No debian woody support anymore?

Post by H***@dip-systems.de
After the last signature update, clam av stopped working on our woody
installation.

Could be this...

"....This move is needed to push more people to upgrade to 0.95"

See: http://www.clamav.net/lang/en/2009/10/05/eol-clamav-094/

Cheers,

Steve
Sanesecurity

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Rob Sterenborg

2010-04-21 12:32:13 UTC

Post by H***@dip-systems.de
After the last signature update, clam av stopped working on our woody
installation.

Your ClamAV is probably EOL. Please upgrade.
http://www.clamav.net/lang/en/2009/10/05/eol-clamav-094/

If your distro does not have a recent ClamAV package, you should be able to build it from source. (I saw a post here mentioning that the build even succeeds on a distro as old as RH7.2.)

Post by H***@dip-systems.de
Is there no more support for this Debian Release?

Debian Woody (Debian 3.0) is also pretty old and EOL'ed..

--
Rob

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Simon Hobson

2010-04-21 15:33:57 UTC

Post by H***@dip-systems.de
After the last signature update, clam av stopped working on our woody
installation.
Is there no more support for this Debian Release?

No, according to certain people on this list, you are a cretin, and
incompetent to even handle the off switch of a computer. If you check
the list archives - particular for threads "(no subject)" and "Those
EOL tweets" you'll see that you are far from alone.

There seen to be three groups - those who think it was handled really
badly and were affected, a small group who think it was handled badly
but weren't affected, and a group that thinks there is nothing wrong
and it's all the end users fault - and especially that the ClamAV
team did nothing wrong, deliberately interfering with other peoples
servers is both morally and legally acceptable as long as they
pretended to tell you first, and there was no other possible way they
could have acted.

Even now when their stance has been shown to be full of logical
holes, they still persist that anyone disagreeing with their "we did
nothing wrong" stance are a bunch of whining losers.

That's how it comes across to me anyway.

--
Simon Hobson

Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
author Gladys Hobson. Novels - poetry - short stories - ideal as
Christmas stocking fillers. Some available as e-books.
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Christopher X. Candreva

2010-04-21 15:57:30 UTC

Post by Simon Hobson
No, according to certain people on this list, you are a cretin, and
incompetent to even handle the off switch of a computer. If you check the list
archives - particular for threads "(no subject)" and "Those EOL tweets" you'll
see that you are far from alone.

Well hell, if we're going to degenerate to this level, I don't think you're
a cretin, I think you're a commie freeloader who thinks the world owes you a
living.

Let's at least get the name-calling right.

Homer: In case you missed it, that was sarcasam.
Marge: Well, DUH.

==========================================================
Chris Candreva -- ***@westnet.com -- (914) 948-3162
WestNet Internet Services of Westchester
http://www.westnet.com/
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Christopher X. Candreva

2010-04-21 16:05:48 UTC

And sarcasam aside, there are other points of view.

The one I've tried to make repeatedly is, like it or not this has been the
MO of the Clam team for years. This is nothing new. What I find hard to
believe is people installing software on their machines, that is reguarlly
pulling data from an outside source, and evidently knowing nothing about the
group producing it.

For people running any supported distribution using packages, I blame the
distro. If they are making the binaries available and claim support, they
should be up on what is current.

But for anyone running an EOL distro, I will put the blame squarely on their
shoulders. If you choose, for whatever reasons, to continue to run an
supported distro, then it is your responsibility to keep up on the software
you have installed.

Again, to me what the Clam team could or could not have done is Monday
morning quarterbacking. Forget the last 6 months, where the hell have all of
you been for the last 6 YEARS when it has come up time and time again that
clamd will die in all sorts of weird manners.

There are lots of other ways to run a project. This is the way the Clam team
chooses to run theirs. It's their right, and the fact that a bunch of people
decided to use their software in no way makes them beholden or obligated to
you.

If you don't like this RUN SOMETHING ELSE AND SHUT THE FUCK UP ALREADY.

==========================================================
Chris Candreva -- ***@westnet.com -- (914) 948-3162
WestNet Internet Services of Westchester
http://www.westnet.com/
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Simon Hobson

2010-04-21 16:13:31 UTC

Sarcasm or not, I think you are far off the mark - but in any case,
I'm sure cretin was used as one description, as was incompetent. As
for commie freeloader - I don't think you could be much further from
the truth, but that's my opinion and you're welcome to yours. And I
don't believe I have at any point asked for anything other than to
not have my system remotely borked. I haven't demanded that people
keep providing updates to my AV sigs, or that they do anything for me
- other than not borking my system.

The ClamAV team released the project under an open licence which
allows anyone to use it in any way they wish. They then later take it
upon themselves to impose by force* a 'solution'. If they'd stopped
providing sig updates then I'd not be complaining, but that isn't
what they did.

I believe my comments neatly summed up the attitudes of a group of
people - my opinion.

* I know, they aregue that they did no such thing, and that they were
'invited' by the act of me running freshclam. That's the sort of
thing a criminal uses to justify their actions - you know, "yes I did
steal their telly, but they should have upgraded their locks like I
pretended I'd told them to and then I wouldn't have done it".

Stephen Gran

2010-04-21 18:16:26 UTC

Post by Simon Hobson
Sarcasm or not, I think you are far off the mark - but in any case,
I'm sure cretin was used as one description, as was incompetent. As
for commie freeloader - I don't think you could be much further from
the truth, but that's my opinion and you're welcome to yours. And I
don't believe I have at any point asked for anything other than to
not have my system remotely borked. I haven't demanded that people
keep providing updates to my AV sigs, or that they do anything for
me - other than not borking my system.
The ClamAV team released the project under an open licence which
allows anyone to use it in any way they wish. They then later take
it upon themselves to impose by force* a 'solution'. If they'd
stopped providing sig updates then I'd not be complaining, but that
isn't what they did.

I think we've all gotten your point. And of course you're free to use the
software as you see fit. Just stop asking for free database updates, and
your older clamav will keep running quite happily, if rather irrelevantly.

I get that you're unhappy that they didn't have versioning support
for signatures in older versions, but since they didn't, they didn't.
Since it is precisely the people that won't upgrade that were bitten, I'm
not sure that releasing an upgrade resolving the issue would have helped.
Particularly since they tried that (it's the 0.95.x series) and people
still got bitten, since they refused to upgrade. OK, possibly "refused
to upgrade" might be a bit strong - "were not aware that it is standard
practice to keep your security sensitive software reasonably up to date
when you do not have vendor support for it" might be a better phrase.

Faced with an old release of software that will die if the team uses
new functionality due to a known bug, and people who will not upgrade
to the version that fixes this bug, and a reasonably urgent need to use
the new functionality, what exactly would you have done differently?
Would you have ignored the issue and just starting using the new
functionality, leading to people running older releases getting clamd
crashes with incomprehensible error messages? Would you have contacted
everyone personally to ask their permission?

Cheers,

Eric Rostetter

2010-04-21 18:28:58 UTC

They have already answered this. They would force sourcefire/clamav
to spend lots of time, money, and effort to setup a parallel signature
system; one for older versions, one for newer systems. They seem to
have no qualm with the idea of making sourcefire/clamav pay this price
so they can use the results free of charge...

The biggest problem with this suggestion is that it came after the fact,
so it isn't a useful suggestion. No one bothered to offer this advice
before the change was made.

--
Eric Rostetter
The Department of Physics
The University of Texas at Austin

Go Longhorns!
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Simon Hobson

2010-04-21 19:03:58 UTC

Post by Eric Rostetter

OK, how's this then. 9.5.3 (IIRC) came out about the time the notice
was published. It costs virtually nothing to add an extra DNS entry,
and the release could have had the default server URL changed for
Freshclam to fetch updates. it wouldn't even have been a great issue
to have a 9.5.4 just for that - and of course the change would be
quite prominent in the release notes then as well.

