Linux today, providing an ebuild
for a new package called app-antivirus/fangfrisch. I hope it won't take
long for it to be processed.

-Ralph

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

On 23/02/20 12:39 am, Ralph Seichter via clamav-users wrote:
> * Amish via clamav-users:
>
>> Created AUR package for Arch Linux. (uses systemd timer instead of cron)
> Nice, thank you. May I ask why you did not enable support for both
> Malwarepatrol and SecuriteInfo in your packaged configuration?
>
>
> -Ralph

Because those need you to sign up for the keys? And I wanted default
config file such that package runs out of box.

That said, I have not disabled support for both, anyone can edit conf
file as per their requirement.

Amish.


_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

* Amish via clamav-users:

> I wanted default config file such that package runs out of box.

I understand.

> That said, I have not disabled support for both, anyone can edit conf
> file as per their requirement.

You are right. Perhaps adding the two additional sections with explicit
enabled=false might be an option, and maybe also include a link to the
documentation?

For comparison, I install this [1] configuration file for Gentoo Linux,
plus a disabled crontab. The installation process reminds the user to
edit the config before first launch. Only if the user ignores this a
HTTP error will be displayed, which is fine by me. Of course, this is
merely a suggestion of mine that you don't need to take. ;-)

[1] https://github.com/rseichter/gentoo/blob/fangfrisch-200222/app-antivirus/fangfrisch/files/conf

-Ralph

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

On 23/02/20 6:36 pm, Ralph Seichter via clamav-users wrote:
> * Amish via clamav-users:
>
>> That said, I have not disabled support for both, anyone can edit conf
>> file as per their requirement.
> You are right. Perhaps adding the two additional sections with explicit
> enabled=false might be an option,

Did that already few hours back!

> For comparison, I install this [1] configuration file for Gentoo Linux,
> plus a disabled crontab. The installation process reminds the user to
> edit the config before first launch.

https://aur.archlinux.org/cgit/aur.git/tree/fangfrisch.install?h=python-fangfrisch

Above link is message that Arch users will get when they install the
package.

I would suggest that your code detect the first run and automatically
run initdb if db_url is sqlite database and file does not exist (but
directory exist)

Regards

Amish.


_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

* Amish via clamav-users:

> Did that already few hours back!

Great minds... ;-)

> I would suggest that your code detect the first run and automatically
> run initdb if db_url is sqlite database and file does not exist (but
> directory exist)

I had thought about this before, but decided against it. IMO, having
admins invoke 'initdb' manually once is not too much to ask.

-Ralph

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml