Discussion:
The EOL tweets
(too old to reply)
Steve Basford
2010-04-16 09:41:53 UTC
Permalink
Hi,

Just for interest.. feedback on EOL...

http://search.twitter.com/search?q=clamav

Cheers,

Steve
Sanesecurity

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Giampaolo Tomassoni
2010-04-16 11:15:45 UTC
Permalink
Post by Steve Basford
Hi,
Just for interest.. feedback on EOL...
http://search.twitter.com/search?q=clamav
Indeed, an EOL on the previous minor version is quite an hazard and may be
regarded as a self-destructive behavior: it could easily became an
End-Of-(product-)Line, meaning that people will switch to something more
"serious"...

Was that the purpose?

Giampaolo
Post by Steve Basford
Cheers,
Steve
Sanesecurity
_______________________________________________
Help us build a comprehensive ClamAV guide: visit
http://wiki.clamav.net
http://www.clamav.net/support/ml
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Gareth Hopkins
2010-04-16 11:29:57 UTC
Permalink
On Fri, Apr 16, 2010 at 1:15 PM, Giampaolo Tomassoni <
Post by Giampaolo Tomassoni
Post by Steve Basford
Hi,
Just for interest.. feedback on EOL...
http://search.twitter.com/search?q=clamav
Indeed, an EOL on the previous minor version is quite an hazard and may be
regarded as a self-destructive behavior: it could easily became an
End-Of-(product-)Line, meaning that people will switch to something more
"serious"...
Was that the purpose?
Why is there so much bitching about this ? The original announcement was
made on the 6th October last year.
http://lists.clamav.net/lurker/message/20091006.143601.d27bbd20.en.html along
with multiple reminders so people
have had over 6 months to upgrade.

Any proactive admin should be monitoring their software mailing lists so the
excuse of "We weren't told" or "Why all of
a sudden" are null and void.

To the clamav team, thanks for an awesome product :)
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Leonardo Rodrigues
2010-04-16 11:38:47 UTC
Permalink
Post by Gareth Hopkins
Any proactive admin should be monitoring their software mailing lists so the
excuse of "We weren't told" or "Why all of
a sudden" are null and void.
I dont know in which world you live ... but in the REAL world i
live, not all systems are managed by proactive admins. In fact, in the
REAL world, LOTS of systems are just left alone running. And it works
most of the time, despite of all the theorical and practical
considerations against it. I know that isn't right, that isn't secure,
that's not the optimal situation ..... but thats the REAL situation.

despite of all the warnings, the EOL signature was a bad move in my
opinion.
Post by Gareth Hopkins
To the clamav team, thanks for an awesome product :)
here i have to agree with you ... congratulations for clamav team
for its great software.
--
Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
***@solutti.com.br
My SPAMTRAP, do not email it




_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Aecio F. Neto
2010-04-16 12:59:32 UTC
Permalink
On Fri, Apr 16, 2010 at 8:38 AM, Leonardo Rodrigues <
Post by Gareth Hopkins
Any proactive admin should be monitoring their software mailing lists so the
excuse of "We weren't told" or "Why all of
a sudden" are null and void.
I dont know in which world you live ... but in the REAL world i live,
not all systems are managed by proactive admins. In fact, in the REAL world,
LOTS of systems are just left alone running. And it works most of the time,
despite of all the theorical and practical considerations against it. I know
that isn't right, that isn't secure, that's not the optimal situation .....
but thats the REAL situation.
despite of all the warnings, the EOL signature was a bad move in my
opinion.
Totally agree here too.

Saudações tupiniquins.
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Maurice Lucas - TAOS-IT
2010-04-16 13:11:45 UTC
Permalink
-----Original Message-----
Sent: vrijdag 16 april 2010 13:39
Subject: Re: [Clamav-users] The EOL tweets
Post by Gareth Hopkins
Any proactive admin should be monitoring their software mailing lists
so the
Post by Gareth Hopkins
excuse of "We weren't told" or "Why all of
a sudden" are null and void.
I dont know in which world you live ... but in the REAL world i
live, not all systems are managed by proactive admins. In fact, in the
REAL world, LOTS of systems are just left alone running. And it works
most of the time, despite of all the theorical and practical
considerations against it. I know that isn't right, that isn't secure,
that's not the optimal situation ..... but thats the REAL situation.
If you don't have the time, knowledge, or whatever. Don't be a sysadmin.

Being a sysadmin for a PRODUCTION server is a real job.
I hire someone to fix my car and repair my roof. Why because I could try and fix something but I know I can't complain if I break something.
despite of all the warnings, the EOL signature was a bad move in
my opinion.
We are talking about a message send to everyone who cares for there system of October 5th, 2009.
An old version of ClamAV can't find the newest viruses. The really old ones don't run in the wild anymore.
Post by Gareth Hopkins
To the clamav team, thanks for an awesome product :)
here i have to agree with you ... congratulations for clamav team
for its great software.
Thanks Clamav for your work

With kind regards,
met vriendelijke groet,
 
Maurice Lucas
 
TAOS-IT
………………………………………………………………....
Paulus Buijsstraat 191
2613 HR  Delft
www.taos-it.nl
KvK Haaglanden nr. 27254410
 
  Denk aan het milieu; is het afdrukken van deze e-mail echt noodzakelijk?


_______________________________________________
Help us build a comprehensive ClamAV guide: visit http:
Simon Hobson
2010-04-16 13:39:24 UTC
Permalink
Post by Maurice Lucas - TAOS-IT
Post by Leonardo Rodrigues
I dont know in which world you live ... but in the REAL world i
live, not all systems are managed by proactive admins. In fact, in the
REAL world, LOTS of systems are just left alone running. And it works
most of the time, despite of all the theorical and practical
considerations against it. I know that isn't right, that isn't secure,
that's not the optimal situation ..... but thats the REAL situation.
If you don't have the time, knowledge, or whatever. Don't be a sysadmin.
Being a sysadmin for a PRODUCTION server is a real job.
I hire someone to fix my car and repair my roof. Why because I could
try and fix something but I know I can't complain if I break
something.
Ohh, bad analogy.

According to comments already made, to be a competent car owner
you've got to periodically check the websites of all the bits that go
into it. So we'll start with (for example) Ford for the base vehicle,
and (for example) Michelin for the tyres, and Bosch for the engine
management, Girling for the brakes, ....

But then again, if I don't I don't find myself sat in the middle of
the road with a dead car - I've yet to hear of a vendor building in a
facility with the sole function of bricking your car if you don't
keep going to them for updates.

And guess what, when you take your car to be serviced, the guy that
services it won't go and check with all the vendors to check, just in
case, that someone has plans to remotely brick it in the next 6
months.
IFF he's a (say) Ford main dealer then he'll check with Ford if there
are any bulletins that apply to it.
Post by Maurice Lucas - TAOS-IT
Post by Leonardo Rodrigues
despite of all the warnings, the EOL signature was a bad move in
my opinion.
We are talking about a message send to everyone who cares for there
system of October 5th, 2009.
As pointed out, it was ***NOT*** sent to people running the servers -
you've done the equivalent of Ford putting a notice up in it's
corporate reception and expecting all owners to know about it. Had I
known 6 months ago rather than this morning, I'd not be complaining
for the simple reason that I'd have been able to deal with it.
Post by Maurice Lucas - TAOS-IT
An old version of ClamAV can't find the newest viruses. The really
old ones don't run in the wild anymore.
For half the day I've been forced to detect no virus's. Now I'm only
detecting the ones known about up till yesterday.
--
Simon Hobson

Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
author Gladys Hobson. Novels - poetry - short stories - ideal as
Christmas stocking fillers. Some available as e-books.
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Maurice Lucas - TAOS-IT
2010-04-16 13:56:55 UTC
Permalink
Post by Simon Hobson
Post by Maurice Lucas - TAOS-IT
Post by Leonardo Rodrigues
despite of all the warnings, the EOL signature was a bad move
in
Post by Maurice Lucas - TAOS-IT
Post by Leonardo Rodrigues
my opinion.
We are talking about a message send to everyone who cares for there
system of October 5th, 2009.
As pointed out, it was ***NOT*** sent to people running the servers -
you've done the equivalent of Ford putting a notice up in it's
corporate reception and expecting all owners to know about it. Had I
known 6 months ago rather than this morning, I'd not be complaining
for the simple reason that I'd have been able to deal with it.
Post by Maurice Lucas - TAOS-IT
An old version of ClamAV can't find the newest viruses. The really
old ones don't run in the wild anymore.
For half the day I've been forced to detect no virus's. Now I'm only
detecting the ones known about up till yesterday.
So you don't mind something like

Tue Aug 4 15:10:12 CEST 2009 (tk)
----------------------------------
* freshclam, libclamav: work around possible race condition during
db updates (bb#1624)

Mon Aug 3 14:48:27 CEST 2009 (tk)
----------------------------------
* libclamav/unzip.c: fix detection of encrypted zip files embedded into
other files (bb#1660)

Fri Jul 31 12:52:08 CEST 2009 (acab)
------------------------------------
* libclamav/pe.c: fix check for pe32+

Wed Jun 10 18:04:53 CEST 2009 (tk)
----------------------------------
* libclamav: detect and handle archives hidden inside other files (eg. images),
which can be unpacked by WinZip, WinRAR and other tools (bb#1554)
Reported by ROGER Mickael and Thierry Zoller



I'm on multiple mailinglists I don't read every day but are on a ones a week a quick scan.
And a lot of them are announce lists for all production critical software I use.

If I run a ssh service on my machine, and yes I do, I keep track of the ssh announce list.
Why because I hate it to find my root password changed because there was a security update I didn't updated 6 months ago because an apt-get update/upgrade didn't work anymore.



met vriendelijke groet,
 
Maurice Lucas
 
TAOS-IT
………………………………………………………………....
Paulus Buijsstraat 191
2613 HR  Delft
www.taos-it.nl
KvK Haaglanden nr. 27254410
 
  Denk aan het milieu; is het afdrukken van deze e-mail echt noodzakelijk?


_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/su
Giampaolo Tomassoni
2010-04-16 14:03:29 UTC
Permalink
Post by Maurice Lucas - TAOS-IT
If I run a ssh service on my machine, and yes I do, I keep track of the ssh announce list.
Why because I hate it to find my root password changed because there
was a security update I didn't updated 6 months ago because an apt-get
update/upgrade didn't work anymore.
So you're subscribed also to all the linux kernel maillists? You know, your sshd is running on top of a linux kernel...

You end being busy reading instead of busy working, this way...

Giampaolo

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Török Edwin
2010-04-16 14:22:56 UTC
Permalink
Post by Giampaolo Tomassoni
Post by Maurice Lucas - TAOS-IT
If I run a ssh service on my machine, and yes I do, I keep track of the
ssh announce list.
Why because I hate it to find my root password changed because there
was a security update I didn't updated 6 months ago because an apt-get
update/upgrade didn't work anymore.
So you're subscribed also to all the linux kernel maillists? You know, your sshd is running on top of a linux kernel...
If you are a Debian user it suffices to subscribe to
debian-security-announce (the ClamAV EOL was announced there).
Other distributions probably have similar mailing lists.

If not, you can subscribe to the *-announce mailing lists, which should
be very low traffic, or follow new releases using RSS feeds, or some
other method.
Post by Giampaolo Tomassoni
You end being busy reading instead of busy working, this way...
Giampaolo
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Giampaolo Tomassoni
2010-04-16 14:31:25 UTC
Permalink
Post by Giampaolo Tomassoni
Post by Giampaolo Tomassoni
Post by Maurice Lucas - TAOS-IT
If I run a ssh service on my machine, and yes I do, I keep track of
the
Post by Giampaolo Tomassoni
Post by Maurice Lucas - TAOS-IT
ssh announce list.
Why because I hate it to find my root password changed because there
was a security update I didn't updated 6 months ago because an apt-
get
Post by Giampaolo Tomassoni
Post by Maurice Lucas - TAOS-IT
update/upgrade didn't work anymore.
So you're subscribed also to all the linux kernel maillists? You
know, your sshd is running on top of a linux kernel...
If you are a Debian user it suffices to subscribe to
debian-security-announce (the ClamAV EOL was announced there).
Other distributions probably have similar mailing lists.
If not, you can subscribe to the *-announce mailing lists, which should
be very low traffic, or follow new releases using RSS feeds, or some
other method.
Török, I meant you can't do this for every and each piece of software
running in your systems.

To my opinio, it was instead possible for the ClamAV project to work-around
the possible implications of remotely disabling all that old-and-crappy
ClamAV installation around the world...

Giampaolo

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Stefan Hornburg (Racke)
2010-04-16 15:28:44 UTC
Permalink
Post by Giampaolo Tomassoni
Post by Giampaolo Tomassoni
Post by Giampaolo Tomassoni
Post by Maurice Lucas - TAOS-IT
If I run a ssh service on my machine, and yes I do, I keep track of
the
Post by Giampaolo Tomassoni
Post by Maurice Lucas - TAOS-IT
ssh announce list.
Why because I hate it to find my root password changed because there
was a security update I didn't updated 6 months ago because an apt-
get
Post by Giampaolo Tomassoni
Post by Maurice Lucas - TAOS-IT
update/upgrade didn't work anymore.
So you're subscribed also to all the linux kernel maillists? You
know, your sshd is running on top of a linux kernel...
If you are a Debian user it suffices to subscribe to
debian-security-announce (the ClamAV EOL was announced there).
Other distributions probably have similar mailing lists.
If not, you can subscribe to the *-announce mailing lists, which should
be very low traffic, or follow new releases using RSS feeds, or some
other method.
Török, I meant you can't do this for every and each piece of software
running in your systems.
No, but you can do that for software where you know it is a moving
target and needs more attention (Virusscanner, Spamassassion and alike)
than other software.

Regards
Racke
--
LinuXia Systems => http://www.linuxia.de/
Expert Interchange Consulting and System Administration
ICDEVGROUP => http://www.icdevgroup.org/
Interchange Development Team

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
McDonald, Dan
2010-04-16 14:28:31 UTC
Permalink
Post by Giampaolo Tomassoni
Post by Maurice Lucas - TAOS-IT
If I run a ssh service on my machine, and yes I do, I keep track of the
ssh announce list.
Why because I hate it to find my root password changed because there
was a security update I didn't updated 6 months ago because an apt-get
update/upgrade didn't work anymore.
So you're subscribed also to all the linux kernel maillists? You know, your
sshd is running on top of a linux kernel...
No, but I subscribe to the sans @risk list, and the DHS daily list, and the
US-CERT daily list. Between those, I generally have a good idea of current
vulnerabilities on most every package. And I patch regularly. If the
vendor doesn't come through with a patch fast enough for my platform, I go
build my own RPM, which then makes me doubly responsible to follow the
project more carefully.
Post by Giampaolo Tomassoni
You end being busy reading instead of busy working, this way...
I can read the essential parts of the SANS @risk letter in under 5 minutes,
and it only comes out once a week. Most of the other lists are good for
other operational awareness.
--
Daniel J McDonald, CCIE # 2495, CISSP # 78281


_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Eric Rostetter
2010-04-16 16:07:50 UTC
Permalink
Post by Simon Hobson
As pointed out, it was ***NOT*** sent to people running the servers
- you've done the equivalent of Ford putting a notice up in it's
corporate reception and expecting all owners to know about it. Had I
known 6 months ago rather than this morning, I'd not be complaining
for the simple reason that I'd have been able to deal with it.
The only solution for this is to:

1) Require everyone who used clamav to register and provide contact info
(won't run if you don't)
2) Send out periodic messages/calls to catch invalidated registration data,
and hire an investigator to track down the problems.
3) Require that when an important notification is sent out, that everyone
replies to confirm they received it and understand the content. If not,
hire people to follow up with those who either don't respond or don't
understand the content.

Do we really want this? Do we really believe this is practical?
Post by Simon Hobson
For half the day I've been forced to detect no virus's. Now I'm only
detecting the ones known about up till yesterday.
The first is because you don't keep up with the news about products you
use. The second is because you refuse to upgrade. Both are, to put it
bluntly, your fault and your problem.

Yes, you can't get new definitions now, but at least you know that. This
is better than if you _thought_ you were getting new updates and were not,
is it not?
--
Eric Rostetter
The Department of Physics
The University of Texas at Austin

Go Longhorns!
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Jim Preston
2010-04-16 18:05:00 UTC
Permalink
Post by Simon Hobson
Post by Maurice Lucas - TAOS-IT
If you don't have the time, knowledge, or whatever. Don't be a sysadmin.
Being a sysadmin for a PRODUCTION server is a real job.
I hire someone to fix my car and repair my roof. Why because I
could try and fix something but I know I can't complain if I break
something.
Ohh, bad analogy.
According to comments already made, to be a competent car owner
you've got to periodically check the websites of all the bits that
go into it. So we'll start with (for example) Ford for the base
vehicle, and (for example) Michelin for the tyres, and Bosch for the
engine management, Girling for the brakes, ....
But then again, if I don't I don't find myself sat in the middle of
the road with a dead car - I've yet to hear of a vendor building in
a facility with the sole function of bricking your car if you don't
keep going to them for updates.
And guess what, when you take your car to be serviced, the guy that
services it won't go and check with all the vendors to check, just
in case, that someone has plans to remotely brick it in the next 6
months.
IFF he's a (say) Ford main dealer then he'll check with Ford if
there are any bulletins that apply to it.
No, he said that if you do not have the time or expertise to keep up
maintenance on the server then either hire someone or live with the
consequences you have made for yourself!
Post by Simon Hobson
Post by Maurice Lucas - TAOS-IT
Post by Leonardo Rodrigues
despite of all the warnings, the EOL signature was a bad
move in
Post by Leonardo Rodrigues
my opinion.
We are talking about a message send to everyone who cares for there
system of October 5th, 2009.
As pointed out, it was ***NOT*** sent to people running the servers
- you've done the equivalent of Ford putting a notice up in it's
corporate reception and expecting all owners to know about it. Had I
known 6 months ago rather than this morning, I'd not be complaining
for the simple reason that I'd have been able to deal with it.
Post by Maurice Lucas - TAOS-IT
An old version of ClamAV can't find the newest viruses. The really
old ones don't run in the wild anymore.
For half the day I've been forced to detect no virus's. Now I'm only
detecting the ones known about up till yesterday.
Unless you upgrade to supported software. This is the same as the
commercial AV vendors, your subscription for Clamav 0.94.x has run
out.....