According to the arguments made in support, all responsible/competent
admins would have been running this or a later version by the time
support for <9.5 was dropped. On that basis, no responsible/competent
admin would have been affected by removing the DNS entry used by the
older versions. Even if someone was still running a 9,5 version
earlier than the one with the update, it would be one tiny change in
freshclam.conf to fix it.

Of course, all this would have a prominent entry, not just on the
ClanAV homepage, but also on the FAQ page whose URL appears in the
freshclam logs.

Come cutoff date, support is dropped for older versions, but they
will continue to run. It will not be silent, as freshclam will
complain several times a day that it can't get updates. This is a lot
different to mentioning in passing that your version isn't current
and you might consider upgrading.

So probably even less work than fashioning the poison pill update.
Less collateral damage. And these threads would have died several
days ago with a "oh, so that's it" !

No parallel signature system at all, in fact no changes at all other
than a slight change to a DNS entry.

But I can see how this would be rejected by those who appear
religious attitude to there being "only one true way" to run a server.

Post by Eric Rostetter
The biggest problem with this suggestion is that it came after the fact,
so it isn't a useful suggestion. No one bothered to offer this advice
before the change was made.

Well, if I'd known, I could have suggested the above ! And I probably
would have, even if I'd not been running affected software. If any
project I *am* involved with suggested such a thing then I would
speak up on that.

Eric Rostetter

2010-04-21 19:47:25 UTC

Post by Simon Hobson
OK, how's this then. 9.5.3 (IIRC) came out about the time the notice
was published.

And handles the signature, so it doesn't matter.

Post by Simon Hobson
It costs virtually nothing to add an extra DNS entry,

You don't know what it costs others to setup a DNS entry. Or to run
two signature repositories. Or to deal with support requests for two
different repos and sites.

Post by Simon Hobson
and the release could have had the default server URL changed for
Freshclam to fetch updates.

No need to. Only needed with 0.96.

Post by Simon Hobson
it wouldn't even have been a great issue to have a 9.5.4 just for
that - and of course the change would be quite prominent in the
release notes then as well.

Again, you don't know the costs associated with another release.

Post by Simon Hobson
According to the arguments made in support, all
responsible/competent admins would have been running this or a later
version by the time support for <9.5 was dropped. On that basis, no
responsible/competent admin would have been affected by removing the
DNS entry used by the older versions.

Sure they would be affected... Not by a shutdown of clamd maybe, but
they would surely be affected.

Post by Simon Hobson
Of course, all this would have a prominent entry, not just on the
ClanAV homepage, but also on the FAQ page whose URL appears in the
freshclam logs.

Yeah, we've already covered that this should have been in the FAQ
and wasn't. Point taken.

Post by Simon Hobson
Come cutoff date, support is dropped for older versions, but they
will continue to run.

And people are left with a false sense of security. And sourcefire is
left to handle all the support issues of people claiming that their
product doesn't work since it doesn't catch the viruses it claims to.
And all the service requests for why freshclam isn't updating. And
so on.

Post by Simon Hobson
So probably even less work than fashioning the poison pill update.

Since it would no doubt be spread over a longer period of time, and
since it requires more work upfront, it would be more work/time/effort
for them.

Post by Simon Hobson
Less collateral damage. And these threads would have died several
days ago with a "oh, so that's it" !

Nope. Different (less severe) collateral damage, and different threads
over a longer period of time.

Post by Simon Hobson
No parallel signature system at all, in fact no changes at all other
than a slight change to a DNS entry.

Not so. You even proposed a new release above, not to mention documentation
changes, etc. So yes, changes...

But it is true you _could_ get away without the parallel system, and that
would reduce (not eliminate) the burden on sourcefire.

Post by Simon Hobson
But I can see how this would be rejected by those who appear
religious attitude to there being "only one true way" to run a server.

This is off topic...

Post by Eric Rostetter
The biggest problem with this suggestion is that it came after the fact,
so it isn't a useful suggestion. No one bothered to offer this advice
before the change was made.

Well, if I'd known, I could have suggested the above ! And I
probably would have, even if I'd not been running affected software.
If any project I *am* involved with suggested such a thing then I
would speak up on that.

But you are involved in this project. And they did suggest it. So,
from my point of view, you (and I for that matter) were not sufficiently
involved is all... The blame therefore rests with us as much as with
sourcefire.

Thomas Hochstein

2010-04-23 06:02:56 UTC

Post by Simon Hobson
OK, how's this then. 9.5.3 (IIRC) came out about the time the notice
was published. It costs virtually nothing to add an extra DNS entry,
and the release could have had the default server URL changed for
Freshclam to fetch updates. it wouldn't even have been a great issue
to have a 9.5.4 just for that - and of course the change would be
quite prominent in the release notes then as well.

Why didn't you suggest that beforehand?

Why didn't you just DO that if you consider it necessary as it "costs
virtually nothing", neither time nor money?

-thh
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Simon Hobson

2010-04-23 07:08:33 UTC

Post by Thomas Hochstein

Why didn't you suggest that beforehand?

Because, as has been made quite clear beforehand, I did not know this
was happening - and I'm far from alone in that. If I had been aware
at the right time* then I would have suggested it.

* Note that "right time" does NOT mean spotting the EOL announcement
when it was made. That was too late as the decisions had already been
made then.

Post by Thomas Hochstein
Why didn't you just DO that if you consider it necessary as it "costs
virtually nothing", neither time nor money?

Eh ? Are you suggesting that I have the ability to go back in time
and make changes to someone else's DNS and code ?

As for "costs virtually nothing", yes I believe that is a good
description of what it would have cost - and don't forget that
deciding to EOL and forcibly block older versions was not without
cost. Unless the project has some strange ways to make things tedious
and difficult to change, then it would probably have cost less in
time than the discussions (if there were any) on the ethics of
issuing a kill signal to older software.

But it's a moot point - the team didn't do that, we are where we are,
and a lot of people are unhappy for various reasons.

Rob Sterenborg

2010-04-23 07:40:20 UTC

Post by Simon Hobson
OK, how's this then. 9.5.3 (IIRC) came out about the time the notice

OK, how's this then. If you used freshclam, everytime you updated the signatures you got a message about ClamAV being outdated. The gap between 0.94 and now it quite big. The people who *chose* to ignore it are to blame. If you're stupid enough *not* to upgrade your virusscanner while it's for free (that's probably why you chose ClamAV in the first place), it's your fault. If you're running a mailserver and got bitten because you don't know how to upgrade, then IMO you shouldn't be running a mailserver because of lack of knowledge about the system. I can't help that, you can't help that, SourceFire can't help that. They can help themselves however by learning how to do things and that won't be helped by keeping a hand over their heads, preventing from 'bad things to happen'.. (IMO, running
an outdated virusscanner *is* a Bad Thing(tm).) Or, if people do *not* (want to) learn about their system, they should buy an appliance with support contract that takes care of this.

Disclaimer: by "you" and "your" I don't mean specifically *you*.

Everytime a posting pops up asking why their ClamAV doesn't work anymore, the thread gets hijacked by rants like these. This is not helping the OP want way OT. If you'd just stay in the already polluted threads and post your rants there, the list would be cleaner.

-- Rob

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Erwan David

2010-04-23 07:58:40 UTC

-------- Message original --------
Sujet: Re: [Clamav-users] No debian woody support anymore?
De : Rob Sterenborg <***@netsourcing.nl>
Pour : ClamAV users ML <clamav-***@lists.clamav.net>
Date : Fri Apr 23 2010 09:40:20 GMT+0200

Post by Rob Sterenborg

Post by Simon Hobson
OK, how's this then. 9.5.3 (IIRC) came out about the time the notice

ng an outdated virusscanner *is* a Bad Thing(tm).) Or, if people do *not* (want to) learn about their system, they should buy an appliance with support contract that takes care of this.

