Discussion:
Cherishing my ignorance - An appeal to package rs
Bowie Bailey
2006-11-07 21:15:49 UTC
Permalink
James,
Of all the packages I install (Fedora), clamav is the only modern
package that fails to install and just work.
<<-- snip -->>
Jim
You are ranting to the wrong group of people. ClamAV has nothing to
do with RPM packages or maintaining Fedora releases of the extra
packages they have.
If you want to stay more up to date on these, you should consider
maybe ATRPMs or DAG for a repository for ClamAV.
Or take the route many here will offer of compiling from SOURCE.
If you assume that people want to go back to the "good old days" of
compiling from source and dealing with the hassle of dependencies,
manually updating with every release, etc. etc. then I think your
mistaken - I can say for sure that I don't. Similarly for downloading
only the "official" tar or whatever and starting configuration from
there.
Hassle?

My not-so-automated update process looks like this:

wget (link to current clamav-XXX.tar.gz)
tar xzf clamav-XXX.tar.gz
cd clamav-XXX
configure --disable-zlib-vcheck
make
su
make install
service clamav restart
service freshclam restart

I've never had any problems with this. ClamAV is very stable and
doesn't rely on much of anything else.

For the initial install, I think I had to manually create the 'clamav'
user before I built it, and after the install, I had to drop the init
files into place so that it would start on bootup.
--
Bowie
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
Dennis Peterson
2006-11-07 21:25:50 UTC
Permalink
Post by Bowie Bailey
wget (link to current clamav-XXX.tar.gz)
tar xzf clamav-XXX.tar.gz
cd clamav-XXX
configure --disable-zlib-vcheck
make
su
make install
service clamav restart
service freshclam restart
You would be wise to uninstall the previous installation so that you don't
end up with split versions. The man pages have not always been consistent
nor have library names, and uninstall (make uninstall) helps prevent this.

dp
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
Craig Morrison
2006-11-07 22:06:08 UTC
Permalink
Post by Dennis Peterson
Post by Bowie Bailey
wget (link to current clamav-XXX.tar.gz)
tar xzf clamav-XXX.tar.gz
cd clamav-XXX
configure --disable-zlib-vcheck
make
su
make install
service clamav restart
service freshclam restart
You would be wise to uninstall the previous installation so that you don't
end up with split versions. The man pages have not always been consistent
nor have library names, and uninstall (make uninstall) helps prevent this.
This only serves to illustrate the OP's point.
--
Craig
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
Dennis Peterson
2006-11-08 00:13:20 UTC
Permalink
Post by Craig Morrison
Post by Dennis Peterson
You would be wise to uninstall the previous installation so that you don't
end up with split versions. The man pages have not always been consistent
nor have library names, and uninstall (make uninstall) helps prevent this.
This only serves to illustrate the OP's point.
I agree - this simple step is far too complex for anyone to manage alone.
By all means bring on the spoon feeders and lift this burden from our frail
selves. Don't be confused by such things as best practices and self reliance
when all we need do is wait for the packagers to come to our rescue.

Except the packagers don't always agree on where to put things and what to
call them and so damn, we're still left to follow best practices and make
sure all the work is done correctly.

dp
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
John Rudd
2006-11-08 00:02:56 UTC
Permalink
Post by Dennis Peterson
Post by Bowie Bailey
wget (link to current clamav-XXX.tar.gz)
tar xzf clamav-XXX.tar.gz
cd clamav-XXX
configure --disable-zlib-vcheck
make
su
make install
service clamav restart
service freshclam restart
You would be wise to uninstall the previous installation so that you don't
end up with split versions. The man pages have not always been consistent
nor have library names, and uninstall (make uninstall) helps prevent this.
It would be nice, though, if there was a "clamav-current.tar.gz" to
download, so that such automated processes could be done more ... automated.

_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
Jim Redman
2006-11-07 21:43:11 UTC
Permalink
Bowie,
Post by Bowie Bailey
Hassle?
wget (link to current clamav-XXX.tar.gz)
tar xzf clamav-XXX.tar.gz
cd clamav-XXX
configure --disable-zlib-vcheck
make
su
make install
service clamav restart
service freshclam restart
The obvious observation that while this might work for you it's not a
general solution, so now everyone needs to create a script.