Jim

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Giampaolo Tomassoni
2010-04-16 13:57:34 UTC
Permalink
Post by Maurice Lucas - TAOS-IT
If you don't have the time, knowledge, or whatever. Don't be a
sysadmin.
Being a sysadmin for a PRODUCTION server is a real job.
I hire someone to fix my car and repair my roof.
It is decades now I'm a sysadmin, but I don't agree with your statement.

I keep repairing my car by myself (when possible) and I don't trust people who doesn't like to have a look its surroundings or to try to understand how a things do what is does.
Post by Maurice Lucas - TAOS-IT
Why because I could
try and fix something but I know I can't complain if I break something.
This may also mean "don't use free products because you can't complain if something breaks".

Which is right, but then why successful open-source projects are often so inclined to listen to their users?
Post by Maurice Lucas - TAOS-IT
Post by Leonardo Rodrigues
despite of all the warnings, the EOL signature was a bad move in
my opinion.
We are talking about a message send to everyone who cares for there
system of October 5th, 2009.
An old version of ClamAV can't find the newest viruses. The really old
ones don't run in the wild anymore.
They find a lot of old viruses and the fact they stopped working at all is the problem, not the fact that new viruses may slip through.

This move surely made ClamAV boxes safer: they aren't passing viruses anymore...

Giampaolo

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Jim Preston
2010-04-16 17:45:21 UTC
Permalink
Post by Leonardo Rodrigues
Post by Gareth Hopkins
Any proactive admin should be monitoring their software mailing lists so the
excuse of "We weren't told" or "Why all of
a sudden" are null and void.
I dont know in which world you live ... but in the REAL world i
live, not all systems are managed by proactive admins. In fact, in
the REAL world, LOTS of systems are just left alone running. And it
works most of the time, despite of all the theorical and practical
considerations against it. I know that isn't right, that isn't
secure, that's not the optimal situation ..... but thats the REAL
situation.
Well chalk this up to one of the times that did not fit into "And it
works most of the time"

Had they not sent the kill signature, your installation would still
have failed in May when the unsupported signatures are released. They
just forced the failure a little sooner...
Post by Leonardo Rodrigues
despite of all the warnings, the EOL signature was a bad move in
my opinion.
Jim

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Giampaolo Tomassoni
2010-04-16 12:12:15 UTC
Permalink
Post by Giampaolo Tomassoni
Post by Giampaolo Tomassoni
Post by Steve Basford
Hi,
Just for interest.. feedback on EOL...
http://search.twitter.com/search?q=clamav
Indeed, an EOL on the previous minor version is quite an hazard and
may be
Post by Giampaolo Tomassoni
regarded as a self-destructive behavior: it could easily became an
End-Of-(product-)Line, meaning that people will switch to something
more
Post by Giampaolo Tomassoni
"serious"...
Was that the purpose?
Why is there so much bitching about this ? The original announcement was
made on the 6th October last year.
http://lists.clamav.net/lurker/message/20091006.143601.d27bbd20.en.html along
with multiple reminders so people
have had over 6 months to upgrade.
Any proactive admin should be monitoring their software mailing lists so the
excuse of "We weren't told" or "Why all of
a sudden" are null and void.
To the clamav team, thanks for an awesome product :)
Nevertheless, many people aren't so "proactive". If you put them in trouble,
they will not blame themselves: they will instead switch to something
else... I'm having a couple of "help me!" calls from some clients of mine
(system vendors and installers) who never even subscribed to this list and
were absolutely unaware of the EOL.

Also, there are cases in which upgrading is not so easy: it may mean a whole
system upgrade.

In example, SuSE 10.1 up-to-date installations have gcc 4.1.0. Clamav 0.96
doesn't even ./configure there. You need to find some suitable binaries or
switch to a newer distribution. Is there a 5 months early alert enough?
Maybe. Maybe not: clamav often is not the only piece of software running on
a box...

The problem here is that old clamav versions have stopped working at all.
Wasn't it better to instead have freshclam to stop updating the database?
Please note freshclam is very used to issue alerts when new clamav versions
are available, but this didn't ever stop clamav from working. People may
have assumed that this would have been the clamav behavior at EOL deadline,
thereby underestimating the matter.

Giampaolo

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Török Edwin
2010-04-16 12:14:42 UTC
Permalink
Post by Giampaolo Tomassoni
Wasn't it better to instead have freshclam to stop updating the database?
I don't know of any way to stop freshclam from updating.
Some mirrors can blacklist old versions, but not most/all.
Post by Giampaolo Tomassoni
Please note freshclam is very used to issue alerts when new clamav versions
are available, but this didn't ever stop clamav from working. People may
have assumed that this would have been the clamav behavior at EOL deadline,
thereby underestimating the matter.
It was explicitly stated that clamd will be disabled.

Best regards,
--Edwin
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Giampaolo Tomassoni
2010-04-16 12:17:43 UTC
Permalink
Post by Török Edwin
It was explicitly stated that clamd will be disabled.
In which language?

Giampaolo

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Török Edwin
2010-04-16 12:19:02 UTC
Permalink
Post by Giampaolo Tomassoni
Post by Török Edwin
It was explicitly stated that clamd will be disabled.
In which language?
"Starting from 15 April 2010 our CVD will contain a special signature
which disables all clamd installations older than 0.95"

http://www.clamav.net/lang/en/2009/10/05/eol-clamav-094/

Best regards,
--Edwin
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Simon Hobson
2010-04-16 12:40:41 UTC
Permalink
Post by Török Edwin
Post by Giampaolo Tomassoni
Post by Török Edwin
It was explicitly stated that clamd will be disabled.
In which language?
"Starting from 15 April 2010 our CVD will
contain a special signature which disables all
clamd installations older than 0.95"
http://www.clamav.net/lang/en/2009/10/05/eol-clamav-094/
Could you please point out where in this log
extract it mentions anything about the software
getting remotely turned off ?
Post by Török Edwin
Received signal: wake up
ClamAV update process started at Fri Apr 16 10:26:14 2010
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.95.3 Recommended version: 0.96
DON'T PANIC! Read http://www.clamav.net/support/faq
main.cvd is up to date (version: 52, sigs: 704727, f-level: 44, builder: sven)
52057, f-level: 51, builder: guitar)
That log message links to http://www.clamav.net/support/faq

Could you please point out where on that page it
mentions anything about the problem ?
As it happens, I HAVE been to that page several
times in the last few months, because I've been
setting up new mail servers and was looking for
info on downloading the updates just once and
passing them round to the others - see, even
though it's a small setup, I still try and
minimise my load on the upstream project servers.


That is why people are so upset about this - in
practical terms, to most users, it was **NOT**
announced 6 months ago - it was sprung on them
with no warning this morning.
--
Simon Hobson

Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
author Gladys Hobson. Novels - poetry - short stories - ideal as
Christmas stocking fillers. Some available as e-books.
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Török Edwin
2010-04-16 12:47:49 UTC
Permalink
Post by Török Edwin
Post by Giampaolo Tomassoni
Post by Török Edwin
It was explicitly stated that clamd will be disabled.
In which language?
"Starting from 15 April 2010 our CVD will contain a special signature
which disables all clamd installations older than 0.95"
http://www.clamav.net/lang/en/2009/10/05/eol-clamav-094/
Could you please point out where in this log extract it mentions
anything about the software getting remotely turned off ?
Post by Török Edwin
Received signal: wake up
ClamAV update process started at Fri Apr 16 10:26:14 2010
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.95.3 Recommended version: 0.96
DON'T PANIC! Read http://www.clamav.net/support/faq
main.cvd is up to date (version: 52, sigs: 704727, f-level: 44, builder: sven)
daily.cvd is up to date (version: 10751, sigs: 52057, f-level: 51,
builder: guitar)
If you manually start clamscan/clamd it shows this message:

LibClamAV Warning:
***********************************************************
LibClamAV Warning: *** This version of the ClamAV engine is outdated.
***
LibClamAV Warning: *** DON'T PANIC! Read
http://www.clamav.net/support/faq ***
LibClamAV Warning:
***********************************************************
LibClamAV Error: cli_hex2str(): Malformed hexstring: This ClamAV version
has reached End of Life! Please upgrade to version 0.95 or later. For
more information see www.clamav.net/eol-clamav-094 and
www.clamav.net/download (length: 169)
LibClamAV Error: Problem parsing database at line 742
LibClamAV Error: Can't load
/tmp/clamav-87fcebeda696335ed02c4a74df419b38/daily.ndb: Malformed database
LibClamAV Error: Can't load /usr/share/clamav/daily.cvd: Malformed database
ERROR: Malformed database
That log message links to http://www.clamav.net/support/faq
You are right, the FAQ should link to the EOL message.
Could you please point out where on that page it mentions anything about
the problem ?
www.clamav.net
IMPORTANT ANNOUNCEMENT (red)
On 15 April 2010 all ClamAV installations older than 0.95 will be
disabled. See http://www.clamav.net/eol-clamav-094/ for more details.

There were also several announcements on the clamav-announce mailing list.
As it happens, I HAVE been to that page several times in the last few
months, because I've been setting up new mail servers and was looking
for info on downloading the updates just once and passing them round to
the others - see, even though it's a small setup, I still try and
minimise my load on the upstream project servers.
That is why people are so upset about this - in practical terms, to most
users, it was **NOT** announced 6 months ago - it was sprung on them
with no warning this morning.
Best regards,
--Edwin
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Simon Hobson
2010-04-16 13:14:31 UTC
Permalink
Could you please point out where in this log extract it mentions
anything about the software getting remotely turned off ?
Post by Török Edwin
Received signal: wake up
ClamAV update process started at Fri Apr 16 10:26:14 2010
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.95.3 Recommended version: 0.96
DON'T PANIC! Read http://www.clamav.net/support/faq
main.cvd is up to date (version: 52, sigs: 704727, f-level: 44, builder: sven)
daily.cvd is up to date (version: 10751, sigs: 52057, f-level: 51,
builder: guitar)
LibClamAV Warning: ***********************************************************
LibClamAV Warning: *** This version of the ClamAV engine is outdated. ***
LibClamAV Warning: *** DON'T PANIC! Read http://www.clamav.net/support/faq ***
LibClamAV Warning: ***********************************************************
LibClamAV Error: cli_hex2str(): Malformed
hexstring: This ClamAV version has reached End
of Life! Please upgrade to version 0.95 or
later. For more information see
www.clamav.net/eol-clamav-094 and
www.clamav.net/download (length: 169)
LibClamAV Error: Problem parsing database at line 742
LibClamAV Error: Can't load
Malformed database
LibClamAV Error: Can't load /usr/share/clamav/daily.cvd: Malformed database
ERROR: Malformed database
No, that's what it says NOW, **AFTER** it's borked the server.

Where in that log message I quoted above does it
say that at any point in the future is will be
turned off ?
I've had no reason to run freshclam manually on
that server in the last 6 months, for several
years in fact. That demonstrates the quality of
the code/project prior to this issue.
That log message links to http://www.clamav.net/support/faq
You are right, the FAQ should link to the EOL message.
Could you please point out where on that page it mentions anything about
the problem ?
www.clamav.net
IMPORTANT ANNOUNCEMENT (red)
That is **NOT** on the page referenced.


I hope that by now you may be realising that many
people quite legitimately did not know anything
until things broke this morning. We did not have
6 months notice - our servers "just broke".
I use clamav, I think it is great and I recommend it to all my customers.
I agree.
Even though, I do not agree with fact that a vendor (open source or not)
disable and break services on my endpoint.
There are many other ways to do it and this is bad for the endpoint and for
the vendor.
Team should review this practice, no matter if they announce it earlier or
not.
Ditto.


Today I've gone from having a server that "just
runs" and has run with virtually no oversight for
several years to one that "just broke".

I had to disable AV scanning this morning in
order to get the mail moving, now I've disabled
freshclam and rolled back the database to
yesterdays version.

Luckily it's not been a busy day today !
--
Simon Hobson

Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
author Gladys Hobson. Novels - poetry - short stories - ideal as
Christmas stocking fillers. Some available as e-books.
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Bowie Bailey
2010-04-16 13:36:10 UTC
Permalink
Today I've gone from having a server that "just runs" and has run with
virtually no oversight for several years to one that "just broke".
I had to disable AV scanning this morning in order to get the mail
moving, now I've disabled freshclam and rolled back the database to
yesterdays version.
Luckily it's not been a busy day today !
Personally, I keep my servers updated, so the EOL issue didn't affect
me, but I agree with the others here. This was a bad idea. As others
have mentioned not every sysadmin takes the time to follow the list or
read the website on a regular basis. While it can be argued that they
should have been doing this, I don't think it is fair to penalize them
quite this severely.

A suggestion for the future... Rather than disabling clamd with the EOL
signature, have freshclam key on the signature (or something else about
the file) and fail the update with a notice that the current version is
no longer supported. This way the server will continue to run with the
old signatures, but there will be a notice in the logs that there is a
problem. More generally, maybe there should be a capability in
freshclam for messages to be sent from the developers. Freshclam could
look for a message whenever it does an update and if it sees one, it
could print it in the logs. This would give an easy way to notify users
of upcoming changes or other important issues.

(Yes, I do realize that this would not help the old versions that are
out there now, but if it is implemented in the next update, then it
could be used when EOL for 0.96.1 rolls around.)
--
Bowie
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Simon Hobson
2010-04-16 14:28:41 UTC
Permalink
Post by Bowie Bailey
Personally, I keep my servers updated, so the EOL issue didn't affect
me,
And on another server (that's newer and is updated), I got bitten by
that as well when an update broke something and I had to manually
figure out which update was responsible and find versions of which
packages to roll back to (which had been deleted from the repos - now
I keep backup copies !)

So keeping up to date has it's own risks - hence why many people take
the attitude of "if it aint broke, don't fix it".
--
Simon Hobson

Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
author Gladys Hobson. Novels - poetry - short stories - ideal as
Christmas stocking fillers. Some available as e-books.
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Jason Bertoch
2010-04-16 14:53:47 UTC
Permalink
Post by Simon Hobson
So keeping up to date has it's own risks - hence why many people take
the attitude of "if it aint broke, don't fix it".
It's broke...please go fix it.
--
/Jason
Jerry
2010-04-16 15:50:24 UTC
Permalink
Post by Jason Bertoch
It's broke...please go fix it.
I was going to say that myself; however, I did not want to rub it in.
--
Jerry
***@seibercom.net

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the Reply-To header.
__________________________________________________________________

"Fantasies are free."
"NO!! NO!! It's the thought police!!!!"
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Jim Preston
2010-04-16 18:15:23 UTC
Permalink
Post by Jason Bertoch
Post by Simon Hobson
So keeping up to date has it's own risks - hence why many people take
the attitude of "if it aint broke, don't fix it".
It's broke...please go fix it.
--
/Jason
_______________________________________________
Absolutely!

Jim
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Eric Rostetter
2010-04-16 15:59:43 UTC
Permalink
Post by Bowie Bailey
A suggestion for the future... Rather than disabling clamd with the EOL
signature, have freshclam key on the signature (or something else about
the file) and fail the update with a notice that the current version is
no longer supported.
This won't work unless we can predict all future needs... How could
they have predicted the kill-signature 5 years ago, to include in the
old code?

Current freshclam warns about it being out of date, but people ignore
it. So failing the freshclam will be ignored also. Now people think
they are protected but they are not. How is that better?
Post by Bowie Bailey
This way the server will continue to run with the
old signatures, but there will be a notice in the logs that there is a
problem.
You assume they will check the log... And if they do, that they will
take some action. Both are bad assumptions.
Post by Bowie Bailey
More generally, maybe there should be a capability in
freshclam for messages to be sent from the developers. Freshclam could
look for a message whenever it does an update and if it sees one, it
could print it in the logs. This would give an easy way to notify users
of upcoming changes or other important issues.
Interesting idea... But it only works if you can get everyone to upgrade
to the new version that supports this. How do you do that? As we've seen,
by killing their old versions... So the killing still can't be avoided...

But I do like the idea. It may not be feasible, but it is an interesting
idea...