Post by Rob Sterenborg
Disclaimer: by "you" and "your" I don't mean specifically *you*.
Everytime a posting pops up asking why their ClamAV doesn't work anymore, the thread gets hijacked by rants like these. This is not helping the OP want way OT. If you'd just stay in the already polluted threads and post your rants there, the list would be cleaner.
-- Rob
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Message of freshclam did not specify that older versions would stop. It
was the same message as for minor upgrades. This did not give the
information that something different than usual was planned.
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Rob Sterenborg

2010-04-23 08:36:52 UTC

Post by Erwan David
Message of freshclam did not specify that older versions would stop.
It was the same message as for minor upgrades. This did not give the
information that something different than usual was planned.

It still means you should upgrade and the message was ignored long enough that ClamAV stopped working. The fact that there is no *immediate* need to upgrade when the message is first seen, does not mean you can wait that long.

The OP use(s|d) an EOL Debian and an EOL ClamAV. If the OP upgrades ClamAV to a more recent version then he's back in business, even with an EOL Debian. Simple as that.

-- Rob

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Simon Hobson

2010-04-23 18:42:40 UTC

Post by Rob Sterenborg

And ... it proves your argument that "there was a warning message so
it's entirely the users fault" is completely bogus. Guess what, with
a fully up to date installation, with ALL updates installed,
freshclam still reports THE SAME WARNING.

So does that mean we should expect our fully up to date installation
to "just stop working" ? And when, tomorrow, next week, next month,
... ? Do we have to start checking the ClamAv website to see if 9.5
is going to be EOL'd and remotely killed before 9.6 gets into Debian
? Note that just updating a fresh install isn't sufficient to give a
working system - a fresh Debian install, with all updates installed,
does not have a working ClamAV on it. Users need to add Volatile for
that to work.

Yes, it would be an idea to keep a bit more current, but that
**SHOULD** be the decision of whoever is responsible for the box
having balanced all the factors that affect his (or her) operations.
It may not be the case for this particular package, but there are
often other things that prevent upgrades - I've got several systems
running various old versions of various OS's for the simple reason
that I've got various items of hardware that have no support in
current versions.

I have a system still running DOS 3.something - it's part of a system
that no longer has any vendor support but which still does the job I
require it to do. I have a VM running Windows 98 because I have some
software I need to run on it. I have a pile of CD's here that are
unreadable in Vista or Win7 - so to access the manuals on them I must
run an outdated system. I have an old laptop with Mac OS 10.4 because
my scanner software won't run on 10.5 or 10.6 and the vendor has
dropped support. And I've got boxes here (still doing useful jobs)
for which 10.5 is not a supported OS.

And those are only the 'hard' limits - ie stuff that *cannot* be
upgraded. there are 'soft' reasons too - such as balancing the risk
of upgrading vs the risk of not upgrading. I have one system where I
know 100% that applying all updates *will* break it - so I have to
hold back certain packages until one or other of the imcompatible
bits gets fixed.

Applying the logic used with some venom here, every one of those
systems should have been upgraded and/or scrapped - never mind
whether they would still be capable of doing the job they are there
for.

Again, not aiming this at you specifically, but at all those who have
been advocating with religious zeal that there should be, and cannot
be, any other policy that "all updates applied all the time as soon
as they come out" - or something very close to that. And then I note
that one of those busy telling people they are complete idiots and
unfit to be running a toaster (OK, slight exaggeration for dramatic
effect) for running anything but the very latest versions ...

... earlier today admitted that he has a system to take through six -
yes SIX - OS upgrades to bring it up to date. I can only assume he
had his reasons, and that he balanced the risks (upgrade vs leave
alone), and most importantly that if left for as long as it has ...
he had some expectation that it wouldn't be artificially crippled by
some outside influence before he got around to upgrading it.

Jerry

2010-04-23 19:40:11 UTC

On Fri, 23 Apr 2010 19:42:40 +0100
Simon <***@thehobsons.co.uk> articulated:

{snip}

Post by Simon Hobson
Applying the logic used with some venom here, every one of those
systems should have been upgraded and/or scrapped - never mind
whether they would still be capable of doing the job they are there
for.

This whole discussion is like the thread from hell. I block one and
another pops up. I am just going to have to start kill filtering
individual posters in order to eradicate it.

In any case, you statement displays the fallacy in your actions.

<quote>
never mind whether they would still be capable of doing the job they
are there for.
</quote>

NEWS FLASH: THEY ARE NOT CAPABLE OF DOING THE JOB THEY ARE THERE FOR!
That should be self evident.

By the way, I still also have an old 8086 with DOS 3? (I don't remember
the version) that still works. I still use it on occasion to copy old
5.25 floppys to other media. Yes, some local government agencies have
valuable documents archived in that format. However, I would never
expect it run Win7, nor do I bitch to Microsoft about it either.

--
Jerry
***@seibercom.net

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the Reply-To header.
__________________________________________________________________

The state law of Pennsylvania prohibits singing in the bathtub.

Simon Hobson

2010-04-23 20:26:59 UTC

Post by Jerry
By the way, I still also have an old 8086 with DOS 3? (I don't remember
the version) that still works. I still use it on occasion to copy old
5.25 floppys to other media. Yes, some local government agencies have
valuable documents archived in that format. However, I would never
expect it run Win7, nor do I bitch to Microsoft about it either.

So, it still runs the software it used to run ? Yes
It's running software that is EOL ? Most definitely
And Microsoft have sent it a poison pill ? No they haven't

There's a difference between "not providing any more updates" and
killing something off.

Christopher X. Candreva

2010-04-23 20:39:43 UTC

Post by Simon Hobson
So, it still runs the software it used to run ? Yes
It's running software that is EOL ? Most definitely
And Microsoft have sent it a poison pill ? No they haven't

And is it hitting Microsoft's servers for full updates even when it should
only be downloading little pieces, or nothing at all ?

Post by Simon Hobson
There's a difference between "not providing any more updates" and killing
something off.

There's a big difference between "Using old software" and "Using old
software that is causing a problem for someone else".

==========================================================
Chris Candreva -- ***@westnet.com -- (914) 948-3162
WestNet Internet Services of Westchester
http://www.westnet.com/
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Chris Knight

2010-04-24 00:02:07 UTC

On Fri, Apr 23, 2010 at 1:39 PM, Christopher X. Candreva

Post by Simon Hobson
So, it still runs the software it used to run ? Yes
It's running software that is EOL ? Most definitely
And Microsoft have sent it a poison pill ? No they haven't

And is it hitting Microsoft's servers for full updates even when it should
only be downloading little pieces, or nothing at all ?

1) Release a new version that pulls updates from a new hostname.
2) Wait a couple of weeks, or even six months....
3) Shut down old servers, negating the problem stated above.
4) ***
5) Profit!
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Chris Meadors

2010-04-24 00:07:03 UTC

Post by Chris Knight
1) Release a new version that pulls updates from a new hostname.
2) Wait a couple of weeks, or even six months....
3) Shut down old servers,

4. Orphan *all* previous versions, including the still heavily used, and
valid, 0.95s which were released before the hostname change, not just
the buggy 0.94 and older.

--
Chris
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Chris Knight

2010-04-24 00:54:40 UTC

Post by Chris Meadors

Post by Chris Knight
1) Release a new version that pulls updates from a new hostname.
2) Wait a couple of weeks, or even six months....
3) Shut down old servers,

4. Orphan *all* previous versions, including the still heavily used, and
valid, 0.95s which were released before the hostname change, not just the
buggy 0.94 and older.

What? Somebody was running .95 and not the absolute latest? Why
would anyone do that? I am in absolute shock. Shock and horror and
sarcasm. Yes, lots of sarcasm.
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Simon Hobson

2010-04-24 08:19:34 UTC

Post by Chris Knight

Post by Chris Meadors

Post by Chris Knight
1) Release a new version that pulls updates from a new hostname.
2) Wait a couple of weeks, or even six months....
3) Shut down old servers,

4. Orphan *all* previous versions, including the still heavily used, and
valid, 0.95s which were released before the hostname change, not just the
buggy 0.94 and older.