If you use only one computer for a firewall and mail machine (as I do)
it is a generally considered a bad idea to have gcc on that system - a
missing compiler provides one more challenge once the system is hacked.
So, while this might work for you, assuming your ClamAV machine is
behind a firewall, this is probably not a good general solution.

IF you ARE running this on a machine that is not behind a firewall, then
you are tending to validate my point that a good, solid, foolproof
installation would help people to avoid security problems - like having
gcc on a firewall. In this case, if such an install existed you might
not have been tempted to build from source and so closed one more hole
on your system.

Jim
--
Jim Redman
(505) 662 5156 x85
http://www.ergotech.com
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
Steve Holdoway
2006-11-07 22:03:08 UTC
Permalink
On Tue, 07 Nov 2006 14:43:11 -0700
Post by Jim Redman
Bowie,
Post by Bowie Bailey
Hassle?
wget (link to current clamav-XXX.tar.gz)
tar xzf clamav-XXX.tar.gz
cd clamav-XXX
configure --disable-zlib-vcheck
make
su
make install
service clamav restart
service freshclam restart
The obvious observation that while this might work for you it's not a
general solution, so now everyone needs to create a script.
If you use only one computer for a firewall and mail machine (as I do)
it is a generally considered a bad idea to have gcc on that system - a
missing compiler provides one more challenge once the system is hacked.
As opposed to downloading an executable, running a script? If you've got access to the machine at a level that a compiler can be of use to you then the server's lost anyway. Do you offer webmail services? Then you've probably got php installed on your mail server...

You really do need to get out of the mindset that you don't actually need to know what you're doing to administer a server. It is *NOT* a trivial task, requires skills to support it, and years of experience to do it well.

Unfortunately, nobody thinks that way until they've seen the mess.

Sorry to take this off topic, but I've made my living as a freelance sysadmin since 1987 and I've seen the results time and time again.

Steve
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
Barry Gill
2006-11-07 22:22:17 UTC
Permalink
If it runs out of cron it runs for just milli- seconds - other wise it is
in the proc table

Assuming of course that you don't end up with hundreds of spawned cron jons.

For some reason, I have seen more often than I care to think, multiple cron
jobs firing off freshclam and then not hanging up.
This can very very quickly eat away machine resource and lead to fatal
failures.

I have never had this behaviour using the freshclam daemon.

So running freshclam in daemon mode may well use a tad more resource, in my
life it has proved hundreds of time more reliable.

(I run FC3, 4 and 5 in 32 and 64bit platforms and have seen this behaviour
on only my 64 bit systems)

B



_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
Dennis Peterson
2006-11-08 00:26:15 UTC
Permalink
Post by Barry Gill
If it runs out of cron it runs for just milli- seconds - other wise it is
in the proc table
Assuming of course that you don't end up with hundreds of spawned cron jons.
<rocket science>

Run the following fc.sh script from cron every hour

#!/bin/sh
# usage: fc.sh [now]
# Any argument will bypass the random sleep period

if /usr/bin/pgrep -x freshclam >/dev/null 2>&1; then
echo 'Killing a stale instance of freshclam.' |\
/usr/bin/mailx -s '[mailhost05] freshclam error' ***@mydomain.com
/usr/bin/pkill freshclam || echo 'Unable to kill freshclam'
fi

# if no arg to script, sleep random <= 1800 seconds
if [ -z "$1" ]; then
/usr/bin/bash -c '/usr/bin/sleep $[ RANDOM % 1800 ]'
fi

/usr/local/bin/freshclam --quiet --daemon-notify=/usr/local/etc/clamd.conf >/dev/null 2>&1

# end of script

</rocket science>

dp
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
Jim Redman
2006-11-07 23:16:19 UTC
Permalink
Steve,
Post by Steve Holdoway
You really do need to get out of the mindset that you don't actually
need to know what you're doing to administer a server. It is *NOT* a
trivial task, requires skills to support it, and years of experience
to >do it well.