And in the back of my mind, I'm thinking, will everyone really read the logs?
I'm pretty sure many will ignore it...
Post by Bowie Bailey
(Yes, I do realize that this would not help the old versions that are
out there now, but if it is implemented in the next update, then it
could be used when EOL for 0.96.1 rolls around.)
Exactly... Thanks for proposing a solution!
--
Eric Rostetter
The Department of Physics
The University of Texas at Austin

Go Longhorns!
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Bowie Bailey
2010-04-16 16:14:27 UTC
Permalink
Post by Eric Rostetter
Post by Bowie Bailey
A suggestion for the future... Rather than disabling clamd with the EOL
signature, have freshclam key on the signature (or something else about
the file) and fail the update with a notice that the current version is
no longer supported.
This won't work unless we can predict all future needs... How could
they have predicted the kill-signature 5 years ago, to include in the
old code?
Obviously this is not a retroactive solution, but now that they know
this may be necessary, something can be changed so that it can be dealt
with more smoothly in the future.
Post by Eric Rostetter
Post by Bowie Bailey
This way the server will continue to run with the
old signatures, but there will be a notice in the logs that there is a
problem.
You assume they will check the log... And if they do, that they will
take some action. Both are bad assumptions.
Probably better than assuming that everyone will check the website or
mailing list. At least no one could claim the information wasn't easily
available if it was right there in their own server logs.
Post by Eric Rostetter
Post by Bowie Bailey
More generally, maybe there should be a capability in
freshclam for messages to be sent from the developers. Freshclam could
look for a message whenever it does an update and if it sees one, it
could print it in the logs. This would give an easy way to notify users
of upcoming changes or other important issues.
Interesting idea... But it only works if you can get everyone to upgrade
to the new version that supports this. How do you do that? As we've seen,
by killing their old versions... So the killing still can't be avoided...
All you can do is make improvements in the current code. Short of
inventing a time machine, there's not much that can be done about
deficiencies in older versions.
--
Bowie
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Chris Meadors
2010-04-16 16:29:10 UTC
Permalink
Post by Bowie Bailey
Obviously this is not a retroactive solution, but now that they know
this may be necessary, something can be changed so that it can be dealt
with more smoothly in the future.
It already has been. 0.95 recognizes signatures which can tell
freshclam to not update anymore. So if in the future a new type of
signature is added that is completely incompatible with 0.95 or later
freshclam will no integrate any further updates into the DB.

What is also being missed is that anyone running 0.94 has been placing
an undue load on the update servers. Has prevented the maintainers from
releasing more effective signatures for the 0.96 users. If these
advanced signatures were to be released without a kill signature it
would have made clamav choke anyway. This kill was an explicit method
of what would happen if the new features were enabled. Instead of a
random death loading what looks like a normal signature, a message was
delivered spelling out what needs to be done.

I've seen commercial AV scanners go into non-functioning mode when an
incompatible signature was released. Of course having a GUI meant that
I was told to download the new update. Clamav on a server has no GUI,
it method of informing the user is it's log file. Anyone running 0.94
has been warned for over two years that they're out of date. Today that
warning became a requirement.
--
Chris

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Giampaolo Tomassoni
2010-04-16 17:13:07 UTC
Permalink
Post by Chris Meadors
Post by Bowie Bailey
Obviously this is not a retroactive solution, but now that they know
this may be necessary, something can be changed so that it can be
dealt
Post by Bowie Bailey
with more smoothly in the future.
It already has been. 0.95 recognizes signatures which can tell
freshclam to not update anymore. So if in the future a new type of
signature is added that is completely incompatible with 0.95 or later
freshclam will no integrate any further updates into the DB.
What is also being missed is that anyone running 0.94 has been placing
an undue load on the update servers. Has prevented the maintainers from
releasing more effective signatures for the 0.96 users. If these
advanced signatures were to be released without a kill signature it
would have made clamav choke anyway. This kill was an explicit method
of what would happen if the new features were enabled. Instead of a
random death loading what looks like a normal signature, a message was
delivered spelling out what needs to be done.
I've seen commercial AV scanners go into non-functioning mode when an
incompatible signature was released. Of course having a GUI meant that
I was told to download the new update. Clamav on a server has no GUI,
it method of informing the user is it's log file. Anyone running 0.94
has been warned for over two years that they're out of date. Today that
warning became a requirement.
There were other ways to stop 0.94 from loading the server. Playing with dns
entries, in example.

Giampaolo

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Freddie Cash
2010-04-16 16:58:40 UTC
Permalink
Post by Török Edwin
Post by Török Edwin
It was explicitly stated that clamd will be disabled.
In which language?
"Starting from 15 April 2010 our CVD will contain a special signature
which disables all clamd installations older than 0.95"
http://www.clamav.net/lang/en/2009/10/05/eol-clamav-094/
Could you please point out where in this log extract it mentions anything
about the software getting remotely turned off ?
Nowhere, since that's not the version that is affected. It's only version
older than 0.95. 0.95 still runs along just fine. We're still using 0.95.3
just fine.
Received signal: wake up
Post by Török Edwin
ClamAV update process started at Fri Apr 16 10:26:14 2010
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.95.3 Recommended version: 0.96
DON'T PANIC! Read http://www.clamav.net/support/faq
main.cvd is up to date (version: 52, sigs: 704727, f-level: 44, builder: sven)
daily.cvd is up to date (version: 10751, sigs: 52057, f-level: 51,
builder: guitar)
--
Freddie Cash
***@gmail.com
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/sup
Maurice Lucas - TAOS-IT
2010-04-16 13:15:25 UTC
Permalink
Post by Giampaolo Tomassoni
Post by Török Edwin
It was explicitly stated that clamd will be disabled.
In which language?
http://www.clamav.net/lang/en/2009/10/05/eol-clamav-094/


All ClamAV releases older than 0.95 are affected by a bug in freshclam which prevents incremental updates from working with signatures longer than 980 bytes.
You can find more details on this issue on our bugzilla (see bug #1395)

This bug affects our ability to distribute complex signatures (e.g. logical signatures) with incremental updates.

So far we haven’t released any signatures which exceed this limit.
Before we do we want as many users as possible to upgrade to the latest version of ClamAV.

Starting from 15 April 2010 our CVD will contain a special signature which disables all clamd installations older than 0.95 – that is to say older than 1 year.

This move is needed to push more people to upgrade to 0.95 .
We would like to keep on supporting all old versions of our engine, but unfortunately this is no longer possible without causing a disservice to people running a recent release of ClamAV.
The traffic generated by a full CVD download, as opposed to an incremental update, cannot be sustained by our mirrors.

We plan to start releasing signatures which exceed the 980 bytes limit on May 2010.

We recommend that you always run the latest version of ClamAV to get optimal protection, reliability and performance.

Thanks for your cooperation!


met vriendelijke groet,
 
Maurice Lucas
 
TAOS-IT
………………………………………………………………....
Paulus Buijsstraat 191
2613 HR  Delft
www.taos-it.nl
KvK Haaglanden nr. 27254410
 
  Denk aan het milieu; is het afdrukken van deze e-mail echt noodzakelijk?


_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http
Christopher X. Candreva
2010-04-16 15:08:47 UTC
Permalink
It seems this has brought out people who don't normally read this list. Let
me save you some tilting at windmills.

The philosophy of the ClamAV team has always been, when in doubt clamd will
not run. There are many people, myself included, who disagree with this. We
have made our objections known, and this is not how the devs choose to run
their project.

It is their right. I choose to run ClamAV anyway.

Rant on if it makes you feel better, but you aren't going to change their
view.

What you SHOULD take from this is that you may want to change how your
milter is set up, so that if clamd dies, unscanned mail is passed rather
than rejected or temp-failed.

Because if ever a signature database is corrupted, clamd won't run. If there
is an empty signature db file, clamd won't run. There are probably other
situations I can't think of right now that mean clamd won't run. I think
even if the databases are older than a week, clamd won't run.

Now, in the realm of my opinion: If you are running open-source software
then you better be on a mailing list for it, your distro if not the packages
themselves.

Because the Clam team, frankly, owes you nothing. Literally, absolutely,
nothing. They are not only giving you free software, but daily, hourly, and
sometimes MINUTELY updates to the database. Free. If you stop using it, not
only won't it hurt them one bit, it will save them bandwidth costs.

Is it too much to ask that we take the initiative and keep up with what is
available ? If they told us we had to check notes posted on their front
door for updates, it would STILL be more than we deserve.

I'm sorry, but I literally have no sympathy for people who use something for
free, don't look at announcements for 6 months, then complain things stopped
working.

And if you think for a minute it would be any better with Microsoft or
Norton or anyone else -- try dealing with a server that just decided it's
now unlicensed for who knows what reason.

The traffic on this is ridiculous. You don't like it, buy something, but
stop whining already.


==========================================================
Chris Candreva -- ***@westnet.com -- (914) 948-3162
WestNet Internet Services of Westchester
http://www.westnet.com/
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Jerry
2010-04-16 15:54:07 UTC
Permalink
On Fri, 16 Apr 2010 11:08:47 -0400 (EDT), Christopher X. Candreva
Post by Christopher X. Candreva
It seems this has brought out people who don't normally read this
list. Let me save you some tilting at windmills.
The philosophy of the ClamAV team has always been, when in doubt
clamd will not run. There are many people, myself included, who
disagree with this. We have made our objections known, and this is
not how the devs choose to run their project.
It is their right. I choose to run ClamAV anyway.
Rant on if it makes you feel better, but you aren't going to change
their view.
What you SHOULD take from this is that you may want to change how
your milter is set up, so that if clamd dies, unscanned mail is
passed rather than rejected or temp-failed.
Because if ever a signature database is corrupted, clamd won't run.
If there is an empty signature db file, clamd won't run. There are
probably other situations I can't think of right now that mean clamd
won't run. I think even if the databases are older than a week, clamd
won't run.
Now, in the realm of my opinion: If you are running open-source
software then you better be on a mailing list for it, your distro if
not the packages themselves.
Because the Clam team, frankly, owes you nothing. Literally,
absolutely, nothing. They are not only giving you free software, but
daily, hourly, and sometimes MINUTELY updates to the database. Free.
If you stop using it, not only won't it hurt them one bit, it will
save them bandwidth costs.
Is it too much to ask that we take the initiative and keep up with
what is available ? If they told us we had to check notes posted on
their front door for updates, it would STILL be more than we deserve.
I'm sorry, but I literally have no sympathy for people who use
something for free, don't look at announcements for 6 months, then
complain things stopped working.
And if you think for a minute it would be any better with Microsoft
or Norton or anyone else -- try dealing with a server that just
decided it's now unlicensed for who knows what reason.
The traffic on this is ridiculous. You don't like it, buy something,
but stop whining already.
I agree with your sentiments whole heartedly.
--
Jerry
***@seibercom.net

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the Reply-To header.
__________________________________________________________________

SAFETY
I can live without
Someone I love
But not without
Someone I need.
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Giampaolo Tomassoni
2010-04-16 15:55:16 UTC
Permalink
Post by Christopher X. Candreva
The philosophy of the ClamAV team has always been, when in doubt clamd
will not run. There are many people, myself included, who disagree with
this. We have made our objections known, and this is not how the devs
choose to run their project.
It is their right. I choose to run ClamAV anyway.
Rant on if it makes you feel better, but you aren't going to change
their view.
What you SHOULD take from this is that you may want to change how your
milter is set up, so that if clamd dies, unscanned mail is passed
rather than rejected or temp-failed.
Because if ever a signature database is corrupted, clamd won't run. If
there is an empty signature db file, clamd won't run. There are probably
other situations I can't think of right now that mean clamd won't run.
I think even if the databases are older than a week, clamd won't run.
Mmmh, no: this happened to a client of mine and clamscan kept working.
Post by Christopher X. Candreva
Now, in the realm of my opinion: If you are running open-source
software then you better be on a mailing list for it, your distro if
not the packages themselves.
To my opinion, it wasn't that clear that old installation would have stopped
working. Also because it is difficult to find a reason
Post by Christopher X. Candreva
Because the Clam team, frankly, owes you nothing. Literally,
absolutely, nothing. They are not only giving you free software, but
daily, hourly, and sometimes MINUTELY updates to the database. Free.
If you stop using it, not only won't it hurt them one bit, it will save
them bandwidth costs.
I don't see it this way. I know the team owes us nothing, but a wrong move
may hurt them anyway: users may start moving to something else, possibly
"smoother" in its reasoning. Other free AV project could stem from this kind
of *mistakes*, the ClamAV user-base would decrease and signature updates
(which I guess are a function of the virus reported by users) would decrease
in effectiveness, too. In summary, the team working on a open-software
project has after all some rules to respect in order to keep their own
project alive. One of these is: keep the number of users you put in trouble
low.

Maybe this happened, but I had two calls in the morning about this, for
maybe five mailing systems which stopped working. Most of them are not
easily upgradeable. After all, I can't care it the less. But what about the
five small companies running these systems?
Post by Christopher X. Candreva
Is it too much to ask that we take the initiative and keep up with what
is available ? If they told us we had to check notes posted on their
front door for updates, it would STILL be more than we deserve.
I'm sorry, but I literally have no sympathy for people who use something
for free, don't look at announcements for 6 months, then complain things
stopped working.
And if you think for a minute it would be any better with Microsoft or
Norton or anyone else -- try dealing with a server that just decided
it's now unlicensed for who knows what reason.
The traffic on this is ridiculous. You don't like it, buy something,
but stop whining already.
One of the advantages of free and open software is that one doesn't have to
fear for somebody deciding to discontinue service. Even if the ClamAV team
decided to stop producing its nice package as well as any cvd update, the
problem could have been discovered on the live system (when possible, no
hurry) and eventually fixed (again, when possible, no hurry).

In this case, instead, the Team proactively stopped any old clamav
installation from working. They don't owe anything to their users, but after
all even users don't owe their systems to the clamav team...

Giampaolo

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Jim Preston
2010-04-16 18:19:42 UTC
Permalink
Post by Christopher X. Candreva
It seems this has brought out people who don't normally read this list. Let
me save you some tilting at windmills.
The philosophy of the ClamAV team has always been, when in doubt clamd will
not run. There are many people, myself included, who disagree with this. We
have made our objections known, and this is not how the devs choose to run
their project.
It is their right. I choose to run ClamAV anyway.
Rant on if it makes you feel better, but you aren't going to change their
view.
What you SHOULD take from this is that you may want to change how your
milter is set up, so that if clamd dies, unscanned mail is passed rather
than rejected or temp-failed.
Because if ever a signature database is corrupted, clamd won't run. If there
is an empty signature db file, clamd won't run. There are probably other
situations I can't think of right now that mean clamd won't run. I think
even if the databases are older than a week, clamd won't run.
Now, in the realm of my opinion: If you are running open-source software
then you better be on a mailing list for it, your distro if not the packages
themselves.
Because the Clam team, frankly, owes you nothing. Literally,
absolutely,
nothing. They are not only giving you free software, but daily, hourly, and
sometimes MINUTELY updates to the database. Free. If you stop using it, not
only won't it hurt them one bit, it will save them bandwidth costs.
Is it too much to ask that we take the initiative and keep up with what is
available ? If they told us we had to check notes posted on their front
door for updates, it would STILL be more than we deserve.
I'm sorry, but I literally have no sympathy for people who use
something for
free, don't look at announcements for 6 months, then complain things stopped
working.
And if you think for a minute it would be any better with Microsoft or
Norton or anyone else -- try dealing with a server that just decided it's
now unlicensed for who knows what reason.
The traffic on this is ridiculous. You don't like it, buy something, but
stop whining already.
Amen!

Jim
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Giampaolo Tomassoni
2010-04-16 12:24:25 UTC
Permalink
Post by Giampaolo Tomassoni
Post by Giampaolo Tomassoni
Wasn't it better to instead have freshclam to stop updating the
database?
I don't know of any way to stop freshclam from updating.
Some mirrors can blacklist old versions, but not most/all.
Using a new DNS tree, such that old freshclam versions were unable to
perform the job?

Giampaolo

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Török Edwin
2010-04-16 12:34:06 UTC
Permalink
Post by Giampaolo Tomassoni
Post by Giampaolo Tomassoni
Post by Giampaolo Tomassoni
Wasn't it better to instead have freshclam to stop updating the
database?
I don't know of any way to stop freshclam from updating.
Some mirrors can blacklist old versions, but not most/all.
Using a new DNS tree, such that old freshclam versions were unable to
perform the job?
The DNS servers don't receive any information about the version of
freshclam used to perform the query.
The DNS request can go through many DNS caches...

Best regards,
--Edwin
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Giampaolo Tomassoni
2010-04-16 13:42:43 UTC
Permalink
Post by Török Edwin
Post by Giampaolo Tomassoni
Post by Török Edwin
I don't know of any way to stop freshclam from updating.
Some mirrors can blacklist old versions, but not most/all.
Using a new DNS tree, such that old freshclam versions were unable to
perform the job?
The DNS servers don't receive any information about the version of
freshclam used to perform the query.
The DNS request can go through many DNS caches...
So what?

I see the old freshclam issues DNS request like these:

current.cvd.clamav.net.

What if this DNS name stops responding (and be propagated to mirrors) and
instead a new current1.cvd.clamav.net (or maybe current.cvd1.clamav.net if
you dislike the first) start working? Clamav's 0.96 could issue requests to
that brand new name to get updates, while old clamav installations -which
are unaware of it- would simply fail updating.

They would probably scream error messages in big letters in their logs, but
their clamscan would keep running...

Please also note that the fact that "[clamscan will stop working] was
clearly stated" (if any) may have a meaning in a lawsuit. But it is not an
excuse (in the world of the open software) if any other way to have a
forward- and backward-compatible solution is available...

I personally I'm sure I'm not going to file a lawsuit against anybody, since
I have cutes 0.96 up and running in the servers I directly manage. Nor I'm
going to switch, also because I often have more than one AV running in my
mail servers.

Nevertheless, a *lot* of people will abandon clamav in favor of some
pay-per-clean solution (which may even not be a 3D System, after all).

Was this the purpose?