What? Somebody was running .95 and not the absolute latest? Why
would anyone do that? I am in absolute shock. Shock and horror and
sarcasm. Yes, lots of sarcasm.

Forget it, it's been covered, and you'll never persuade this group of
people that a) there was any alternative, or b) that there was
anything ethically or legally wrong with the course of action they
did take. Also, when I suggested this, it was in some way interpreted
that I meant running two different upgrade servers/processes in
parallel.

There is one thing though, under step 3, it should have read "remove
old DNS entries"

As for orphaning 0.95 versions, lets take a look. According to an
earlier post, the bug report was filed in Feb last year. 0.95 was
released in march last year, and 0.95.2 in June last year.

Had they added another hostname to the DNS prior to the 0.95 release,
then not a single 0.95 release would have been affected. Had they
done it in June then only two versions, both more than 6 months old
would have been affected. It could have gone into 0.95.3 which was
released after the EOL announcement - and it would still have only
affected versions older than 6 months.
All this has been pointed out, and rubbished already.

Of course, they could have taken the precaution of adding new DNS
entries, and then not used them if they decided to take a different
course of action (such as issuing a poison pill ...

If anyone was running an old enough 0.95 version, then their software
wouldn't have died, they would have seen update errors in their logs,
and the fix would have been to change just one or two hostnames in
their freshclam.conf. As you point out, according to the ClamAV
supporters, they would have been idiots for using such old software,
and it would have been their fault - so why would the ClamAV team be
worried about that when they are happy to make other versions
actually stop running.*

The other 'reason' not to do that is an argument of "why should the
ClamAV team go to the effort and expense of changing the DNS ?", and
my suggestion that it would have cost next to nothing in both cash
and effort terms has been completely dismissed. The only argument put
forward being "you don't know what it costs to change a DNS entry" -
well actually I have a pretty good idea of the cost base for a number
of common scenarios.

* Oh yes, and some people are still clinging to an argument that the
ClamAV team did not stop any software from working. It's the sort of
argument that someone would use to claim he didn't poison his
neighbour's dog : he didn't give any poison to the dog, the dog took
it when he put it in a piece of meat and left it where the owner
takes the dog for a walk - so the dog took it, he didn't give it to
the dog. It's linguistic/logics gymnastics to try and get around the
fact that they misused the victims actions to cause harm rather than
going and directly causing that harm first hand - the motive and end
results were identical, only the means differs.
Actions designed to cause harm to a computer system, and a criminal
offence in the UK.

Chuck Swiger

2010-04-24 18:35:37 UTC

Hi, all--

Forget it, it's been covered, and you'll never persuade this group of people that a) there was any alternative,

You have plenty of alternatives. You can switch to using other AV software from Norton, McCafee, TrendMicro, Panda, Kaspersky, and others. You can switch to using AV/anti-spam hardware appliances from Barracuda, Ironport, Proofpoint, Roaring Penguin, and others.

You could also continue to use ClamAV, and provide your own signatures, or simply not run freshclam. You could continue to use older ClamAV, but disable the "I'm too old" check, and hope that the bugs which have been fixed since then aren't exploitable. (In point of fact, fixing the issues with ClamAV yourself is a lot more work than simply upgrading to a more recent version, but the source is available...)

or b) that there was anything ethically or legally wrong with the course of action they did take.

Correct: there is fundamental disagreement about this point, and it seems clear enough that neither side is going to persuade the other, so continuing to argue about it is a waste of time. Please do something more constructive than continue to argue so that this list can return to a normal signal-to-noise ratio.

Regards,

--
-Chuck

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Sarocet

2010-04-25 14:07:43 UTC

Post by Simon Hobson
If anyone was running an old enough 0.95 version, then their software
wouldn't have died, they would have seen update errors in their logs,
and the fix would have been to change just one or two hostnames in
their freshclam.conf.

The new hostname updates would still have needed the kill signature.
Otherwise, you have the same problem as before, but with a different
hostname.

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Simon Hobson

2010-04-25 14:28:22 UTC

Post by Sarocet
The new hostname updates would still have needed the kill signature.
Otherwise, you have the same problem as before, but with a different
hostname.

Someone wasn't reading. The scheme was to remove the original
hostname BEFORE using any updates that would kill the software. At
that point, older versions would just stop updating and wouldn't
break.

Now it's been pointed out that there are a sizeable number of third
parties providing mirrors, I now agree that this would not have been
reasonably practical. It may have still worked with different
filenames, with the added bonus of being able to examine logs and
work out the scale of the problem - ie how many installations were
still accessing the old names vs the new names.

Stephen Gran

2010-04-24 13:36:55 UTC

Post by Chris Knight
On Fri, Apr 23, 2010 at 1:39 PM, Christopher X. Candreva

Post by Simon Hobson
So, it still runs the software it used to run ? Yes
It's running software that is EOL ? Most definitely
And Microsoft have sent it a poison pill ? No they haven't

And is it hitting Microsoft's servers for full updates even when it should
only be downloading little pieces, or nothing at all ?

1) Release a new version that pulls updates from a new hostname.

You mean, deploy a parallel infrastructure of vhosting, monitoring,
pushing updates, etc? When most of the mirrors are on third party
servers not under the control of the clamav team? Do you really think
that's trivial, or were you just making up a solution without knowing
anything about the problem?

Cheers,

Jim Preston

2010-04-24 13:46:38 UTC

Post by Stephen Gran
You mean, deploy a parallel infrastructure of vhosting, monitoring,
pushing updates, etc? When most of the mirrors are on third party
servers not under the control of the clamav team? Do you really think
that's trivial, or were you just making up a solution without knowing
anything about the problem?
Cheers,

No, he is just insistent that he is right and everyone else is wrong.....

Jim
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

lists

2010-04-24 13:57:14 UTC

No, he is just insistent that he is right and everyone else is wrong.....
Jim
_______________________________________________

As opposed to you?

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Jim Preston

2010-04-24 14:17:02 UTC

No, he is just insistent that he is right and everyone else is wrong.....
Jim
_______________________________________________

As opposed to you?

But I am the most arogant and ignorant person on the Internet, so how
could my belief be anything else? :)

Jim
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

lists

2010-04-24 15:13:47 UTC

No, he is just insistent that he is right and everyone else is wrong.....
Jim
_______________________________________________

As opposed to you?

But I am the most arogant and ignorant person on the Internet, so how
could my belief be anything else? :)
Jim
_______________________________________________

I'm afraid to say you are considerably less significant than that, but
keep the faith.

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Jim Preston

2010-04-24 17:57:52 UTC

Post by Stephen Gran
You mean, deploy a parallel infrastructure of vhosting,
monitoring,
pushing updates, etc? When most of the mirrors are on third party
servers not under the control of the clamav team? Do you really think
that's trivial, or were you just making up a solution without knowing
anything about the problem?
Cheers,

No, he is just insistent that he is right and everyone else is wrong.....
Jim
_______________________________________________

As opposed to you?

But I am the most arogant and ignorant person on the Internet, so how
could my belief be anything else? :)
Jim
_______________________________________________

I'm afraid to say you are considerably less significant than that, but
keep the faith.

Of course I am, hence why I can laugh at myself before others ;)

Jim

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

lists

2010-04-24 18:22:56 UTC

Post by Stephen Gran
You mean, deploy a parallel infrastructure of vhosting,
monitoring,
pushing updates, etc? When most of the mirrors are on third party
servers not under the control of the clamav team? Do you really think
that's trivial, or were you just making up a solution without knowing
anything about the problem?
Cheers,

No, he is just insistent that he is right and everyone else is wrong.....
Jim
_______________________________________________

As opposed to you?

But I am the most arogant and ignorant person on the Internet, so how
could my belief be anything else? :)
Jim
_______________________________________________

I'm afraid to say you are considerably less significant than that, but
keep the faith.