Giampaolo

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Bowie Bailey
2010-04-16 14:01:31 UTC
Permalink
Post by Giampaolo Tomassoni
Post by Török Edwin
Post by Giampaolo Tomassoni
Post by Török Edwin
I don't know of any way to stop freshclam from updating.
Some mirrors can blacklist old versions, but not most/all.
Using a new DNS tree, such that old freshclam versions were unable to
perform the job?
The DNS servers don't receive any information about the version of
freshclam used to perform the query.
The DNS request can go through many DNS caches...
So what?
current.cvd.clamav.net.
What if this DNS name stops responding (and be propagated to mirrors) and
instead a new current1.cvd.clamav.net (or maybe current.cvd1.clamav.net if
you dislike the first) start working? Clamav's 0.96 could issue requests to
that brand new name to get updates, while old clamav installations -which
are unaware of it- would simply fail updating.
They would probably scream error messages in big letters in their logs, but
their clamscan would keep running...
Not a bad idea. It could be generalized to something like:

0.95.3.cvd.clamav.net
0.96.cvd.clamav.net

Each version would have it's own DNS name for updates. All of them
would point to the same group of servers. (Maybe just make them cnames
for current.cvd...) Then, when you want to disable updates for a
version, just drop the name from the DNS.
--
Bowie
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Giampaolo Tomassoni
2010-04-16 14:11:30 UTC
Permalink
Post by Bowie Bailey
0.95.3.cvd.clamav.net
0.96.cvd.clamav.net
Each version would have it's own DNS name for updates. All of them
would point to the same group of servers. (Maybe just make them cnames
for current.cvd...) Then, when you want to disable updates for a
version, just drop the name from the DNS.
There is already something in the TXT record announcing the facility level
needed to get the best from the cvd update. The problem here seems to me
that the new cvd format is so deeply incompatible with the old one that new
CVDs are mostly useless to old clamav intallations.

This is not going to happen often, I guess. So a kind of "cvd format
version" in the DNS name (1 in my example) would probably suffice.

Giampaolo

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Tomasz Kojm
2010-04-16 14:29:37 UTC
Permalink
On Fri, 16 Apr 2010 10:01:31 -0400
Post by Bowie Bailey
0.95.3.cvd.clamav.net
0.96.cvd.clamav.net
Each version would have it's own DNS name for updates. All of them
would point to the same group of servers. (Maybe just make them cnames
for current.cvd...) Then, when you want to disable updates for a
version, just drop the name from the DNS.
Hi,

there's already a special mechanism built into ClamAV 0.95.3 and later
that allows us to remotely control the frequency of database updates
with freshclam (for specific releases).

Thanks,
--
oo ..... Tomasz Kojm <***@clamav.net>
(\/)\......... http://www.ClamAV.net/gpg/tkojm.gpg
\..........._ 0DCA5A08407D5288279DB43454822DC8985A444B
//\ /\ Fri Apr 16 16:24:53 CEST 2010
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Eric Rostetter
2010-04-16 16:12:45 UTC
Permalink
Post by Giampaolo Tomassoni
What if this DNS name stops responding (and be propagated to mirrors) and
instead a new current1.cvd.clamav.net (or maybe current.cvd1.clamav.net if
you dislike the first) start working? Clamav's 0.96 could issue requests to
that brand new name to get updates, while old clamav installations -which
are unaware of it- would simply fail updating.
So instead of breaking only the really old clamav installs, you've broken
ALL the non-0.96 installs? Why break the 0.95 installs as well?

And again, if the old versions keep running, but don't get updates, it is
a dis-service to those who think they are being protected but are not.
--
Eric Rostetter
The Department of Physics
The University of Texas at Austin

Go Longhorns!
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Giampaolo Tomassoni
2010-04-16 16:25:28 UTC
Permalink
Post by Giampaolo Tomassoni
Post by Giampaolo Tomassoni
What if this DNS name stops responding (and be propagated to mirrors)
and
Post by Giampaolo Tomassoni
instead a new current1.cvd.clamav.net (or maybe
current.cvd1.clamav.net if
Post by Giampaolo Tomassoni
you dislike the first) start working? Clamav's 0.96 could issue
requests to
Post by Giampaolo Tomassoni
that brand new name to get updates, while old clamav installations -
which
Post by Giampaolo Tomassoni
are unaware of it- would simply fail updating.
So instead of breaking only the really old clamav installs, you've broken
ALL the non-0.96 installs? Why break the 0.95 installs as well?
It is not something to do know, but instead something that could have been
done introducing 0.96...

Did you read all the post? You didn't, right?
Post by Giampaolo Tomassoni
And again, if the old versions keep running, but don't get updates, it is
a dis-service to those who think they are being protected but are not.
Most of them know exactly their AV is not up-to-date. Nevertheless, their
mail server works and only have to be careful opening new mail.

Can they prefer to take some risk and not pay someone to update their
systems?

Giampaolo

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Christopher X. Candreva
2010-04-16 16:32:16 UTC
Permalink
Post by Giampaolo Tomassoni
It is not something to do know, but instead something that could have been
done introducing 0.96...
Giampaolo: There are lots of things that COULD be done, but it is not the
philosophy of the ClamAV project.

As I said, the devs have made it clear in the past that they feel clamd
should fail to run on any problem. They also, it seems to me, have made it
clear they do not think people should run older versions, ever, for any
reason.

Therefor, this is my own statement and I don't want to put words in the devs
mouth, but the clear message I get from them is if you aren't the type of
admin who always installs the latest, then don't run Clamav. Period. It's
not the right thing for you.

And if it isn't their philosophy -- then IMHO it's the effective outcome, and
the advice I would give anyone thinking of running it. If you don't want to
install the latest when it comes out, pick something else.


==========================================================
Chris Candreva -- ***@westnet.com -- (914) 948-3162
WestNet Internet Services of Westchester
http://www.westnet.com/
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Giampaolo Tomassoni
2010-04-16 17:18:42 UTC
Permalink
Post by Christopher X. Candreva
Post by Giampaolo Tomassoni
It is not something to do know, but instead something that could have
been
Post by Giampaolo Tomassoni
done introducing 0.96...
Giampaolo: There are lots of things that COULD be done, but it is not the
philosophy of the ClamAV project.
As I said, the devs have made it clear in the past that they feel clamd
should fail to run on any problem. They also, it seems to me, have made it
clear they do not think people should run older versions, ever, for any
reason.
Therefor, this is my own statement and I don't want to put words in the devs
mouth, but the clear message I get from them is if you aren't the type of
admin who always installs the latest, then don't run Clamav. Period. It's
not the right thing for you.
Let me say first that the systems I manage, i.e.: the ones of my direct
clients, didn't even noticed this problem since they are all running 0.96
from a Gentoo distro.

I'm driven into this thread by a very different reason, which I believe is a
bit wider in meaning than ranting against imaginary culprits of my own
troubles. It is about open software and respect of the (mis?)use people do
of it.

The fact that old clamscans stop working because of a remote "kill" update,
is grave as it would be for Microsoft to stop 2000 from working with an
update. Yes, 2000 is a dangerous thing nowadays. But nevertheless who are
you to shut my computer?

Christopher, you may or may not be the ClamAV spokesman. Nevertheless I
would like to let the team know that the 0.96 case didn't create trouble to
administrators (whether or not "responsible"), but to open-software users. I
believe by the way a lot of "irresponsible" administrators are really happy
with the ClamAV team right now, since they are going to be hired to fix
troubles around or -even better- to install new stuff.

That said, please note it is not a matter of administration: most small
systems are basically unmanaged and owners do know they are not up-to-date
and that occasionally viruses may slip in. Owners simply feel this is worth
the fact they don't have to pay for any assistance. When too many viruses
gets to their mailbox, then they call somebody to fix things.

But if you stop their crappy mailing systems, they will switch to something
else.

Are developers willing this? I hope they're not.

Giampaolo

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Jim Preston
2010-04-16 18:41:30 UTC
Permalink
Post by Giampaolo Tomassoni
Post by Christopher X. Candreva
Post by Giampaolo Tomassoni
It is not something to do know, but instead something that could have
been
Post by Giampaolo Tomassoni
done introducing 0.96...
Giampaolo: There are lots of things that COULD be done, but it is
not
the
philosophy of the ClamAV project.
As I said, the devs have made it clear in the past that they feel clamd
should fail to run on any problem. They also, it seems to me, have
made
it
clear they do not think people should run older versions, ever, for any
reason.
Therefor, this is my own statement and I don't want to put words in
the
devs
mouth, but the clear message I get from them is if you aren't the
type
of
admin who always installs the latest, then don't run Clamav. Period. It's
not the right thing for you.
Let me say first that the systems I manage, i.e.: the ones of my direct
clients, didn't even noticed this problem since they are all running 0.96
from a Gentoo distro.
I'm driven into this thread by a very different reason, which I believe is a
bit wider in meaning than ranting against imaginary culprits of my own
troubles. It is about open software and respect of the (mis?)use people do
of it.
The fact that old clamscans stop working because of a remote "kill" update,
is grave as it would be for Microsoft to stop 2000 from working with an
update. Yes, 2000 is a dangerous thing nowadays. But nevertheless who are
you to shut my computer?
I guess you have never had a Microsoft update that broke your Windows
installation.......
Post by Giampaolo Tomassoni
Christopher, you may or may not be the ClamAV spokesman.
Nevertheless I
would like to let the team know that the 0.96 case didn't create trouble to
administrators (whether or not "responsible"), but to open-software users. I
believe by the way a lot of "irresponsible" administrators are
really happy
with the ClamAV team right now, since they are going to be hired to fix
troubles around or -even better- to install new stuff.
That said, please note it is not a matter of administration: most small
systems are basically unmanaged and owners do know they are not up-
to-date
and that occasionally viruses may slip in. Owners simply feel this is worth
the fact they don't have to pay for any assistance. When too many viruses
gets to their mailbox, then they call somebody to fix things.
But if you stop their crappy mailing systems, they will switch to something
else.
Are developers willing this? I hope they're not.
Giampaolo
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Giampaolo Tomassoni
2010-04-16 19:01:47 UTC
Permalink
Post by Jim Preston
Post by Giampaolo Tomassoni
The fact that old clamscans stop working because of a remote "kill" update,
is grave as it would be for Microsoft to stop 2000 from working with an
update. Yes, 2000 is a dangerous thing nowadays. But nevertheless who are
you to shut my computer?
I guess you have never had a Microsoft update that broke your Windows
installation.......
It happened, of course.

First, it wasn't the purpose of the update anyway: the system was probably
already compromised.

Second, it happened with workstations: most of the time the used had simply
to seat to another table to get back to work.

Also, if one has a couple of clustered servers and one gets scrambled, the
other may keep working. If you send a remote kill to a clustered system,
every and each member of the cluster stop working.

See how's different? You are putting at the same level an occasional,
unwanted broke and a targeted kill, but they are not the same thing.

Giampaolo

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Jim Preston
2010-04-16 18:30:23 UTC
Permalink
Post by Giampaolo Tomassoni
Post by Giampaolo Tomassoni
Post by Giampaolo Tomassoni
What if this DNS name stops responding (and be propagated to
mirrors)
and
Post by Giampaolo Tomassoni
instead a new current1.cvd.clamav.net (or maybe
current.cvd1.clamav.net if
Post by Giampaolo Tomassoni
you dislike the first) start working? Clamav's 0.96 could issue
requests to
Post by Giampaolo Tomassoni
that brand new name to get updates, while old clamav installations -
which
Post by Giampaolo Tomassoni
are unaware of it- would simply fail updating.
So instead of breaking only the really old clamav installs, you've broken
ALL the non-0.96 installs? Why break the 0.95 installs as well?
It is not something to do know, but instead something that could have been
done introducing 0.96...
Did you read all the post? You didn't, right?
Post by Giampaolo Tomassoni
And again, if the old versions keep running, but don't get updates,
it
is
a dis-service to those who think they are being protected but are not.
Most of them know exactly their AV is not up-to-date. Nevertheless, their
mail server works and only have to be careful opening new mail.
Can they prefer to take some risk and not pay someone to update their
systems?
Giampaolo
And if the server owners / sysadmins feel that sending mail is more
IMPORTANT than sending clean mail, they do not not need to install any
AV software and their mail system will happily send out all it's
mail....

Jim
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Giampaolo Tomassoni
2010-04-16 18:51:23 UTC
Permalink
Post by Jim Preston
And if the server owners / sysadmins feel that sending mail is more
IMPORTANT than sending clean mail, they do not not need to install any
AV software and their mail system will happily send out all it's
mail....
I guess around 25-50% of the malware is old, well-known one. So it is not
that silly to have an outdated AV running to lower the received one.

But anyway, we are speaking of stuff which worked. It wasn't perfect, but it
worked. And in this days the ClamAV staff decided to break it, without a
rationale close to the point.

Isn't this weird? Is clamav a trustable project? This is what a sysadmin may
end thinking next time he/she installs a new system.

Giampaolo

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Dave Warren
2010-04-16 19:19:39 UTC
Permalink
Post by Giampaolo Tomassoni
Post by Jim Preston
And if the server owners / sysadmins feel that sending mail is more
IMPORTANT than sending clean mail, they do not not need to install any
AV software and their mail system will happily send out all it's
mail....
I guess around 25-50% of the malware is old, well-known one. So it is not
that silly to have an outdated AV running to lower the received one.
But anyway, we are speaking of stuff which worked. It wasn't perfect, but it
worked. And in this days the ClamAV staff decided to break it, without a
rationale close to the point.
Isn't this weird? Is clamav a trustable project? This is what a sysadmin may
end thinking next time he/she installs a new system.
If ClamAV went the other direction and just left people hanging with a
false sense of security, all the while happily returning a "yup, not
infected" to every file with modernish malware in it, there would be
just as much "can I trust 'em?"

As far as whether or not you can trust ClamAV, if this was sprung upon
server operators without notice, that might be a consideration. It
wasn't.

The difference is that this screaming gets attention and gets the
attention of incompetently managed server operators so that things get
fixed.

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Jim Preston
2010-04-16 18:06:57 UTC
Permalink
Post by Giampaolo Tomassoni
Post by Török Edwin
Post by Giampaolo Tomassoni
Post by Török Edwin
I don't know of any way to stop freshclam from updating.
Some mirrors can blacklist old versions, but not most/all.
Using a new DNS tree, such that old freshclam versions were unable to
perform the job?
The DNS servers don't receive any information about the version of
freshclam used to perform the query.
The DNS request can go through many DNS caches...
So what?
current.cvd.clamav.net.
What if this DNS name stops responding (and be propagated to
mirrors) and
instead a new current1.cvd.clamav.net (or maybe
current.cvd1.clamav.net if
you dislike the first) start working? Clamav's 0.96 could issue requests to
that brand new name to get updates, while old clamav installations -
which
are unaware of it- would simply fail updating.
They would probably scream error messages in big letters in their logs, but
their clamscan would keep running...
Please also note that the fact that "[clamscan will stop working] was
clearly stated" (if any) may have a meaning in a lawsuit. But it is not an
excuse (in the world of the open software) if any other way to have a
forward- and backward-compatible solution is available...
I personally I'm sure I'm not going to file a lawsuit against
anybody, since
I have cutes 0.96 up and running in the servers I directly manage. Nor I'm
going to switch, also because I often have more than one AV running in my
mail servers.
Nevertheless, a *lot* of people will abandon clamav in favor of some
pay-per-clean solution (which may even not be a 3D System, after all).
Was this the purpose?
Giampaolo
Then that is their choice and when it fails, they can bitch to the
developers of that system and switch to another vendor .......

Jim
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Giampaolo Tomassoni
2010-04-16 18:25:55 UTC
Permalink
Post by Jim Preston
Post by Giampaolo Tomassoni
Was this the purpose?
Giampaolo
Then that is their choice and when it fails, they can bitch to the
developers of that system and switch to another vendor .......
Apart the fact that open software is not yet-another-vendor. It is a
culture.

The way the clamav team managed this case hits the open software community
as a whole, being the ClamAV project a well-known member of that community.

Giampaolo

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Jim Preston
2010-04-16 18:57:28 UTC
Permalink
Post by Giampaolo Tomassoni
Post by Jim Preston
Post by Giampaolo Tomassoni
Was this the purpose?
Giampaolo
Then that is their choice and when it fails, they can bitch to the
developers of that system and switch to another vendor .......
Apart the fact that open software is not yet-another-vendor. It is a
culture.
No, ClamAV is a VENDOR that happens to be part of the open software
community.

There have been numerous pieces of software that I have used over the
years that have died on the vine and no longer suitable for new
systems. Do I rant at them that they MUST provide me with a new
version, no, I deal with it. Either building my own from sources or
moving on to a new piece of software.....
Post by Giampaolo Tomassoni
The way the clamav team managed this case hits the open software community
as a whole, being the ClamAV project a well-known member of that community.
Yes, but not necessarily in a negative way...... One of the MAJOR
problems with Microsoft software is their insane insistence on
backwards compatibility. Sometimes it does not make sense to do so and
you just have to bite the bullet and let people know it will not work.
In Microsoft's case they simply fail to let people know...... in
addition to breaking it.
Post by Giampaolo Tomassoni
Giampaolo
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Giampaolo Tomassoni
2010-04-16 20:30:25 UTC
Permalink
Post by Jim Preston
Post by Giampaolo Tomassoni
Post by Jim Preston
Then that is their choice and when it fails, they can bitch to the
developers of that system and switch to another vendor .......
Apart the fact that open software is not yet-another-vendor. It is a
culture.
No, ClamAV is a VENDOR that happens to be part of the open software
community.
So ClamAV should obey to the rules governing the open-software community.

One is that everybody is free to run it own copy of the software, in
whichever shape he/she likes it.
Post by Jim Preston
There have been numerous pieces of software that I have used over the
years that have died on the vine and no longer suitable for new
systems. Do I rant at them that they MUST provide me with a new
version, no, I deal with it. Either building my own from sources or
moving on to a new piece of software.....
This is not a matter of missing upgrades. This is a matter of proactively
breaking running systems.

Jim, you keep adding apples and pears together. Aren't you starting feeling
the importance of what the ClamAV team wanted and let happen?
Post by Jim Preston
Post by Giampaolo Tomassoni
The way the clamav team managed this case hits the open software community
as a whole, being the ClamAV project a well-known member of that community.
Yes, but not necessarily in a negative way...... One of the MAJOR
problems with Microsoft software is their insane insistence on
backwards compatibility. Sometimes it does not make sense to do so and
you just have to bite the bullet and let people know it will not work.
In Microsoft's case they simply fail to let people know...... in
addition to breaking it.
This is a good point of view which I can easily endorse. But we are still
speaking of stopping working systems. We are not speaking about introducing
a backward incompatibility.

Giampaolo

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Eric Rostetter
2010-04-16 20:47:52 UTC
Permalink
Post by Giampaolo Tomassoni
Post by Jim Preston
No, ClamAV is a VENDOR that happens to be part of the open software
community.
So ClamAV should obey to the rules governing the open-software community.
One is that everybody is free to run it own copy of the software, in
whichever shape he/she likes it.
It isn't the software per se that is the problem, it is the virus
database subscription... If you want to maintain your own virus
database, you can run as old a version of clamav software as you want.

Asking clamav to support definitions for old versions is like asking
other vendors to keep supplying updates for old versions. At some point]
they stop providing updates. At some point, clamav stops providing updates.
If you don't want the updates, you can keep using the software, in both
cases.
Post by Giampaolo Tomassoni
This is not a matter of missing upgrades. This is a matter of proactively
breaking running systems.
By using their database updates, you agree to their terms... This is nothing
to do with the software. If it broke anything but the clamav software,
that is really your fault, not theirs.
Post by Giampaolo Tomassoni
This is a good point of view which I can easily endorse. But we are still
speaking of stopping working systems. We are not speaking about introducing
a backward incompatibility.
Actually, we are talking about both (breaking working clamav services
because of a backward incompatibility with new signatures). You can avoid
it by not using their new signatures, or by upgrading your clamav software.
Your choice.
Post by Giampaolo Tomassoni
Giampaolo
--
Eric Rostetter
The Department of Physics
The University of Texas at Austin

Go Longhorns!
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Jim Preston
2010-04-16 20:48:30 UTC
Permalink
Post by Giampaolo Tomassoni
Post by Jim Preston
Post by Giampaolo Tomassoni
Post by Jim Preston
Then that is their choice and when it fails, they can bitch to the
developers of that system and switch to another vendor .......
Apart the fact that open software is not yet-another-vendor. It is a
culture.
No, ClamAV is a VENDOR that happens to be part of the open software
community.
So ClamAV should obey to the rules governing the open-software
community.
One is that everybody is free to run it own copy of the software, in
whichever shape he/she likes it.
And you are free to do so, just as the developers are free to release
signatures that do not work with older versions. That is ALL that
happened. In doing so, clamd fails to be able to properly read the
database and fails.
Post by Giampaolo Tomassoni
Post by Jim Preston
There have been numerous pieces of software that I have used over the
years that have died on the vine and no longer suitable for new
systems. Do I rant at them that they MUST provide me with a new
version, no, I deal with it. Either building my own from sources or
moving on to a new piece of software.....
This is not a matter of missing upgrades. This is a matter of
proactively
breaking running systems.
They didn't, YOU did. You failed to properly configure your email to
handle a failure in clamd.
Were there many others like you who also failed to configure their
systems to handle a failure in clamd? Yes, but that again was their
decision as it was yours.
Post by Giampaolo Tomassoni
Jim, you keep adding apples and pears together. Aren't you starting feeling
the importance of what the ClamAV team wanted and let happen?
Yes, they were concerned that new signatures coming out are not
compatible with older versions, stated so, and sent one of them out.
You would be in exactly the same situation next month.....
The fact that they made a conscious decision to not have separate
signatures was THEIR decision to make and YOURS to ignore.
Post by Giampaolo Tomassoni
Post by Jim Preston
Post by Giampaolo Tomassoni
The way the clamav team managed this case hits the open software community
as a whole, being the ClamAV project a well-known member of that community.
Yes, but not necessarily in a negative way...... One of the MAJOR
problems with Microsoft software is their insane insistence on
backwards compatibility. Sometimes it does not make sense to do so and
you just have to bite the bullet and let people know it will not work.
In Microsoft's case they simply fail to let people know...... in
addition to breaking it.
This is a good point of view which I can easily endorse. But we are still
speaking of stopping working systems. We are not speaking about introducing
a backward incompatibility.
Yes we are, we are speaking of signatures that can not be handled by
versions older than 0.95. They decided to forego compatibility just as
YOU chose to ignore their warnings. And before we get back to "I
didn't know", as judges are quick to point out, ignorance of the law
(or in this case changes coming down the pike) is no excuse.
We are not trying to say you shouldn't feel bad about it sneaking up
on you, but that does not change the fact that the ClamAV team put out
notices 6 months ago that this would happen.
Post by Giampaolo Tomassoni
Giampaolo
Jim

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Chris Meadors
2010-04-16 20:53:17 UTC
Permalink
Post by Giampaolo Tomassoni
So ClamAV should obey to the rules governing the open-software community.
One is that everybody is free to run it own copy of the software, in
whichever shape he/she likes it.
You can use ClamAV how ever you like. You just can't use the new
signatures with versions older than 0.95. If you load a new signature
into an older version it will crash.

So if you want to use an older one, you can: 1. fix it so it doesn't
crash when fed a new format signature. 2. Stop updating signatures. 3.
Download the new signatures and remove the new style ones before
installing them.

None of those options will happen automatically. Anyone who has been
content to ignore the update requirements and continues to download new
signatures will be faced with a crashing clamd. The ClamAV team just
chose to make it crash with a meaningful message.
Post by Giampaolo Tomassoni
This is not a matter of missing upgrades. This is a matter of proactively
breaking running systems.
Exactly. They proactively broke the scanner so people would know why it
broke, rather than letting it die with nothing more than an obscure
malformatted hexstring error.
--
Chris

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Jim Preston
2010-04-16 17:47:24 UTC
Permalink
Post by Giampaolo Tomassoni
The problem here is that old clamav versions have stopped working at all.
Wasn't it better to instead have freshclam to stop updating the database?
Please note freshclam is very used to issue alerts when new clamav versions
are available, but this didn't ever stop clamav from working. People may
have assumed that this would have been the clamav behavior at EOL deadline,
thereby underestimating the matter.
The sysadmins could have done this by turning off freshclam...... and
saved themselves from having to deal with the upgrade.....
Jim
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Giampaolo Tomassoni
2010-04-16 18:16:59 UTC
Permalink
Post by Jim Preston
The sysadmins could have done this by turning off freshclam...... and
saved themselves from having to deal with the upgrade.....
Who is the sysadmin of an unmanaged box?

If nobody had to turn off freshclam, why clamscan had to stop working?

In this thread I'm seeing a lot of people blaming the sysadmin. Is it
crowded by sysadmins who like to show they are much more competent than
their colleagues?

Why nobody from the ClamAV team likes to explain to *users* why they decided
to stop their own working clamscan, when there were tons of suitable
alternatives?

Nobody here gave a serious rationale about it. The way "sysadmins" are
attacked here, seems to me that the 0.96 case has nothing to do with open
software, but instead with marketing.

So please, the genius in the management who came out with this smart idea
may please came out and explain to us the why? Many people already know the
when...

Giampaolo

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Eric Rostetter
2010-04-16 18:44:40 UTC
Permalink
Post by Giampaolo Tomassoni
Post by Jim Preston
The sysadmins could have done this by turning off freshclam...... and
saved themselves from having to deal with the upgrade.....
Who is the sysadmin of an unmanaged box?
There should be no un-managed boxes on the network...
Post by Giampaolo Tomassoni
If nobody had to turn off freshclam, why clamscan had to stop working?
Did clamscan stop working, or only clamd?
Post by Giampaolo Tomassoni
In this thread I'm seeing a lot of people blaming the sysadmin. Is it
crowded by sysadmins who like to show they are much more competent than
their colleagues?
Yes, of course it is.
Post by Giampaolo Tomassoni
Why nobody from the ClamAV team likes to explain to *users* why they decided
to stop their own working clamscan, when there were tons of suitable
alternatives?
They did. Right here on this list. Starting about 6 months ago.

Why didn't these *users* bother to read and comment on it during the
last 6 months?
Post by Giampaolo Tomassoni
So please, the genius in the management who came out with this smart idea
may please came out and explain to us the why? Many people already know the
when...
Check the mailing list archives...
Post by Giampaolo Tomassoni
Giampaolo
--
Eric Rostetter
The Department of Physics
The University of Texas at Austin

Go Longhorns!
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Giampaolo Tomassoni
2010-04-16 19:24:40 UTC
Permalink
Post by Eric Rostetter
Post by Giampaolo Tomassoni
Post by Jim Preston
The sysadmins could have done this by turning off freshclam......
and
Post by Giampaolo Tomassoni
Post by Jim Preston
saved themselves from having to deal with the upgrade.....
Who is the sysadmin of an unmanaged box?
There should be no un-managed boxes on the network...
There shouldn't even be syadmin. But then? Show me an RFC that states that
no un-managed box can be in the 'net: I'll show you one which prohibits the
presence of sysadmins in the world...
Post by Eric Rostetter
Post by Giampaolo Tomassoni
If nobody had to turn off freshclam, why clamscan had to stop
working?
Did clamscan stop working, or only clamd?
I don't know it for sure. I know clamd stopped working, but I guess also
clamscan, since in the troubled installs I heard they use amavisd-new. Maybe
I'm wrong, but the amavisd-new's default config has clamd as primary scanner
and clamscan as backup one.
Post by Eric Rostetter
Post by Giampaolo Tomassoni
In this thread I'm seeing a lot of people blaming the sysadmin. Is it
crowded by sysadmins who like to show they are much more competent
than
Post by Giampaolo Tomassoni
their colleagues?
Yes, of course it is.
Which is wrong, anyway. Since nobody is perfect, instead of pointing out the
other's mistake (if any) sysadmins should co-operate. Otherwise others may
gain some advantages by adopting the "divide et impera" paradigm...
Post by Eric Rostetter
Post by Giampaolo Tomassoni
Why nobody from the ClamAV team likes to explain to *users* why they
decided
Post by Giampaolo Tomassoni
to stop their own working clamscan, when there were tons of suitable
alternatives?
They did. Right here on this list. Starting about 6 months ago.
Why didn't these *users* bother to read and comment on it during the
last 6 months?
Post by Giampaolo Tomassoni
So please, the genius in the management who came out with this smart
idea
Post by Giampaolo Tomassoni
may please came out and explain to us the why? Many people already
know the
Post by Giampaolo Tomassoni
when...
Check the mailing list archives...
Let me see: I subscribed to this list in Nov 2009. I need more time to fetch
it.


Giampaolo

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Jim Preston
2010-04-16 19:36:23 UTC
Permalink
Post by Giampaolo Tomassoni
Post by Eric Rostetter
Check the mailing list archives...
Let me see: I subscribed to this list in Nov 2009. I need more time to fetch
it.
Giampaolo
Then how could you possibly have missed the announcement that clamd
installations will be disabled?

Starting from 15 April 2010 our CVD will contain a special signature
which disables all clamd installations older than 0.95 - that is to say
older than 1 year.
This move is needed to push more people to upgrade to 0.95 .
We would like to keep on supporting all old versions of our engine, but
unfortunately this is no longer possible without causing a disservice to
people running a recent release of ClamAV.
The traffic generated by a full CVD download, as opposed to an
incremental update, cannot be sustained by our mirrors.

Jim
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Eric Rostetter
2010-04-16 19:42:55 UTC
Permalink
Post by Giampaolo Tomassoni
Post by Eric Rostetter
Post by Giampaolo Tomassoni
In this thread I'm seeing a lot of people blaming the sysadmin. Is it
crowded by sysadmins who like to show they are much more competent
than
Post by Giampaolo Tomassoni
their colleagues?
Yes, of course it is.
Which is wrong, anyway. Since nobody is perfect, instead of pointing out the
other's mistake (if any) sysadmins should co-operate. Otherwise others may
gain some advantages by adopting the "divide et impera" paradigm...
Pointing out that they are wrong, why they are wrong, and how they should
do things instead _IS_ helping them. That is the way people work, that
is the way people learn, that is how wrong situations get corrected.

Now, should they do that in a nice, polite way. Yes. Do they often
do it in a rude or condescending way instead. Unfortunately yes. That
is perhaps the part that needs fixing.
Post by Giampaolo Tomassoni
Post by Eric Rostetter
Check the mailing list archives...
Let me see: I subscribed to this list in Nov 2009. I need more time to fetch
it.
If you subscribed to it in Nov. 2009 and have been reading it, then you
should have known about this issue, and how to avoid any problems. So there
should be no problem.
Post by Giampaolo Tomassoni
Giampaolo
--
Eric Rostetter
The Department of Physics
The University of Texas at Austin

Go Longhorns!
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Jim Preston
2010-04-16 18:51:53 UTC
Permalink
Post by Giampaolo Tomassoni
Post by Jim Preston
The sysadmins could have done this by turning off freshclam...... and
saved themselves from having to deal with the upgrade.....
Who is the sysadmin of an unmanaged box?
The person who setup it up or the manager that decided that a single
visit from a consultant was sufficient.
Post by Giampaolo Tomassoni
If nobody had to turn off freshclam, why clamscan had to stop working?
In this thread I'm seeing a lot of people blaming the sysadmin. Is it
crowded by sysadmins who like to show they are much more competent than
their colleagues?
Why, because all the whiners on the list have gotten the ire up listen
to people whine that their (making an analogy here) 10 year old car
they have not changed the oil or air filter or spark plugs in since
they bought from the dealer has not stopped working.
Post by Giampaolo Tomassoni
Why nobody from the ClamAV team likes to explain to *users* why they decided
to stop their own working clamscan, when there were tons of suitable
alternatives?
Because they used this solution to the problem which is their choice.
I personally do not let my ClamAV get more than 1 major revision
behind. And before you go on as say that is because I run new hardware
and distributions, I do not. My current OS is has not been supported
by the vendor in a LONG time. What does this mean to me? It means that
I AM responsible now for making sure all is well and requires more
attention from me. If owners want "unmanaged" systems, they should use
the money they are saving on management and upgrade the hardware /
software every couple of years. Then the systems can remain happily
unmanaged. If they want to have unmanaged systems AND no
responsiblilty.... well I want to be a billionaire but I do not
believe it is just going to happen......
Post by Giampaolo Tomassoni
Nobody here gave a serious rationale about it. The way "sysadmins" are
attacked here, seems to me that the 0.96 case has nothing to do with open
software, but instead with marketing.
So please, the genius in the management who came out with this smart idea
may please came out and explain to us the why? Many people already know the
when...
Giampaolo
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Giampaolo Tomassoni
2010-04-16 19:33:40 UTC
Permalink
Post by Giampaolo Tomassoni
Post by Giampaolo Tomassoni
If nobody had to turn off freshclam, why clamscan had to stop
working?
Post by Giampaolo Tomassoni
In this thread I'm seeing a lot of people blaming the sysadmin. Is it
crowded by sysadmins who like to show they are much more competent than
their colleagues?
Why, because all the whiners on the list have gotten the ire up listen
to people whine that their (making an analogy here) 10 year old car
they have not changed the oil or air filter or spark plugs in since
they bought from the dealer has not stopped working.
(Entering analogy more me too, then) If that car stops working because it
has enough, it is fine. If it stops because somebody put the sugar in the
reservoir, that's another. A remote 'kill' is like putting sugar in the
reservoir of an almost exhausted car. It is sabotage, not natural death...
Post by Giampaolo Tomassoni
Post by Giampaolo Tomassoni
Why nobody from the ClamAV team likes to explain to *users* why they decided
to stop their own working clamscan, when there were tons of suitable
alternatives?
Because they used this solution to the problem which is their choice.
I personally do not let my ClamAV get more than 1 major revision
behind. And before you go on as say that is because I run new hardware
and distributions, I do not. My current OS is has not been supported
by the vendor in a LONG time. What does this mean to me? It means that
I AM responsible now for making sure all is well and requires more
attention from me. If owners want "unmanaged" systems, they should use
the money they are saving on management and upgrade the hardware /
software every couple of years. Then the systems can remain happily
unmanaged. If they want to have unmanaged systems AND no
responsiblilty.... well I want to be a billionaire but I do not
believe it is just going to happen......
This is fine if age causes failure. It is not if someone purposely causes
the failure. And, by the way, I still have to understand the real purpose of
all this.