Of course I am, hence why I can laugh at myself before others ;)
Jim

If that were really true you would not feel the need to keep seeking
attention for your views, but please, carry on for last word your posts
are really {yawn} gripping.....

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Jim Preston

2010-04-24 19:31:35 UTC

Post by Jim Preston
Of course I am, hence why I can laugh at myself before others ;)
Jim

If that were really true you would not feel the need to keep seeking
attention for your views, but please, carry on for last word your posts
are really {yawn} gripping.....

Why thank you for feeding my ego, I think I will.......

Jim
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Chris Knight

2010-04-24 15:56:10 UTC

Post by Chris Knight
On Fri, Apr 23, 2010 at 1:39 PM, Christopher X. Candreva

Post by Simon Hobson
So, it still runs the software it used to run ? Yes
It's running software that is EOL ? Most definitely
And Microsoft have sent it a poison pill ? No they haven't

And is it hitting Microsoft's servers for full updates even when it should
only be downloading little pieces, or nothing at all ?

1) Release a new version that pulls updates from a new hostname.

I wasn't going to reply any more in this thread, but since you don't
seem to know anything about server hosting, and I don't seem to know
anything about 'the problem', then we might as well clash some more.

You don't have to build a parallel infrastructure. You use the same
infrastructure. You add (|a) new DNS entr(y|ies) that point(|s) to
the same server infrastructure. You reference the new DNS entr(y|ies)
in the new client builds. Then, on a specific day, you remove the old
entries. Presto, all the old client traffic goes away. It's not
rocket science.

And for the nit-pickers who are pointing out that my 'steps' could be
perfected, I suggest you google "Underwear Gnomes", because the list
of steps was intended to be a parody of a rather classic South Park
episode.

-Chris
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Stephen Gran

2010-04-24 16:27:27 UTC

Post by Chris Knight

Post by Chris Knight
On Fri, Apr 23, 2010 at 1:39 PM, Christopher X. Candreva

Post by Simon Hobson
So, it still runs the software it used to run ? Yes
It's running software that is EOL ? Most definitely
And Microsoft have sent it a poison pill ? No they haven't

And is it hitting Microsoft's servers for full updates even when it should
only be downloading little pieces, or nothing at all ?

1) Release a new version that pulls updates from a new hostname.

Sigh. I guess you didn't bother to read the part about "third party
servers not under the control of the clamav team". This means updating
the actual edge servers is not trivial. The 'parallel infrastructure'
wasn't referring to deploying new hardware, it was referring to getting
all the same monitoring, syncing, deploying, serving, etc working with the
new name. This is fine, although slightly non-trivial given the number
of machines, even when you are the sole admins. When you're relying on
third parties donating bandwidth and space on 100s of shared servers,
it's less approachable.

But anyway, I think this is end of thread for me. If you really think
that the clamav team's time is best spent chasing up hundreds of local
admins to make changes to their rsync/webserver/etc vhost configs,
then deploying and testing all the changes necessary to make this work,
instead of working on clamav just to save a few admins a small amount
of work that they should have been doing anyway, you're welcome to your
opinion, and I won't bother you with mine any more. I just disagree.

Cheers,

--
--------------------------------------------------------------------------
| Stephen Gran | Q: How do you keep a moron in suspense? |
| ***@lobefin.net | |
| http://www.lobefin.net/~steve | |
--------------------------------------------------------------------------
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Simon Hobson

2010-04-24 17:12:00 UTC

Post by Stephen Gran
Sigh. I guess you didn't bother to read the part about "third party
servers not under the control of the clamav team". This means updating
the actual edge servers is not trivial. The 'parallel infrastructure'
wasn't referring to deploying new hardware, it was referring to getting
all the same monitoring, syncing, deploying, serving, etc working with the
new name. This is fine, although slightly non-trivial given the number
of machines, even when you are the sole admins. When you're relying on
third parties donating bandwidth and space on 100s of shared servers,
it's less approachable.
But anyway, I think this is end of thread for me. If you really think
that the clamav team's time is best spent chasing up hundreds of local
admins to make changes to their rsync/webserver/etc vhost configs,
then deploying and testing all the changes necessary to make this work,
instead of working on clamav just to save a few admins a small amount
of work that they should have been doing anyway, you're welcome to your
opinion, and I won't bother you with mine any more. I just disagree.

Actually, I will thank you for actually putting forward a reasoned
argument rather than just "can't be done". Now the external factors
have been pointed out, that is "somewhat harder" than it first
appears. See, contrary to what some people may be thinking, I can be
persuaded by **reasoned** debate.

Simon Hobson

2010-04-24 16:32:03 UTC

Post by Chris Knight
1) Release a new version that pulls updates from a new hostname.

There is no parallel infrastructure - though I accept the point about
mirrors not being under the ClamAv teams control. Presumably they
aren't going to claim they have no knowledge of who runs mirrors ?

How about this for yet another option that could have been done at
the 0.95 release :
Just check for slightly different file names on the same servers.

Before you shout me down about maintaining two sets of sigs etc, I do
not mean that - you just hard link another file name to the original.
IFF (and yes, I don't know how the mirrors are updating) the mirrors
use something like rsync which will deal with hardlinked files, then
there's no extra bandwidth for updating the mirrors.

When you're ready to cut 0.94 and earlier loose, just stop providing
the files it looks for.

Dennis Peterson

2010-04-24 17:09:28 UTC

Post by Chris Knight
On Fri, Apr 23, 2010 at 1:39 PM, Christopher X. Candreva

Post by Simon Hobson
So, it still runs the software it used to run ? Yes
It's running software that is EOL ? Most definitely
And Microsoft have sent it a poison pill ? No they haven't

And is it hitting Microsoft's servers for full updates even when it should
only be downloading little pieces, or nothing at all ?

1) Release a new version that pulls updates from a new hostname.

Is anyone missing the irony of someone who is capable of having all these
problems advising the experts on how to do it right?

dp
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Robert Wyatt

2010-04-23 21:05:52 UTC

So, it still runs the software it used to run ? Yes
It's running software that is EOL ? Most definitely
And Microsoft have sent it a poison pill ? No they haven't
There's a difference between "not providing any more updates" and
killing something off.

I'm a little confused by this (still), is it not true that simply
turning off freshclam will allow clamav to continue working indefinitely
on the existing signature set?
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Daniel McDonald

2010-04-23 22:17:17 UTC

Post by Robert Wyatt

So, it still runs the software it used to run ? Yes
It's running software that is EOL ? Most definitely
And Microsoft have sent it a poison pill ? No they haven't
There's a difference between "not providing any more updates" and
killing something off.

I'm a little confused by this (still), is it not true that simply
turning off freshclam will allow clamav to continue working indefinitely
on the existing signature set?

No, you need to turn off freshclam *and* delete one signature, or grab an
older copy of the signature file.

--
Daniel J McDonald, CCIE # 2495, CISSP # 78281

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Simon Hobson

2010-04-24 08:27:38 UTC

Post by Daniel McDonald

Post by Robert Wyatt
I'm a little confused by this (still), is it not true that simply
turning off freshclam will allow clamav to continue working indefinitely
on the existing signature set?

No, you need to turn off freshclam *and* delete one signature, or grab an
older copy of the signature file.

You missed a few steps :
- Find out what has happened to your software that was working fine yesterday.
- Work out what to do RIGHT NOW because your phone is ringing with
people asking where their mail is*
- Put in place a quick workaround (disable scanning) to allow the
mail queues to get flowing
- Work out what options are available for dealing with it medium term
- Work out where the dig files are stored
- and then disable freshclam and put yesterdays sig files back
- work out what to to get onto newer version

* Yes, we've already heard the arguments that mail shouldn't stop
when ClamAV does - even though that is logically inconsistent with
the argument that old versions couldn't be allowed to continue
without updates.

Robert Wyatt

2010-04-24 13:53:15 UTC

Post by Daniel McDonald

Post by Robert Wyatt
I'm a little confused by this (still), is it not true that simply
turning off freshclam will allow clamav to continue working indefinitely
on the existing signature set?

No, you need to turn off freshclam *and* delete one signature, or grab an
older copy of the signature file.

- Find out what has happened to your software that was working fine yesterday.
- Work out what to do RIGHT NOW because your phone is ringing with
people asking where their mail is*
- Put in place a quick workaround (disable scanning) to allow the mail
queues to get flowing
- Work out what options are available for dealing with it medium term
- Work out where the dig files are stored
- and then disable freshclam and put yesterdays sig files back
- work out what to to get onto newer version
* Yes, we've already heard the arguments that mail shouldn't stop when
ClamAV does - even though that is logically inconsistent with the
argument that old versions couldn't be allowed to continue without updates.

I was talking about turning off freshclam anytime in the last two years,
not the day after your system broke. Again, you're behaving as though
you had no way of knowing when that is not true.
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Simon Hobson

2010-04-24 16:35:09 UTC

Post by Robert Wyatt

Post by Simon Hobson
- Find out what has happened to your software that was working fine yesterday.
- Work out what to do RIGHT NOW because your phone is ringing with
people asking where their mail is*
- Put in place a quick workaround (disable scanning) to allow the mail
queues to get flowing
- Work out what options are available for dealing with it medium term
- Work out where the dig files are stored
- and then disable freshclam and put yesterdays sig files back
- work out what to to get onto newer version
* Yes, we've already heard the arguments that mail shouldn't stop when
ClamAV does - even though that is logically inconsistent with the
argument that old versions couldn't be allowed to continue without updates.

I was talking about turning off freshclam anytime in the last two
years, not the day after your system broke. Again, you're behaving
as though you had no way of knowing when that is not true.

That assumes one knows in advance that one has to do that - which
we've already determined was not the case for quite a few people.
Most people could have upgraded if they knew in advance it was going
to be forced - but other than that, why would someone turn off
updates that are working ?

Jim Preston

2010-04-23 19:57:28 UTC

Post by Rob Sterenborg

Post by Erwan David
Message of freshclam did not specify that older versions would

stop.

Post by Erwan David
It was the same message as for minor upgrades. This did not give the
information that something different than usual was planned.

And ... it proves your argument that "there was a warning message so
it's entirely the users fault" is completely bogus. Guess what, with
a fully up to date installation, with ALL updates installed,
freshclam still reports THE SAME WARNING.
So does that mean we should expect our fully up to date installation
to "just stop working" ? And when, tomorrow, next week, next
month, ... ? Do we have to start checking the ClamAv website to see
if 9.5 is going to be EOL'd and remotely killed before 9.6 gets into
Debian ? Note that just updating a fresh install isn't sufficient to
give a working system - a fresh Debian install, with all updates
installed, does not have a working ClamAV on it. Users need to add
Volatile for that to work.
Yes, it would be an idea to keep a bit more current, but that
**SHOULD** be the decision of whoever is responsible for the box
having balanced all the factors that affect his (or her) operations.
It may not be the case for this particular package, but there are
often other things that prevent upgrades - I've got several systems
running various old versions of various OS's for the simple reason
that I've got various items of hardware that have no support in
current versions.
I have a system still running DOS 3.something - it's part of a
system that no longer has any vendor support but which still does
the job I require it to do. I have a VM running Windows 98 because I
have some software I need to run on it. I have a pile of CD's here
that are unreadable in Vista or Win7 - so to access the manuals on
them I must run an outdated system. I have an old laptop with Mac OS
10.4 because my scanner software won't run on 10.5 or 10.6 and the
vendor has dropped support. And I've got boxes here (still doing
useful jobs) for which 10.5 is not a supported OS.
And those are only the 'hard' limits - ie stuff that *cannot* be
upgraded. there are 'soft' reasons too - such as balancing the risk
of upgrading vs the risk of not upgrading. I have one system where I
know 100% that applying all updates *will* break it - so I have to
hold back certain packages until one or other of the imcompatible
bits gets fixed.
Applying the logic used with some venom here, every one of those
systems should have been upgraded and/or scrapped - never mind
whether they would still be capable of doing the job they are there
for.
Again, not aiming this at you specifically, but at all those who
have been advocating with religious zeal that there should be, and
cannot be, any other policy that "all updates applied all the time
as soon as they come out" - or something very close to that. And
then I note that one of those busy telling people they are complete
idiots and unfit to be running a toaster (OK, slight exaggeration
for dramatic effect) for running anything but the very latest
versions ...
... earlier today admitted that he has a system to take through six
- yes SIX - OS upgrades to bring it up to date. I can only assume he
had his reasons, and that he balanced the risks (upgrade vs leave
alone), and most importantly that if left for as long as it has ...
he had some expectation that it wouldn't be artificially crippled by
some outside influence before he got around to upgrading it.
--
Simon Hobson

And just when I thought the backhoe had put this poor equine to
rest.....

Jim
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Dennis Peterson

2010-04-21 18:44:50 UTC

Post by Stephen Gran
Faced with an old release of software that will die if the team uses
new functionality due to a known bug, and people who will not upgrade
to the version that fixes this bug, and a reasonably urgent need to use
the new functionality, what exactly would you have done differently?
Would you have ignored the issue and just starting using the new
functionality, leading to people running older releases getting clamd
crashes with incomprehensible error messages? Would you have contacted
everyone personally to ask their permission?

I think the people who got caught with old software have to accept 100% of the
blame if they, their systems, and processes are not resilient enough to cope
with change. It seems obvious in reading the warning and the bug report that was
filed in Feb of 2009 that large signatures, which are now necessary, would break
older versions. Even if a killer sig were not sent out, subsequent sigs would
have resulted in the same thing - clamd would die.

But let's consider that perhaps there was a way to craft the signature servers
in such a way that older freshclam versions would be prohibited from downloading
new signatures, thus allowing clamd to run forever with the last valid
signatures still in place. All well and good, no failures, but now clamd is
falling behind. Now who is to blame for that? And what happens to all the people
who prefer or need to use http rather than Freshclam to dl signatures? They
don't benefit from this graceful change-over and their systems die. Who's to
blame for that?

Part II - what happens with third-party signature providers? Their products are
not downloaded with Freshclam and they have no direct connection to the clamAV
users, and no way to notify anyone. One day they create some great new
signatures that do a great job for everyone who has been keeping systems
current, but older systems die as soon as the signatures are moved to the
working directory. Who to blame? If I were Steve Basford reading this thread I'd
zero-byte all signature files and shut off the process and reclaim my life.
There's no way I'm going to take the hit for incompetence in the user community.

Part III - Not everyone who uses ClamAV is a ClamAV customer. Many people cannot
build the software from source because they lack the skill, time, interest,
tools (pick one) and so depend on builders to roll out RPMs with the most recent
version. What happens when a packager decides to stop supporting a particular
version of say Debian that has been EOL for half a decade. No upgrade is
available and those systems die. What happens if the builder simply doesn't have
time to create packages for every supported version of the OS? Who to blame?
What about all those people who bought mail appliances, hardware or software, no
matter, and who have no idea what is running in the system? Who do they blame
when the appliance dies because of signature format?

Who to blame? This is really easy. You blame who ever has root access on the
failed system and who uniquely owns the responsibility to keep it current.

dp
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Jim Preston

2010-04-21 21:21:29 UTC

By that reasoning, had you only turned off freshclam after you had a
working installation you would happily still be running your <0.95
ClamAV installation.

Post by Simon Hobson
The ClamAV team released the project under an open licence which
allows anyone to use it in any way they wish. They then later take
it upon themselves to impose by force* a 'solution'. If they'd
stopped providing sig updates then I'd not be complaining, but that
isn't what they did.

No they took it upon themselves to not reinvent a whole new update
scheme so the you could continue to run your antiquated installation.