Giampaolo
Post by Giampaolo Tomassoni
Post by Giampaolo Tomassoni
Nobody here gave a serious rationale about it. The way "sysadmins"
are
Post by Giampaolo Tomassoni
attacked here, seems to me that the 0.96 case has nothing to do with open
software, but instead with marketing.
So please, the genius in the management who came out with this smart idea
may please came out and explain to us the why? Many people already know the
when...
Giampaolo
_______________________________________________
Help us build a comprehensive ClamAV guide: visit
http://wiki.clamav.net
Post by Giampaolo Tomassoni
http://www.clamav.net/support/ml
_______________________________________________
Help us build a comprehensive ClamAV guide: visit
http://wiki.clamav.net
http://www.clamav.net/support/ml
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Jerry
2010-04-16 18:52:47 UTC
Permalink
On Fri, 16 Apr 2010 20:16:59 +0200, Giampaolo Tomassoni
Post by Giampaolo Tomassoni
Post by Jim Preston
The sysadmins could have done this by turning off freshclam......
and saved themselves from having to deal with the upgrade.....
Who is the sysadmin of an unmanaged box?
Not me!
Post by Giampaolo Tomassoni
If nobody had to turn off freshclam, why clamscan had to stop working?
Have you actually been reading and comprehending what has been stated
in this thread?
Post by Giampaolo Tomassoni
In this thread I'm seeing a lot of people blaming the sysadmin. Is it
crowded by sysadmins who like to show they are much more competent
than their colleagues?
Who should I blame, my barber? The SA has primary responsibility for
his/her system. It would be ludicrous to attempt to pass the blame onto
someone else.
Post by Giampaolo Tomassoni
Why nobody from the ClamAV team likes to explain to *users* why they
decided to stop their own working clamscan, when there were tons of
suitable alternatives?
They have explained it, you just choose to not listen or accept their
explanation.
Post by Giampaolo Tomassoni
Nobody here gave a serious rationale about it. The way "sysadmins" are
attacked here, seems to me that the 0.96 case has nothing to do with
open software, but instead with marketing.
Who has been attacked? Certainly not competent SAs. Conversely, SAs who
would rather procrastinate than keep their systems up-to-date are openly
criticizing the ClamAV team for a decision that was theirs to make. In
today's culture, blaming others for our mistakes does seem to be the
norm.
Post by Giampaolo Tomassoni
So please, the genius in the management who came out with this smart
idea may please came out and explain to us the why? Many people
already know the when...
They all ready have explained their reasoning. How many times must they
reiterate it before you comprehend what they are saying? It has come to
the point now that all you are doing is "beating a dead horse."
--
Jerry
***@seibercom.net

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the Reply-To header.
__________________________________________________________________

"Surely you can't be serious."
"I am serious, and don't call me Shirley."
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Giampaolo Tomassoni
2010-04-16 19:56:39 UTC
Permalink
Post by Giampaolo Tomassoni
Post by Giampaolo Tomassoni
If nobody had to turn off freshclam, why clamscan had to stop
working?
Have you actually been reading and comprehending what has been stated
in this thread?
Yes, I did. Did you? If you know, just tell me why.
Post by Giampaolo Tomassoni
Post by Giampaolo Tomassoni
In this thread I'm seeing a lot of people blaming the sysadmin. Is it
crowded by sysadmins who like to show they are much more competent
than their colleagues?
Who should I blame, my barber? The SA has primary responsibility for
his/her system. It would be ludicrous to attempt to pass the blame onto
someone else.
The ClamAV team have commanded old versions of its product to stop working.
Not even Microsoft do this. And an inexistent SA has to be blamed for this?
It maybe, but because it trusted the ClamAV project, not because he/she
didn't manage something that he/she didn't have to...

But imagine that the SA is a horrible and ugly person, who takes the money
and don't care to give a decent work in return. Even in that case the ClamAV
team should have refrained from stopping that working system. I can't
understand why you have difficulties in understanding this. One can't simply
go and turn stuff off at will.
Post by Giampaolo Tomassoni
Post by Giampaolo Tomassoni
Why nobody from the ClamAV team likes to explain to *users* why they
decided to stop their own working clamscan, when there were tons of
suitable alternatives?
They have explained it, you just choose to not listen or accept their
explanation.
Nono. They haven't. There is no single work about the rationale which drove
to the 0.96 case. I mean, a technical reason which says that the way this
was handled was the only feasible way to do it. It had been said this was to
alleviate the servers load (play with dns, then!), it had been said that the
ClamAV team don't owe anything to its users. It had been a lot of things
against bad sysadmins as opposed to good ones.

All, but the rationale.
Post by Giampaolo Tomassoni
Post by Giampaolo Tomassoni
Nobody here gave a serious rationale about it. The way "sysadmins"
are
Post by Giampaolo Tomassoni
attacked here, seems to me that the 0.96 case has nothing to do with
open software, but instead with marketing.
Who has been attacked? Certainly not competent SAs. Conversely, SAs who
would rather procrastinate than keep their systems up-to-date are openly
criticizing the ClamAV team for a decision that was theirs to make. In
today's culture, blaming others for our mistakes does seem to be the
norm.
Oh, came on. Proactively shutting down software is not something like "you
knew that could happen"...
Post by Giampaolo Tomassoni
Post by Giampaolo Tomassoni
So please, the genius in the management who came out with this smart
idea may please came out and explain to us the why? Many people
already know the when...
They all ready have explained their reasoning. How many times must they
reiterate it before you comprehend what they are saying? It has come to
the point now that all you are doing is "beating a dead horse."
Do, you mean management is behind this?


Giampaolo

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Christopher X. Candreva
2010-04-16 20:00:21 UTC
Permalink
Post by Giampaolo Tomassoni
The ClamAV team have commanded old versions of its product to stop working.
I would not describe what they did that way.

Older versions of clamd were going to crash on signatures that newer
versions would accept, and the devs have been prevented for at least 6
months from using that type of signature. They have posted since then for
people to upgrade.

When they did was publish this type of signature (has to do with length,
greater than about 900bytes), where the signature itself is an error
message, so when the program dumped the signature the error would be
displayed.

That's all, not a kill switch as such, but using a known bug to deliver a
message, rather than have it just bomb out with a hex dump when they tried
to use a larger signature.


==========================================================
Chris Candreva -- ***@westnet.com -- (914) 948-3162
WestNet Internet Services of Westchester
http://www.westnet.com/
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Chris Meadors
2010-04-16 20:14:30 UTC
Permalink
Post by Christopher X. Candreva
Older versions of clamd were going to crash on signatures that newer
versions would accept, and the devs have been prevented for at least 6
months from using that type of signature. They have posted since then for
people to upgrade.
When they did was publish this type of signature (has to do with length,
greater than about 900bytes), where the signature itself is an error
message, so when the program dumped the signature the error would be
displayed.
That's all, not a kill switch as such, but using a known bug to deliver a
message, rather than have it just bomb out with a hex dump when they tried
to use a larger signature.
Exactly!

Again, one of the first messages today showed exactly that. The error
message which it dies with is:

cli_hex2str(): Malformed hexstring: This ClamAV version has reached End
of Life! Please upgrade to version 0.95 or later. For more information
see www.clamav.net/eol-clamav-094 and www.clamav.net/download

As you can see there isn't a "kill switch", but a bug in the parser 0.94
which doesn't handle the type of signature which they plan to use in the
future. 0.95 just ignores this new signature, as it will do with the
actual malware signatures which will be coming soon.
--
Chris

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Jason Bertoch
2010-04-16 20:08:55 UTC
Permalink
Post by Giampaolo Tomassoni
The ClamAV team have commanded old versions of its product to stop working.
Not even Microsoft do this.
I can't tell you how many support calls I've received over the years
with people saying "my Internet stopped working" and it was due to their
Norton or McAfee license expiring.

As someone so eloquently stated earlier, your clamav<0.95 license has
expired. It's as simple as that.

If you felt other consequences, like mail stopped flowing, change your
mail config to fail-open rather than fail-closed. Your mail config is
simply not anyone else's responsibility.
--
/Jason
Jerry
2010-04-16 20:24:11 UTC
Permalink
On Fri, 16 Apr 2010 21:56:39 +0200, Giampaolo Tomassoni
<***@Tomassoni.biz> articulated:

[snip]

Obviously, you are choosing to be dense. The bottom line is that the
particulars regarding this event were published. Whether or not you
availed yourself of that notification is immaterial. There was not
anything nefarious in the ClamAV team's actions. You have obviously
bought into the shibboleth that software authors, distributors, etc must
adhere to your specifications. Your rantings against them have turned
puerile.

Your server(s) are your responsibility. That responsibility includes
keeping abreast of events that might adversely affect them. Obviously,
at least to me, that would include the software installed on said
machines. I subscribe to every major software forum for the software
installed on my machines. It is part of my job description. If you are
too busy to keep abreast of the latest developments regarding your
system, or unwilling to do what is required to keep your system
fully functional and assuming others are dependent upon you doing so,
then perhaps it is time to start looking for a new line of work.
--
Jerry
***@seibercom.net

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the Reply-To header.
__________________________________________________________________

Say no, then negotiate.

Helga
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Chuck Swiger
2010-04-16 18:57:53 UTC
Permalink
Post by Giampaolo Tomassoni
Post by Jim Preston
The sysadmins could have done this by turning off freshclam...... and
saved themselves from having to deal with the upgrade.....
Who is the sysadmin of an unmanaged box?
The owner of the box. They may not be qualified to manage the machine, but computers don't plug themselves into the network-- every machine belongs to someone who pays for electrical power and network connectivity.
Post by Giampaolo Tomassoni
If nobody had to turn off freshclam, why clamscan had to stop working?
Sufficiently old versions of ClamAV don't work with all of the current signatures, and bugs in these old versions prevent the ClamAV team from writing more complex signatures that they would like to use.

ClamAV isn't different from other anti-virus software or security mechanisms in general. If the software is too old, it doesn't provide useful protection from current malware. If you've ever administered an older Windows box at some client site, it's not uncommon to find a 3-year out-of-date antivirus install that either has been logging complaints for ages, or has been disabled completely because the local user got tired of being nagged about the outdated version.

It's also not uncommon to find such machines infected six ways from Sunday.

Regards,
--
-Chuck

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Giampaolo Tomassoni
2010-04-16 20:42:06 UTC
Permalink
Post by Chuck Swiger
Post by Giampaolo Tomassoni
Post by Jim Preston
The sysadmins could have done this by turning off freshclam......
and
Post by Giampaolo Tomassoni
Post by Jim Preston
saved themselves from having to deal with the upgrade.....
Who is the sysadmin of an unmanaged box?
The owner of the box. They may not be qualified to manage the machine,
but computers don't plug themselves into the network-- every machine
belongs to someone who pays for electrical power and network
connectivity.
What if your PS3 stops working because the maker thinks it is a too-old
model to still go?
Post by Chuck Swiger
Post by Giampaolo Tomassoni
If nobody had to turn off freshclam, why clamscan had to stop
working?
Sufficiently old versions of ClamAV don't work with all of the current
signatures, and bugs in these old versions prevent the ClamAV team from
writing more complex signatures that they would like to use.
Just prevent old versions from upgrading. It is not that difficult.
Post by Chuck Swiger
ClamAV isn't different from other anti-virus software or security
mechanisms in general. If the software is too old, it doesn't provide
useful protection from current malware. If you've ever administered an
older Windows box at some client site, it's not uncommon to find a 3-
year out-of-date antivirus install that either has been logging
complaints for ages, or has been disabled completely because the local
user got tired of being nagged about the outdated version.
Infact I did find stuff like that. I also found expired Norton AVs that
messed the OS when uninstalled (probably the uninstaller didn't made a very
clean job)...

I was very happy to find an open-source AV product in internet, because I
had the feeling that it was the right solution to avoid that crap in mission
critical applications.

I'm know a bit uncomfortable with the idea that the ClamAV team can so
easily "unplug the wire". When there are other ways to do the same with few
more effort, if at all, too.
Post by Chuck Swiger
It's also not uncommon to find such machines infected six ways from Sunday.
If one can't afford the upgrade, let him/her live the way he/she can. Come
on...

Giampaolo

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Eric Rostetter
2010-04-16 20:56:06 UTC
Permalink
Post by Giampaolo Tomassoni
I'm know a bit uncomfortable with the idea that the ClamAV team can so
easily "unplug the wire". When there are other ways to do the same with few
more effort, if at all, too.
So am I. And I'm a little uncomfortable that I didn't suggest other
ways to accomplish this when they first announced this and asked
for feedback. And I'm a lot uncomfortable about all the other people
who are so upset now who also never spoke up when asked to. It is
our fault for not speaking up when asked to, for not complaining when
this was announced, for keeping quiet each time they told us repeatedly
this was coming. It is not their fault for doing something they told
us they were going to do and we didn't have the smarts to reply to or
suggest alternative to. It is our fault, so lets own up and take the
responsibility, and not blame them for our failings.

It reminds me of the people who don't vote, then complain about who
was elected...
Post by Giampaolo Tomassoni
Giampaolo
--
Eric Rostetter
The Department of Physics
The University of Texas at Austin

Go Longhorns!
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Rick Cooper
2010-04-16 20:47:35 UTC
Permalink
----Original Message----
From: clamav-users-***@lists.clamav.net
[mailto:clamav-users-***@lists.clamav.net] On Behalf Of Giampaolo
Tomassoni Sent: Friday, April 16, 2010 2:17 PM To: 'ClamAV users ML'
Subject: Re: [Clamav-users] The EOL tweets
Post by Giampaolo Tomassoni
Post by Jim Preston
The sysadmins could have done this by turning off freshclam...... and
saved themselves from having to deal with the upgrade.....
Who is the sysadmin of an unmanaged box?
If nobody had to turn off freshclam, why clamscan had to stop working?
In this thread I'm seeing a lot of people blaming the sysadmin. Is it
crowded by sysadmins who like to show they are much more competent than
their colleagues?
Why nobody from the ClamAV team likes to explain to *users* why they decided
to stop their own working clamscan, when there were tons of suitable
alternatives?
Nobody here gave a serious rationale about it. The way "sysadmins" are
attacked here, seems to me that the 0.96 case has nothing to do with open
software, but instead with marketing.
So please, the genius in the management who came out with this smart idea
may please came out and explain to us the why? Many people already know the
when...
Giampaolo
http://www.clamav.net/eol-clamav-094/


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.


_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Aecio F. Neto
2010-04-16 12:58:17 UTC
Permalink
Post by Gareth Hopkins
On Fri, Apr 16, 2010 at 1:15 PM, Giampaolo Tomassoni <
Post by Giampaolo Tomassoni
Post by Steve Basford
Hi,
Just for interest.. feedback on EOL...
http://search.twitter.com/search?q=clamav
Indeed, an EOL on the previous minor version is quite an hazard and may
be
Post by Giampaolo Tomassoni
regarded as a self-destructive behavior: it could easily became an
End-Of-(product-)Line, meaning that people will switch to something more
"serious"...
Was that the purpose?
Why is there so much bitching about this ? The original announcement was
made on the 6th October last year.
http://lists.clamav.net/lurker/message/20091006.143601.d27bbd20.en.htmlalong
with multiple reminders so people
have had over 6 months to upgrade.
I use clamav, I think it is great and I recommend it to all my customers.

Even though, I do not agree with fact that a vendor (open source or not)
disable and break services on my endpoint.
There are many other ways to do it and this is bad for the endpoint and for
the vendor.

Team should review this practice, no matter if they announce it earlier or
not.
Post by Gareth Hopkins
Any proactive admin should be monitoring their software mailing lists so the
excuse of "We weren't told" or "Why all of
a sudden" are null and void.
This seems to me as: "you are not a proactive admin and you will pay the
price then...".

There can be old installations that are running ok and admin do not want to
upgrade the server at that moment or cannot do that at that moment.
It is up to each one to decide when to do it.

Regards.
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Jim Preston
2010-04-16 17:54:03 UTC
Permalink
Post by Aecio F. Neto
This seems to me as: "you are not a proactive admin and you will pay the
price then...".
There can be old installations that are running ok and admin do not want to
upgrade the server at that moment or cannot do that at that moment.
It is up to each one to decide when to do it.
Regards.
They certainly had the option, on April 14th, they could have turned
off freshclam and run happily ever after.....

Jim
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Francesco Peeters
2010-04-16 11:51:45 UTC
Permalink
Post by Giampaolo Tomassoni
Post by Steve Basford
Hi,
Just for interest.. feedback on EOL...
http://search.twitter.com/search?q=clamav
Indeed, an EOL on the previous minor version is quite an hazard and may be
regarded as a self-destructive behavior: it could easily became an
End-Of-(product-)Line, meaning that people will switch to something more
"serious"...
Was that the purpose?
Giampaolo
How long back do McAfee or Norton, etc. support their clients? Only
difference (aside from the fact you have to pay them for the privilege)
is they just force the upgrade on you during the standard upgrades, no
matter how inconvenient it may be... ClamAV gives you 6 months... Now
which one is more appreciative of the issues system admins may face when
upgrading software?

--FP
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Simon Hobson
2010-04-16 12:29:10 UTC
Permalink
Post by Francesco Peeters
How long back do McAfee or Norton, etc. support their clients? Only
difference (aside from the fact you have to pay them for the privilege)
is they just force the upgrade on you during the standard upgrades, no
matter how inconvenient it may be... ClamAV gives you 6 months... Now
which one is more appreciative of the issues system admins may face when
upgrading software?
Well my experience over 20+ years ...

No, I've never had my commercial AV licenced software "turned off"
with no warning.

Forget the 6 months stuff, this was NO WARNING to most people. If
you'd given 6 months notice then I'd have had grounds for going to
management and making sure I had the resources to do something about
it - I'm running Debian Sarge so it's not a matter of just using the
Volatile repo.

At no point have I seen anything in the logs on my servers to say it
was going to be turned off. Like many others, the first I knew was
when I got to work this morning and the server wasn't working.
--
Simon Hobson

Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
author Gladys Hobson. Novels - poetry - short stories - ideal as
Christmas stocking fillers. Some available as e-books.
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Eric Rostetter
2010-04-16 15:38:07 UTC
Permalink
Post by Simon Hobson
At no point have I seen anything in the logs on my servers to say it
was going to be turned off. Like many others, the first I knew was
when I got to work this morning and the server wasn't working.
Because they should have obviously jumped in the way-back-machine
and changed the 5 year old software you use to warn you about a future
event that wasn't known 5 years ago?

Or because they should have hacked into your machine and placed the notice
there for you?

Or should they have gone personally to your house last night and knocked
on your door to tell you?

How do you expect them to tell everyone who downloaded their free software
without registration 5 years ago about a new event? Other than the officially
supported methods of their web site and their email lists? I suppose they
could have tried to hold a press conference, but even if the press showed
up, chances of you seeing it in the news would be small...