Post by Simon Hobson
I believe my comments neatly summed up the attitudes of a group of
people - my opinion.
* I know, they aregue that they did no such thing, and that they
were 'invited' by the act of me running freshclam. That's the sort
of thing a criminal uses to justify their actions - you know, "yes I
did steal their telly, but they should have upgraded their locks
like I pretended I'd told them to and then I wouldn't have done it".
--
Simon Hobson

Jim
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Jim Preston

2010-04-21 21:05:56 UTC

Post by H***@dip-systems.de
After the last signature update, clam av stopped working on our woody
installation.
Is there no more support for this Debian Release?

No, according to certain people on this list, you are a cretin, and
incompetent to even handle the off switch of a computer. If you
check the list archives - particular for threads "(no subject)" and
"Those EOL tweets" you'll see that you are far from alone.
There seen to be three groups - those who think it was handled
really badly and were affected, a small group who think it was
handled badly but weren't affected, and a group that thinks there is
nothing wrong and it's all the end users fault - and especially that
the ClamAV team did nothing wrong, deliberately interfering with
other peoples servers is both morally and legally acceptable as long
as they pretended to tell you first, and there was no other possible
way they could have acted.
Even now when their stance has been shown to be full of logical
holes, they still persist that anyone disagreeing with their "we did
nothing wrong" stance are a bunch of whining losers.
That's how it comes across to me anyway.
--
Simon Hobson

And I am certainly in the latter group......

Jim

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Nathan Gibbs

2010-04-27 13:58:55 UTC

Post by H***@dip-systems.de
After the last signature update, clam av stopped working on our woody
installation.
Is there no more support for this Debian Release?

Not by that but 0.96 will slag a machine with 128 MB.
I hope the ClamAV Team doesn't decide to kill 0.95 in the same fashion.

Post by Simon Hobson
a small group who think it was handled badly
but weren't affected,

Here, although if 0.95 dies similarly, I guess I'll be a cretin and worse,
according to some people, just because some of our hardware can't run 0.96.

Post by Simon Hobson
and a group that thinks there is nothing wrong and
it's all the end users fault - and especially that the ClamAV team did
nothing wrong,

When they write an AV engine they do a lot right.
When they deal with the user base, they do a lot wrong.

Post by Simon Hobson
deliberately interfering with other peoples servers is
both morally and legally acceptable as long as they pretended to tell
you first, and there was no other possible way they could have acted.

Put any sigs that would crash 0.94 into a different cvd.
Maybe bytecode.cvd or something else.
Old installs don't even know to look for it or third party sigs.

WOW, What a concept.
Same results less breakage.

Post by Simon Hobson
Even now when their stance has been shown to be full of logical holes,
they still persist that anyone disagreeing with their "we did nothing
wrong" stance are a bunch of whining losers.
That's how it comes across to me anyway.

Unfortunately.

If an old Clamav was installed on a system that did a vital task, but could
basically be a "set it and forget it" system, the setup got shafted by the
ClamAV team.

No other way to call it.

--
Sincerely,

Nathan Gibbs

Systems Administrator
Christ Media
http://www.cmpublishers.com

Jim Preston

2010-04-27 14:18:06 UTC

Post by Nathan Gibbs
Unfortunately.
If an old Clamav was installed on a system that did a vital task, but could
basically be a "set it and forget it" system, the setup got shafted by the
ClamAV team.
No other way to call it.

To me this is an oxymoron "vital task" + "set and forget" Set and forget
solutions are for NON-VITAL tasks by the very statement of 'forget'.

No, if someone chooses not to stay abreast of the current state of
projects then it is up to THEM to ensure changes to the project do not
cause them undue hardship. It is NOT the projects responsibility to
protect users from themselves. The projects responsibility is to enhance
the projects in ways THEY see fit.

If you want a set and forget solution DO NOT RELY on hardware solutions
get a SAS solution and then you can shift the responsibility to the SAS
provider when things go wrong.

Jim

PS: Thanks for not letting this thread RIP
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Nathan Gibbs

2010-04-27 20:12:28 UTC

Post by Jim Preston
To me this is an oxymoron "vital task" + "set and forget" Set and forget
solutions are for NON-VITAL tasks by the very statement of 'forget'.

Your opinion, which you are entitled to.
I'll agree to disagree with you.
:-)

Post by Jim Preston
it is up to THEM to ensure changes to the project do not
cause them undue hardship.

Agreed.
Currently the project is experiencing some growing pains. However I think
everyone will get through OK.

Post by Jim Preston
It is NOT the projects responsibility to
protect users from themselves.

A fair percentage of the reason for AV existence is precisely to protect users
from themselves. Even smart users occasionally do dumb things.
:-)

Post by Jim Preston
The projects responsibility is to enhance the projects in ways THEY see fit.

And they do a great job there.
Relations with the user base is where it gets a bit rough.

Post by Jim Preston
PS: Thanks for not letting this thread RIP

No rest for the wicked, or sysadmins either.
:-)

I understand what the ClamAV Team did & why.
I agree with the what and why, but never with the how..

If they didn't release a kill sig, when they released a 980 byte sig, the old
installs would quit getting incremental updates. Then they'd pull full updates
and knock the entire ClamAV update infrastructure over.

Here is what I absolutely do not like about this or agree with.

The very possibility of there being a kill sig. One specially crafted sig
could kill the virus protection on every server & workstation in our company.

Allowing the ClamAV Team to remotely nuke a level of our defenses is not
acceptable. ( ClamAV Team, correct me if I've got this wrong. )

Obviously, we are betting the farm on solutions provided by these guys.
However, the level of the farm's protection is my responsibility not theirs.
With the public demo of a kill sig capability, I learn that they CAN & WILL
mess with something that is my responsibility.

Tactically my "kingdom" could be invaded by the ClamAV Team at any time, &
they have already invaded others.

That is a concept that I will never agree with.

--
Sincerely,

Nathan Gibbs

Systems Administrator
Christ Media
http://www.cmpublishers.com

Sarocet

2010-04-27 22:23:29 UTC

Post by Nathan Gibbs
Here is what I absolutely do not like about this or agree with.
The very possibility of there being a kill sig. One specially crafted sig
could kill the virus protection on every server & workstation in our company.
Allowing the ClamAV Team to remotely nuke a level of our defenses is not
acceptable. ( ClamAV Team, correct me if I've got this wrong. )
Obviously, we are betting the farm on solutions provided by these guys.
However, the level of the farm's protection is my responsibility not theirs.
With the public demo of a kill sig capability, I learn that they CAN & WILL
mess with something that is my responsibility.
Tactically my "kingdom" could be invaded by the ClamAV Team at any time, &
they have already invaded others.
That is a concept that I will never agree with.

The ClamAV team didn't design the AV to stop on getting a special signature.
That signature could exist due to a bug that you decided not to fix (by not
updating/patching).
It was a clever use of a bug to disable the daemon.

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Jim Preston

2010-04-28 00:03:43 UTC

Post by Sarocet

No, it is not a bug, it is by design, not to "shutdown" mail but to
prevent clamd from loading malformed databases. The definition of
malformed is one that does not conform to the particular version of
ClamAV installed.
You are right that the ClamAV team exploited this feature to notify
users that the format of the database was changing and giving a
descriptive message as to why the database failed to load.

Jim

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Nathan Gibbs

2010-04-28 02:02:46 UTC

Post by Sarocet
The ClamAV team didn't design the AV to stop on getting a special signature.
That signature could exist due to a bug that you decided not to fix (by not
updating/patching).
It was a clever use of a bug to disable the daemon.

No, it is not a bug, it is by design, not to "shutdown" mail but to
prevent clamd from loading malformed databases.

Input validation, nothing wrong with that concept.
Maybe I missed that with all the fur flying around in here lately.

Link or thread / poster with more data would be appreciated.
:-)

If you got to have a "flag day", you got to, nobody likes it, but its better
afterwards.

On the other hand,

If the ClamAV Team is going to use a kill sig feature to shove users up the
upgrade path as a standard practice, thats just not right.
{ Again, ClamAV Team, correct me if I have that wrong. )

When a user come here and says
My ancient clamd just fell over, whats up with that?
We have two choices.
1. Your need to upgrade.
2. FLAME them hairless, insult them, etc.

Which is the better choice?

This thread is a perfect example, and Steve Basford made the right choice.

--
Sincerely,

Nathan Gibbs

Systems Administrator
Christ Media
http://www.cmpublishers.com

Mark

2010-05-03 07:09:40 UTC

Post by Sarocet
The ClamAV team didn't design the AV to stop on getting a special
signature. That signature could exist due to a bug that you decided
not to fix (by not updating/patching). It was a clever use of a bug
to disable the daemon.

You are right that the ClamAV team exploited this feature to notify
users that the format of the database was changing and giving a
descriptive message as to why the database failed to load.

What they did was a bad call. They wilfully let freshclam download an
update which they knew would crash the clamd service. It's a common trap
to fall into. Devs, on their own list, always rise to near God-status:
after all, they know everything about the program the best, and you, the
user, are always 100% dependent on them. So, the step from "We know the
program best." to just "We know best (for you)." is very small.

At some point the clamav devs decided that they should force to make
responsible admins out of all of us. It didn't suffice any more to just
tell us, they felt the need to simply enforce it. In an act of gross
self-aggrandisement they sabotaged many systems out there. Yes, those
affected should have upgraded their system earlier. And they also should
be on a diet, and not smoke, and exercise more. But, you know what? None
of that was any of your business! Still isn't. Is it unwise to run a
two-year-old anti-virus product? Probably. Is it any of your business? No.
The sensible thing would have simply been for freshclam to stop pulling in
new updates from set date, and log a warning each day or some such.

Yet wilfully sabotaging services on another person's system was
incredible arrogant and stupid; and in some countries probably illegal,
too.

- Mark

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Dennis Peterson

2010-05-03 07:40:27 UTC

Post by Mark

Post by Sarocet
The ClamAV team didn't design the AV to stop on getting a special
signature. That signature could exist due to a bug that you decided
not to fix (by not updating/patching). It was a clever use of a bug
to disable the daemon.

You are right that the ClamAV team exploited this feature to notify
users that the format of the database was changing and giving a
descriptive message as to why the database failed to load.

What they did was a bad call. They wilfully let freshclam download an
update which they knew would crash the clamd service.

This was going to happen anyway when the signatures grew to take advantage of
the new format. Older versions of clamd were going to die sooner or later. It
was inevitable this would happen. That is why they warned users for so long that
they needed to take action to prevent this.

Nobody who is a competent messaging professional suffered a failure. With so
many months to prepare, how could one fail? That says a lot about competence. It
also says if you suffered a failure you're a complete moron, but that's just my
view of it. Some might not think you're a moron if you suffered a failure. Maybe.

dp
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Simon Hobson

2010-05-03 08:57:04 UTC

Post by Dennis Peterson

Post by Mark
What they did was a bad call. They wilfully let freshclam download an
update which they knew would crash the clamd service.

This was going to happen anyway when the signatures grew to take
advantage of the new format. Older versions of clamd were going to
die sooner or later. It was inevitable this would happen.

The rest only makes sense IF that statement is true. It's already
been pointed out that it was not inevitable, and had the team cared
then there were ways of not making old versions die.
More than one technique has been mentioned, and at least one of them
would have been viable.

The rest of your response rather reinforces Marks point.

Jim Preston

2010-05-03 13:03:25 UTC

Post by Dennis Peterson

Post by Mark
What they did was a bad call. They wilfully let freshclam download an
update which they knew would crash the clamd service.

This was going to happen anyway when the signatures grew to take
advantage of the new format. Older versions of clamd were going to
die sooner or later. It was inevitable this would happen.

The rest only makes sense IF that statement is true. It's already been
pointed out that it was not inevitable, and had the team cared then
there were ways of not making old versions die.
More than one technique has been mentioned, and at least one of them
would have been viable.
The rest of your response rather reinforces Marks point.

Simon, Mark,
Are you ever going to get over it and move on? If you are unhappy with
ClamAVs decision take your bat and ball and go to some other ball park.

Jim
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Bill Maidment

2010-05-03 13:10:51 UTC

Post by Jim Preston
Simon, Mark,
Are you ever going to get over it and move on? If you are unhappy with
ClamAVs decision take your bat and ball and go to some other ball park.

Here. Here!
Enough is enough!
There are more important things to consider.
Do I take tea, or coffee?
One lump, or two?

Have a nice day.

Bill Maidment
Consultant to Elgas Ltd
"It's important to keep your rough edges" - Neil Hannon
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Simon Hobson

2010-05-03 15:25:03 UTC

Post by Simon Hobson
The rest only makes sense IF that statement is true. It's already
been pointed out that it was not inevitable, and had the team cared
then there were ways of not making old versions die.
More than one technique has been mentioned, and at least one of
them would have been viable.
The rest of your response rather reinforces Marks point.

Simon, Mark,
Are you ever going to get over it and move on? If you are unhappy
with ClamAVs decision take your bat and ball and go to some other
ball park.

I am over it, and I have moved on. However, as long as people keep
making untrue statements ...

"It was the only way"
and
"it was inevitable"
and
"ClamAV **was** going to break sooner or later"

are all untrue statements.

On the other hand
"It was the only way **that the ClamAv team were prepared to act**"
and
"it was inevitable **given the choices made**"
and
"ClamAV **was** going to break sooner or later **given the decision
to make it do so**"

are all true statements.

aCaB

2010-04-21 16:26:05 UTC

Post by H***@dip-systems.de
Is there no more support for this Debian Release?

Debian Woody became old-stable in Jun 2005 and support was discontinued
since June 2006.

Your version of ClamAV is also obsolete.

--aCaB
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Simon Hobson

2010-04-21 19:06:55 UTC

Post by H***@dip-systems.de

Post by H***@dip-systems.de
After the last signature update, clam av stopped working on our woody
installation.
Is there no more support for this Debian Release?

But Gianluigi Tiesi did post this a few days ago - dunno if it will
work for Woody though.

Temporary fix for debian sarge, I suggest anyway to upgrade your
http://falco.netfarm.it/clamav/clamav-sarge/
then
/etc/init.d/clamav-daemon stop
/etc/init.d/clamav-freshclam stop
apt-get remove libclamav3
rm -fr /var/lib/clamav/*
rm -f /var/log/clamav/*
dpkg -i *.deb
(you can skip docs and testfiles)
apt-get -f install
if some deps is broken

ah forgot, then
dpkg --purge libclamav3

Matus UHLAR - fantomas

2010-04-23 13:52:54 UTC

Post by H***@dip-systems.de
After the last signature update, clam av stopped working on our woody
installation.

woody??? another two newer debian releases (sarge and etch) are EOL now.

Post by H***@dip-systems.de
Is there no more support for this Debian Release?

You could compile clamav by yourself, but better upgrade the distro (or
reinstall, upgrading across releases isn't supported and upgrading 3 times
wouldn't be much better)

--
Matus UHLAR - fantomas, ***@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
"To Boot or not to Boot, that's the question." [WD1270 Caviar]
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Jim Preston

2010-04-23 15:39:29 UTC

Post by Matus UHLAR - fantomas

Post by H***@dip-systems.de
After the last signature update, clam av stopped working on our woody
installation.

woody??? another two newer debian releases (sarge and etch) are EOL now.

Post by H***@dip-systems.de
Is there no more support for this Debian Release?

You could compile clamav by yourself, but better upgrade the distro (or
reinstall, upgrading across releases isn't supported and upgrading 3 times
wouldn't be much better)

Off topic, but yeah, I am going through an exercise of upgrading an
old OS through 6 releases. Very challenging...

On topic, but for every application there is no update or I want new
features, I compile myself.... especially ClamAV

Jim
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Gianluigi Tiesi

2010-04-28 05:22:56 UTC