As soon as you come up with a better alternative, I'll agree with you.
Until then, I can only believe you are wrong.

Again, do I like what they did? No. Do I understand why they did it? Yes.

Again: it is no better to let someone think they are protected when they
are not, then it is to remove all protection so they know they are
unprotected and can take action to protect themselves again.
--
Eric Rostetter
The Department of Physics
The University of Texas at Austin

Go Longhorns!
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Leonardo Rodrigues
2010-04-16 12:03:27 UTC
Permalink
Post by Giampaolo Tomassoni
Indeed, an EOL on the previous minor version is quite an hazard and may be
regarded as a self-destructive behavior: it could easily became an
End-Of-(product-)Line, meaning that people will switch to something more
"serious"...
this is the first time, in SEVERAL years that i work with IT, that
i've seen a software publisher pushing a 'kill' signature to its own
software.

it's VERY common in the software industry to stop supporting old
versions, but they simply stay working. They're outdated, unsupported,
but they keep working. I have a working Redhat 9 machine running until
today, despite the fact it's SEVERAL years unsupported and deprecated.
Is this the best thing to do ? No, absolutely not, i dont want credits
for that. But hey, it simply continue working.

clamav took a VERY bad move, there's absolutely no doubt on that.
This will surely affect the software credibility, as you can be sure
that LOTS and LOTS of email servers are broken since the signature was
published.

despite the fact there's was good reasons for doing that, it WAS a
VERY bad move IMHO.
--
Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
***@solutti.com.br
My SPAMTRAP, do not email it




_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Jerry
2010-04-16 14:20:04 UTC
Permalink
On Fri, 16 Apr 2010 09:03:27 -0300, Leonardo Rodrigues
Post by Leonardo Rodrigues
this is the first time, in SEVERAL years that i work with IT,
that i've seen a software publisher pushing a 'kill' signature to its
own software.
Could you please qualify that statement. Do you mean that this is the
first instance of this kind you have experienced in several years,
meaning of course that there is a precedence for it, or that it is the
fist time in the several years you have worked at your profession that
you have observed this behavior? Your statement, as it now stands, is
ambiguous.
Post by Leonardo Rodrigues
it's VERY common in the software industry to stop supporting old
versions, but they simply stay working. They're outdated,
unsupported, but they keep working. I have a working Redhat 9 machine
running until today, despite the fact it's SEVERAL years unsupported
and deprecated. Is this the best thing to do ? No, absolutely not, i
dont want credits for that. But hey, it simply continue working.
Many of use have taken that route as a 'stop gap' measure. However, to
instigate it as an official protocol is just asking for trouble. (Reread
this thread for further details)
Post by Leonardo Rodrigues
clamav took a VERY bad move, there's absolutely no doubt on
that. This will surely affect the software credibility, as you can be
sure that LOTS and LOTS of email servers are broken since the
signature was published.
Whether or not they make a bad decision is your unqualified opinion. In
addition, would you please be so kind as to qualify the "LOTS and LOTS"
with some actual documentation.
Post by Leonardo Rodrigues
despite the fact there's was good reasons for doing that, it WAS
a VERY bad move IMHO.
That statement is diabolically opposed to itself, although you did
qualify it with a "IMHO" disclaimer.

The bottom line is you did not pay for or (to the best of my knowledge)
develop this software. You have no standing on the matter of how the
ClamAV team distributes it product.

The ClamAV team choose to take the advice of Ricky Nelson, "You can't
please everyone so you have got to please yourself." Now that is the bottom line.
--
Jerry
***@seibercom.net

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the Reply-To header.
__________________________________________________________________

The first guy that rats gets a bellyful of slugs in the head.
Understand?

Joey Glimco, trade unionist
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Giampaolo Tomassoni
2010-04-16 15:05:42 UTC
Permalink
Post by Jerry
Post by Leonardo Rodrigues
this is the first time, in SEVERAL years that i work with IT,
that i've seen a software publisher pushing a 'kill' signature to its
own software.
Could you please qualify that statement. Do you mean that this is the
first instance of this kind you have experienced in several years,
meaning of course that there is a precedence for it, or that it is the
fist time in the several years you have worked at your profession that
you have observed this behavior? Your statement, as it now stands, is
ambiguous.
He is CLEARLY stating that he is several years he is working in IT, and that
during his multi-year professional work he never saw a software publisher
pushing a kill signature.

What do you have to disambiguate?
Post by Jerry
Post by Leonardo Rodrigues
it's VERY common in the software industry to stop supporting old
versions, but they simply stay working. They're outdated,
unsupported, but they keep working. I have a working Redhat 9 machine
running until today, despite the fact it's SEVERAL years unsupported
and deprecated. Is this the best thing to do ? No, absolutely not, i
dont want credits for that. But hey, it simply continue working.
Many of use have taken that route as a 'stop gap' measure. However, to
instigate it as an official protocol is just asking for trouble. (Reread
this thread for further details)
Was the 'stop gap' really useful? To which purpose? Did the ClamAV team
meant to stop old installations to work, in order to silence competitors?
Perhaps to teach to clamav users about the very complex nature of today
systems and services?

Unfortunately, the net result will be that the management of the small
companies running their crappy and old mailing systems will have to hardly
face the fact their mailing box doesn't work anymore because a free
component in it unreasonably stopped working. This will decrease their trust
about free software: they are going to buy a new computer running Microsoft
Exchange Server backed by something else then ClamAV...
Post by Jerry
Post by Leonardo Rodrigues
clamav took a VERY bad move, there's absolutely no doubt on
that. This will surely affect the software credibility, as you can be
sure that LOTS and LOTS of email servers are broken since the
signature was published.
Whether or not they make a bad decision is your unqualified opinion.
It was blatantly a very bad move, because it assumed that the whole clamav
user-base was diligently upgrading their clamav installations. Which can't
be.
Post by Jerry
In addition, would you please be so kind as to qualify the "LOTS and LOTS"
with some actual documentation.
Why? He got into this trouble but was knowledgeable enough to report his
story to this mailing list. A lot of small, almost unattended mail servers
run into the very same troubles. Their admin have already upgraded their
installations or are unwilling/incapable to report here their story. So
multiply 1 by at least 100000 and you get an idea...

There are now at least 100000 people which are regarding clamav and (which
is worst) open software less respectfully, now.
Post by Jerry
Post by Leonardo Rodrigues
despite the fact there's was good reasons for doing that, it WAS
a VERY bad move IMHO.
That statement is diabolically opposed to itself, although you did
qualify it with a "IMHO" disclaimer.
The bottom line is you did not pay for or (to the best of my knowledge)
develop this software. You have no standing on the matter of how the
ClamAV team distributes it product.
The ClamAV team choose to take the advice of Ricky Nelson, "You can't
please everyone so you have got to please yourself." Now that is the bottom line.
The bottom line is that there were very simple ways to circumvent the
problem (see my previous posts). This time, it seems to me that the ClamAV
team was a bit too lazy to implement them...

Giampaolo

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Jerry
2010-04-16 15:47:37 UTC
Permalink
On Fri, 16 Apr 2010 17:05:42 +0200, Giampaolo Tomassoni
Post by Giampaolo Tomassoni
Unfortunately, the net result will be that the management of the small
companies running their crappy and old mailing systems will have to
hardly face the fact their mailing box doesn't work anymore because a
free component in it unreasonably stopped working. This will decrease
their trust about free software: they are going to buy a new computer
running Microsoft Exchange Server backed by something else then
ClamAV...
So, rather than update ClamAV and/or their OS, which in the majority of
cases would involve no monetary expense, users will purchase new
servers and flock en masse to Microsoft, spend thousands more on
Microsoft Windows Server 2010, Exchange, etc and learn new skills to
administer said network. Could I ask you a personal question; are you
on drugs and if so, can I have some because that is one hell of a trip
you are on?

Furthermore, why wouldn't these <quote>small companies running their
crappy and old mailing systems</quote> install updated versions of the
OS, etc they all ready have installed? Lets face facts, you obviously
have not thought this through. Post back when you have a factually
correct idea of what you are disseminating.
--
Jerry
***@seibercom.net

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the Reply-To header.
__________________________________________________________________

DAMN IT, I GOTTA GET OUTTA HERE!
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Giampaolo Tomassoni
2010-04-16 16:32:27 UTC
Permalink
Post by Jerry
Post by Giampaolo Tomassoni
Unfortunately, the net result will be that the management of the
small
Post by Giampaolo Tomassoni
companies running their crappy and old mailing systems will have to
hardly face the fact their mailing box doesn't work anymore because a
free component in it unreasonably stopped working. This will decrease
their trust about free software: they are going to buy a new computer
running Microsoft Exchange Server backed by something else then
ClamAV...
So, rather than update ClamAV and/or their OS, which in the majority of
cases would involve no monetary expense, users will purchase new
servers and flock en masse to Microsoft, spend thousands more on
Microsoft Windows Server 2010, Exchange, etc and learn new skills to
administer said network.
A crappy and old system can't be easily upgraded: you have to re-install it
from scratch in the best cases. In the worst, better "reset and restart"
with new hardware too. When that kind of system get stuck, management tend
to renew it from scratch anyway.

Since the management itself was bitten by the clamav problem and knowing how
management often thinks, believe me it won't be too difficult to know how
things will go in most cases. The manager (because you only get one person
in the management in very small companies) will shout: "I don't want to get
into these troubles anymore! The company of my friend X runs Microsoft and
they didn't experience this!" Because for the management the matter will
simply be Linux vs. Microsoft: these are probably the only two words they
know about software (and they may even believe Linux is a company).
Post by Jerry
Could I ask you a personal question; are you on drugs and if so, can
I have some because that is one hell of a trip you are on?
If you were running an old, outdated version of clamav and spamassassin, you
could get some by replying to one of that slippery e-mails...
Post by Jerry
Furthermore, why wouldn't these <quote>small companies running their
crappy and old mailing systems</quote> install updated versions of the
OS, etc they all ready have installed? Lets face facts, you obviously
have not thought this through. Post back when you have a factually
correct idea of what you are disseminating.
The only thing I'm trying to disseminate here is that running a successful
open-software project demands for a very responsible approach to users,
otherwise you may put in danger your project and the open software
acceptability.

Giampaolo
Post by Jerry
Jerry
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Jim Preston
2010-04-16 18:33:06 UTC
Permalink
Post by Giampaolo Tomassoni
Post by Jerry
Post by Giampaolo Tomassoni
Unfortunately, the net result will be that the management of the
small
Post by Giampaolo Tomassoni
companies running their crappy and old mailing systems will have to
hardly face the fact their mailing box doesn't work anymore
because a
free component in it unreasonably stopped working. This will
decrease
their trust about free software: they are going to buy a new
computer
running Microsoft Exchange Server backed by something else then
ClamAV...
So, rather than update ClamAV and/or their OS, which in the
majority of
cases would involve no monetary expense, users will purchase new
servers and flock en masse to Microsoft, spend thousands more on
Microsoft Windows Server 2010, Exchange, etc and learn new skills to
administer said network.
A crappy and old system can't be easily upgraded: you have to re-
install it
from scratch in the best cases. In the worst, better "reset and restart"
with new hardware too. When that kind of system get stuck,
management tend
to renew it from scratch anyway.
Since the management itself was bitten by the clamav problem and knowing how
management often thinks, believe me it won't be too difficult to know how
things will go in most cases. The manager (because you only get one person
in the management in very small companies) will shout: "I don't want to get
into these troubles anymore! The company of my friend X runs
Microsoft and
they didn't experience this!" Because for the management the matter will
simply be Linux vs. Microsoft: these are probably the only two words they
know about software (and they may even believe Linux is a company).
Then these companies are far better off buying new servers with
Microsoft software. That way they do not have to be responsible....
Post by Giampaolo Tomassoni
Post by Jerry
Could I ask you a personal question; are you on drugs and if so, can
I have some because that is one hell of a trip you are on?
If you were running an old, outdated version of clamav and
spamassassin, you
could get some by replying to one of that slippery e-mails...
Post by Jerry
Furthermore, why wouldn't these <quote>small companies running their
crappy and old mailing systems</quote> install updated versions of the
OS, etc they all ready have installed? Lets face facts, you obviously
have not thought this through. Post back when you have a factually
correct idea of what you are disseminating.
The only thing I'm trying to disseminate here is that running a successful
open-software project demands for a very responsible approach to users,
otherwise you may put in danger your project and the open software
acceptability.
Giampaolo
Post by Jerry
Jerry
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Simon Hobson
2010-04-16 16:33:19 UTC
Permalink
Post by Jerry
So, rather than update ClamAV and/or their OS, which in the majority of
cases would involve no monetary expense, users will purchase new
servers and flock en masse to Microsoft, spend thousands more on
Microsoft Windows Server 2010, Exchange, etc and learn new skills to
administer said network. Could I ask you a personal question; are you
on drugs and if so, can I have some because that is one hell of a trip
you are on?
You really think they don't do that ? In the real world, PHBs all
over do take just that sort of decision - how else do you think MS
got where they are.
Post by Jerry
Furthermore, why wouldn't these <quote>small companies running their
crappy and old mailing systems</quote> install updated versions of the
OS, etc they all ready have installed?
In many cases, they will have systems that were installed for them
some time ago, and that they no longer have paid support for. When it
"dies" they'll go to someone to "fix it" - and lets face it, there
are a lot more outfits that will tell them they need an Exchange
server than there are that will tell them it's an easy fix.

I've seen it more than once. IN fact, I was thinking about the mail
server at my last job as I wrote the previous paragraph - then
thought I ought to warn the guy left to run it - and then remembered
that it dies a while ago with a disk failure and they switched to
using hosted Exchange. So yes, a real example where they decided to
replace the free and functional software with something they pay for
and which does less.

That's PHBs for you. Weird, but believe me, it happens - and
incidentally, guess what my current employer loves to sell :-/
Post by Jerry
Post by Simon Hobson
At no point have I seen anything in the logs on my servers to say
it was going to be turned off. Like many others, the first I knew
was when I got to work this morning and the server wasn't working.
Because they should have obviously jumped in the way-back-machine
and changed the 5 year old software you use to warn you about a future
event that wasn't known 5 years ago?
Or because they should have hacked into your machine and placed the notice
there for you?
Or should they have gone personally to your house last night and knocked
on your door to tell you?
Or they could have put it on their website at the one page that does
appear in the log - but they didn't put it on the FAQ page at all. As
it happens, I **HAVE** been to the FAQ page in the last few months
and had it been there like it is on the front page then I would have
seen it.

So in that respect, a very simple edit to the website could have made
a significant difference - I doubt I'm alone.
Post by Jerry
It's broke
It is now
Post by Jerry
please go fix it.
I will, now I know about it. But it would have been nice to do it at
a more convenient time, and with advance notice so I could use it to
get some resource allocated by management.
--
Simon Hobson

Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
author Gladys Hobson. Novels - poetry - short stories - ideal as
Christmas stocking fillers. Some available as e-books.
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Jerry
2010-04-16 17:01:32 UTC
Permalink
On Fri, 16 Apr 2010 17:33:19 +0100, Simon Hobson
Post by Simon Hobson
Post by Jerry
So, rather than update ClamAV and/or their OS, which in the majority
of cases would involve no monetary expense, users will purchase new
servers and flock en masse to Microsoft, spend thousands more on
Microsoft Windows Server 2010, Exchange, etc and learn new skills to
administer said network. Could I ask you a personal question; are you
on drugs and if so, can I have some because that is one hell of a
trip you are on?
You really think they don't do that ? In the real world, PHBs all
over do take just that sort of decision - how else do you think MS
got where they are.
The reasons are legion; however, for starters a fully functional GUI
has to listed at or near the top. For instance, one of the more
requested features I have seen on the Postfix forum is a GUI. There
have even been inquires about one for Dovecot. NetManager
<http://projects.gnome.org/NetworkManager/> is becoming very popular in
the *nix community. One of Microsoft's greatest accomplishments was
their GUI and early use of hot plugging devices and plug & play
capability. I seriously doubt that some FOSS EOLing their software had
any discernible influence on its success. In any case, none of this has
anything to do with ClamAV + EOL.
Post by Simon Hobson
Post by Jerry
Furthermore, why wouldn't these <quote>small companies running their
crappy and old mailing systems</quote> install updated versions of
the OS, etc they all ready have installed?
In many cases, they will have systems that were installed for them
some time ago, and that they no longer have paid support for. When it
"dies" they'll go to someone to "fix it" - and lets face it, there
are a lot more outfits that will tell them they need an Exchange
server than there are that will tell them it's an easy fix.
There isn't, at least as far as I know, a fully functional *.nix
replacement that is equivalent to Exchange. Some come close; however, I
have been told they are not equivalent and tend to be extremely buggy.
I don't personally administer either so I cannot state that as a fact.
Post by Simon Hobson
Post by Jerry
It's broke
It is now
Post by Jerry
please go fix it.
I will, now I know about it. But it would have been nice to do it at
a more convenient time, and with advance notice so I could use it to
get some resource allocated by management.
As my mother use to tell me (paraphrased): " I shouldn't have to tell
you to pick up your toys; you should know enough to do it." The point
being is that you procrastinated and now are paying the price. I feel
sorry for you. Honestly, I do. Perhaps this is a good learning
experience.
--
Jerry
***@seibercom.net

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the Reply-To header.
__________________________________________________________________

I hope you're not pretending to be evil while
secretly being good. That would be dishonest.
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Simon Hobson
2010-04-16 18:32:38 UTC
Permalink
Post by Jerry
Post by Simon Hobson
Post by Jerry
So, rather than update ClamAV and/or their OS, which in the majority
of cases would involve no monetary expense, users will purchase new
servers and flock en masse to Microsoft, spend thousands more on
Microsoft Windows Server 2010, Exchange, etc and learn new skills to
administer said network. Could I ask you a personal question; are you
on drugs and if so, can I have some because that is one hell of a
trip you are on?
You really think they don't do that ? In the real world, PHBs all
over do take just that sort of decision - how else do you think MS
got where they are.
The reasons are legion; however, for starters a fully functional GUI
has to listed at or near the top. For instance, one of the more
requested features I have seen on the Postfix forum is a GUI. There
have even been inquires about one for Dovecot. NetManager
<http://projects.gnome.org/NetworkManager/> is becoming very popular in
the *nix community. One of Microsoft's greatest accomplishments was
their GUI and early use of hot plugging devices and plug & play
capability. I seriously doubt that some FOSS EOLing their software had
any discernible influence on its success. In any case, none of this has
anything to do with ClamAV + EOL.
Err, it does have something to do with it. You made the assertion
that no-one would spend money replacing a system rather than upgrade
it. Two of us now have pointed out that real world PHB do exactly
that sort of thing - and this issue with clamav getting the kill
switch can be just the sort of excuse they need. It may not be a
valid reason, but then so many business decisions are based on having
enough excuses to do what you want rather than doing what would
logically be right. As Giampaolo comments, some people (especially
PHBs) simply see it as "that Linux stuff blew up, best go with
Microsoft like everyone else".

Fortunately that's not the case where I am - this box replaced an
iMail server running on NT4 which was forever crashing and getting
used for spamming. No-one on the engineering or support teams mourned
it's loss ! But equally, if it wasn't for the licence costs,
management would still be happier with a Microsoft 'solution'.
Post by Jerry
Post by Simon Hobson
Post by Jerry
Furthermore, why wouldn't these <quote>small companies running their
crappy and old mailing systems</quote> install updated versions of
the OS, etc they all ready have installed?
In many cases, they will have systems that were installed for them
some time ago, and that they no longer have paid support for. When it
"dies" they'll go to someone to "fix it" - and lets face it, there
are a lot more outfits that will tell them they need an Exchange
server than there are that will tell them it's an easy fix.
There isn't, at least as far as I know, a fully functional *.nix
replacement that is equivalent to Exchange.
I never suggested there was. What I did say is that there are plenty
of people who will be happy to tell the PHB that what they really
need is this nice shiny Exchange server (ie something that gets them
points for their sales targets, and of course commission) rather than
"I can fix this in a few minutes". Plenty of PHBs will believe that,
because it's an expert telling them right ?

Trust me, I've been in situations where they've made a point of not
letting me near a customer in case I point out these things.
Post by Jerry
As my mother use to tell me (paraphrased): " I shouldn't have to tell
you to pick up your toys; you should know enough to do it."
Did she ever lock you in the cupboard (or insert other punishment)
because you didn't follow some instruction she left on a piece of
paper in a place you never look ?
Post by Jerry
The point being is that you procrastinated and now are paying the price.
Made a decision, based on resources available, what else is going on,
and an assumption (now proven false) that my working software
wouldn't break without me doing something to break it. it's uptime is
405 days, cf the comments above about people with systems setup by
others that just sit in the corner and work.

The timing is naff - in (hopefully) a few months, I'd have a better
hand me down server and I've have migrated the system anyway.
Post by Jerry
Perhaps this is a good learning
experience.
Yes, I've learned that commercial companies don't have a monopoly on
these things !


I suppose I could just copy the guys running the Windows servers -
and just configure all the systems to automatically install any and
every update automatically. And then just fix things as they break -
how I love watching the going on on patch Tuesdays :-)
--
Simon Hobson

Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
author Gladys Hobson. Novels - poetry - short stories - ideal as
Christmas stocking fillers. Some available as e-books.
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Jerry
2010-04-16 19:22:55 UTC
Permalink
On Fri, 16 Apr 2010 19:32:38 +0100, Simon Hobson
I have a system to manage. I cannot spend all my working time here.
Post by Simon Hobson
Post by Jerry
Post by Simon Hobson
Post by Jerry
So, rather than update ClamAV and/or their OS, which in the majority
of cases would involve no monetary expense, users will purchase
new servers and flock en masse to Microsoft, spend thousands
more on Microsoft Windows Server 2010, Exchange, etc and learn
new skills to administer said network. Could I ask you a
personal question; are you on drugs and if so, can I have some
because that is one hell of a trip you are on?
You really think they don't do that ? In the real world, PHBs all
over do take just that sort of decision - how else do you think MS
got where they are.
The reasons are legion; however, for starters a fully functional GUI
has to listed at or near the top. For instance, one of the more
requested features I have seen on the Postfix forum is a GUI. There
have even been inquires about one for Dovecot. NetManager
<http://projects.gnome.org/NetworkManager/> is becoming very popular
in the *nix community. One of Microsoft's greatest accomplishments
was their GUI and early use of hot plugging devices and plug & play
capability. I seriously doubt that some FOSS EOLing their software
had any discernible influence on its success. In any case, none of
this has anything to do with ClamAV + EOL.
Err, it does have something to do with it. You made the assertion
that no-one would spend money replacing a system rather than upgrade
it. Two of us now have pointed out that real world PHB do exactly
that sort of thing - and this issue with clamav getting the kill
switch can be just the sort of excuse they need. It may not be a
valid reason, but then so many business decisions are based on having
enough excuses to do what you want rather than doing what would
logically be right. As Giampaolo comments, some people (especially
PHBs) simply see it as "that Linux stuff blew up, best go with
Microsoft like everyone else".
The two who have "pointed out that real world PHB do exactly that sort
of thing" now are operating broken systems. So much for credibility.
Post by Simon Hobson
Fortunately that's not the case where I am - this box replaced an
iMail server running on NT4 which was forever crashing and getting
used for spamming. No-one on the engineering or support teams mourned
it's loss ! But equally, if it wasn't for the licence costs,
management would still be happier with a Microsoft 'solution'.
NT is ancient history. Why you would even mention it is beyond me,
although it might be interesting to know when they actually did get
around to swapping it out. Then again, maybe I don't want to know.
Post by Simon Hobson
Post by Jerry
Post by Simon Hobson
Post by Jerry
Furthermore, why wouldn't these <quote>small companies running their
crappy and old mailing systems</quote> install updated versions
of the OS, etc they all ready have installed?
In many cases, they will have systems that were installed for them
some time ago, and that they no longer have paid support for.
When it "dies" they'll go to someone to "fix it" - and lets face
it, there are a lot more outfits that will tell them they need an
Exchange server than there are that will tell them it's an easy
fix.
There isn't, at least as far as I know, a fully functional *.nix
replacement that is equivalent to Exchange.
I never suggested there was. What I did say is that there are plenty
of people who will be happy to tell the PHB that what they really
need is this nice shiny Exchange server (ie something that gets them
points for their sales targets, and of course commission) rather than
"I can fix this in a few minutes". Plenty of PHBs will believe that,
because it's an expert telling them right ?
Trust me, I've been in situations where they've made a point of not
letting me near a customer in case I point out these things.
And what has that got to do with the price of tea in China? Salesmen
sell products, make money in the form of a commission and support their
families. Do you have something against an individual making an honest
living?
Post by Simon Hobson
Post by Jerry
As my mother use to tell me (paraphrased): " I shouldn't have to tell
you to pick up your toys; you should know enough to do it."
Did she ever lock you in the cupboard (or insert other punishment)
because you didn't follow some instruction she left on a piece of
paper in a place you never look ?
No, she never, I think never, left me secret notes. Any notes she might
have left were clearly stuck on the refrigerator.
Post by Simon Hobson
Post by Jerry
The point being is that you procrastinated and now are paying the price.
Made a decision, based on resources available, what else is going on,
and an assumption (now proven false) that my working software
wouldn't break without me doing something to break it. it's uptime is
405 days, cf the comments above about people with systems setup by
others that just sit in the corner and work.
"Up time" can mean many things, such as how long you have delayed doing
routine maintenance on your system. I agree, if it is the only system
you have, doing routine maintenance can be a hassle. Then again, if you
do not have a backup system, it is by no means your major concern.
Post by Simon Hobson
The timing is naff - in (hopefully) a few months, I'd have a better
hand me down server and I've have migrated the system anyway.
Post by Jerry
Perhaps this is a good learning
experience.
Yes, I've learned that commercial companies don't have a monopoly on
these things !
What things? Making a decision and implementing it! Grow up! It happens
in every facet of life. You made a decision NOT to properly maintain
your system and now you are just trying to pass the buck onto anyone
who will listen. If you find the decision by ClamAV intolerable, use
something else. No one, at least I hope no one, is holding a gun to
your head.
Post by Simon Hobson
I suppose I could just copy the guys running the Windows servers -
and just configure all the systems to automatically install any and
every update automatically. And then just fix things as they break -
how I love watching the going on on patch Tuesdays :-)
Yea, I guess you are right. *.nix users would never let their systems
use deprecated software to the extent that newer products would fail!
Or, would they? There is incompetence every where. Sometimes, all you
need to do is look into a mirror.
--
Jerry
***@seibercom.net

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the Reply-To header.
__________________________________________________________________

The distinction between Freedom and Liberty is not accurately known;
naturalists have been unable to find a living specimen of either.


Ambrose Bierce
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Jim Preston
2010-04-16 18:34:56 UTC
Permalink
Post by Simon Hobson
Post by Jerry
So, rather than update ClamAV and/or their OS, which in the
majority of
cases would involve no monetary expense, users will purchase new
servers and flock en masse to Microsoft, spend thousands more on
Microsoft Windows Server 2010, Exchange, etc and learn new skills to
administer said network. Could I ask you a personal question; are you
on drugs and if so, can I have some because that is one hell of a trip
you are on?
You really think they don't do that ? In the real world, PHBs all
over do take just that sort of decision - how else do you think MS
got where they are.
Yes and they get exactly what the deserve and PAY for when they
switch.......
Post by Simon Hobson
Post by Jerry
Furthermore, why wouldn't these <quote>small companies running their
crappy and old mailing systems</quote> install updated versions of the
OS, etc they all ready have installed?
In many cases, they will have systems that were installed for them
some time ago, and that they no longer have paid support for. When
it "dies" they'll go to someone to "fix it" - and lets face it,
there are a lot more outfits that will tell them they need an
Exchange server than there are that will tell them it's an easy fix.
I've seen it more than once. IN fact, I was thinking about the mail
server at my last job as I wrote the previous paragraph - then
thought I ought to warn the guy left to run it - and then remembered
that it dies a while ago with a disk failure and they switched to
using hosted Exchange. So yes, a real example where they decided to
replace the free and functional software with something they pay for
and which does less.
That's PHBs for you. Weird, but believe me, it happens - and
incidentally, guess what my current employer loves to sell :-/
Post by Jerry
Post by Simon Hobson
At no point have I seen anything in the logs on my servers to say
it was going to be turned off. Like many others, the first I knew
was when I got to work this morning and the server wasn't working.
Because they should have obviously jumped in the way-back-machine
and changed the 5 year old software you use to warn you about a future
event that wasn't known 5 years ago?
Or because they should have hacked into your machine and placed the notice
there for you?
Or should they have gone personally to your house last night and knocked
on your door to tell you?
Or they could have put it on their website at the one page that does
appear in the log - but they didn't put it on the FAQ page at all.
As it happens, I **HAVE** been to the FAQ page in the last few
months and had it been there like it is on the front page then I
would have seen it.
So in that respect, a very simple edit to the website could have
made a significant difference - I doubt I'm alone.
Post by Jerry
It's broke
It is now
Post by Jerry
please go fix it.
I will, now I know about it. But it would have been nice to do it at
a more convenient time, and with advance notice so I could use it to
get some resource allocated by management.
--
Simon Hobson
Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
author Gladys Hobson. Novels - poetry - short stories - ideal as
Christmas stocking fillers. Some available as e-books.
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Jim Preston
2010-04-16 18:17:52 UTC
Permalink
Post by Giampaolo Tomassoni
Post by Jerry
Post by Leonardo Rodrigues
this is the first time, in SEVERAL years that i work with IT,
that i've seen a software publisher pushing a 'kill' signature to its
own software.
Could you please qualify that statement. Do you mean that this is the
first instance of this kind you have experienced in several years,
meaning of course that there is a precedence for it, or that it is the
fist time in the several years you have worked at your profession that
you have observed this behavior? Your statement, as it now stands, is
ambiguous.
He is CLEARLY stating that he is several years he is working in IT, and that
during his multi-year professional work he never saw a software publisher
pushing a kill signature.
What do you have to disambiguate?
Post by Jerry
Post by Leonardo Rodrigues
it's VERY common in the software industry to stop supporting old
versions, but they simply stay working. They're outdated,
unsupported, but they keep working. I have a working Redhat 9 machine
running until today, despite the fact it's SEVERAL years unsupported
and deprecated. Is this the best thing to do ? No, absolutely not, i
dont want credits for that. But hey, it simply continue working.
Many of use have taken that route as a 'stop gap' measure. However, to
instigate it as an official protocol is just asking for trouble. (Reread
this thread for further details)
Was the 'stop gap' really useful? To which purpose? Did the ClamAV team
meant to stop old installations to work, in order to silence
competitors?
Perhaps to teach to clamav users about the very complex nature of today
systems and services?
Unfortunately, the net result will be that the management of the small
companies running their crappy and old mailing systems will have to hardly
face the fact their mailing box doesn't work anymore because a free
component in it unreasonably stopped working. This will decrease their trust
about free software: they are going to buy a new computer running Microsoft
Exchange Server backed by something else then ClamAV...
Then they are free to do so and get what they pay for......

Jim
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Giampaolo Tomassoni
2010-04-16 18:29:12 UTC
Permalink
Post by Jim Preston
Post by Giampaolo Tomassoni
Unfortunately, the net result will be that the management of the
small
Post by Giampaolo Tomassoni
companies running their crappy and old mailing systems will have to hardly
face the fact their mailing box doesn't work anymore because a free
component in it unreasonably stopped working. This will decrease their trust
about free software: they are going to buy a new computer running Microsoft
Exchange Server backed by something else then ClamAV...
Then they are free to do so and get what they pay for......
Ok. ClamAV likes this way... Everybody happy, then.

Giampaolo

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Eric Rostetter
2010-04-16 15:25:24 UTC
Permalink
Post by Leonardo Rodrigues
it's VERY common in the software industry to stop supporting old
versions, but they simply stay working.
For six months, you've been told to either upgrade or disable signature
updates. If you'd done either, you would still be running fine.
Post by Leonardo Rodrigues
clamav took a VERY bad move, there's absolutely no doubt on that.
Perhaps, but had they let you continue running it, letting you think
it was working perfectly, but it no longer protected you -- that is it
could no longer do the job it is supposed to do -- would they be doing
you a service or a dis-service?

In this case, they are dammed if they do (anti-virus that doesn't catch
viruses is sure to be criticized), dammed if they don't (people who don't
do due diligence are sure to criticize them for "breaking" their system).
Post by Leonardo Rodrigues
This will surely affect the software credibility, as you can be sure
that LOTS and LOTS of email servers are broken since the signature
was published.
Yes, lots are broken (their fault). If they didn't do this, lots
of email servers would be thinking they were protected but wouldn't be...
Either way, people lose... No win situation.
Post by Leonardo Rodrigues
despite the fact there's was good reasons for doing that, it WAS
a VERY bad move IMHO.
Well, the argument is: no one told me. Despite it being on the web site.
Despite 6 months of discussions and warnings on the mailing list. Well,
guess what? They told you -- by shutting down your clamav! So don't
say they didn't tell you... They told you in 3 ways, starting 6 months
ago.

Now, IF they didn't tell you, and you were passing viruses through, you'd
be mad, right? So they told you... Made sure you were not passing any
viruses through. Just doing their job.

Do I like what they did? No. Do I have a problem with it? No. Will it
hurt their reputation? Only with people who don't do due diligence...

Complaint: They didn't tell me! Answer: They did tell you, and turing off
software was the last of several attempts to tell you -- and it worked!
Heck, they even asked for comments and suggestions when forming this policy.
Why did people speak up then?
--
Eric Rostetter
The Department of Physics
The University of Texas at Austin

Go Longhorns!
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Jim Preston
2010-04-16 17:41:56 UTC
Permalink
Post by Leonardo Rodrigues
Post by Giampaolo Tomassoni
Indeed, an EOL on the previous minor version is quite an hazard and may be
regarded as a self-destructive behavior: it could easily became an
End-Of-(product-)Line, meaning that people will switch to something more
"serious"...
this is the first time, in SEVERAL years that i work with IT,
that i've seen a software publisher pushing a 'kill' signature to
its own software.
it's VERY common in the software industry to stop supporting old
versions, but they simply stay working. They're outdated,
unsupported, but they keep working. I have a working Redhat 9
machine running until today, despite the fact it's SEVERAL years
unsupported and deprecated. Is this the best thing to do ? No,
absolutely not, i dont want credits for that. But hey, it simply
continue working.
clamav took a VERY bad move, there's absolutely no doubt on that.
This will surely affect the software credibility, as you can be sure
that LOTS and LOTS of email servers are broken since the signature
was published.
despite the fact there's was good reasons for doing that, it WAS
a VERY bad move IMHO.
Well being you are running an OS that does not have security updates,
maybe you should have just turned off freshclam...... then your system
can run in perpetuity until the hardware fails.....
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Jim Preston
2010-04-16 19:09:55 UTC
Permalink
Post by Steve Basford
Hi,
Just for interest.. feedback on EOL...
http://search.twitter.com/search?q=clamav
Cheers,
Steve
Sanesecurity
See what ya started Steve? :^)

Jim
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Continue reading on narkive:
Loading...