Your opinions, seem to be the prevalent attitude of the vocal members of
this list - if you don't suffer, it wasn't worth it.

I would argue that I'm know enough about server administration to
realize that my knowledge of ClamAV will never be as deep as others on
this list, how much better if they create a secure, stable, successful,
packaged configuration and everyone (which happens to also include me!)
benefits from their knowledge. Or does that sound like flamebait?

Jim
--
Jim Redman
(505) 662 5156 x85
http://www.ergotech.com
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
Christopher X. Candreva
2006-11-07 23:27:55 UTC
Permalink
Your opinions, seem to be the prevalent attitude of the vocal members of this
list - if you don't suffer, it wasn't worth it.
I would disagree, in that I don't see it as suffering.

Forgive me if I missed it, but what is your specific problem ? Perhaps we
have different definitions of suffering.

The only specific complaint I saw was the message "Your version is
outdated", and that seems to me to be a very simple English declarative
sentence, with a simple solution. You are running an old version, get a new
one.



==========================================================
Chris Candreva -- ***@westnet.com -- (914) 967-7816
WestNet Internet Services of Westchester
http://www.westnet.com/
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
Jim Redman
2006-11-07 23:48:25 UTC
Permalink
Chris,
Post by Christopher X. Candreva
Your opinions, seem to be the prevalent attitude of the vocal members of this
list - if you don't suffer, it wasn't worth it.
I would disagree, in that I don't see it as suffering.
Forgive me if I missed it, but what is your specific problem ? Perhaps we
have different definitions of suffering.
The only specific complaint I saw was the message "Your version is
outdated", and that seems to me to be a very simple English declarative
sentence, with a simple solution. You are running an old version, get a new
one.
Sorry, my point has nothing to do with my particular suffering or any
particular aspect of that - or at least only indirectly.

My observation is that of all the modern packages ClamAV fails to
install and run successfully and securely without operator intervention.
I think that this should be refined to reference Fedora packages and
perhaps not all of them.

There are a number of reasons why I consider this a bad thing (other
opinions have been expressed by others on the list).

1) It sucks my time because I immediately have to learn more than I want
to about ClamAV (and freshclam and clamav-milter and the interactions
between all these applications).

2) The installation is probably going to be sub-optimal because I don't
have enough time to spend on ClamAV to become the expert that others on
this list clearly are.

3) It encourages bad/insecure installations because people (including
me) without enough time to spend on researching the best way to install
ClamAV (and associated apps) will be ignorant of possible security hole
(or not recognize the significance of them). Bad installations could be
REALLY bad - is there any way ClamAV could be instrumental in generating
mails to the SENDER of a virus e-mail?

4) (Altruism) It limits the adoption of ClamAV which in turn increase
the number/penetration of viruses.

Of course 1) is entirely negated by the amount of time spent this
afternoon answering e-mails to the list (I really DO have other things
that I should be doing other than dealing with ClamAV).

Jim
--
Jim Redman
(505) 662 5156 x85
http://www.ergotech.com
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
Bart Silverstrim
2006-11-09 15:24:14 UTC
Permalink
Post by Jim Redman
Chris,
Post by Christopher X. Candreva
Your opinions, seem to be the prevalent attitude of the vocal members of this
list - if you don't suffer, it wasn't worth it.
I would disagree, in that I don't see it as suffering.
Forgive me if I missed it, but what is your specific problem ?
Perhaps we have different definitions of suffering.
The only specific complaint I saw was the message "Your version is
outdated", and that seems to me to be a very simple English
declarative sentence, with a simple solution. You are running an
old version, get a new one.
Sorry, my point has nothing to do with my particular suffering or
any particular aspect of that - or at least only indirectly.
My observation is that of all the modern packages ClamAV fails to
install and run successfully and securely without operator
intervention. I think that this should be refined to reference
Fedora packages and perhaps not all of them.
There are a number of reasons why I consider this a bad thing
(other opinions have been expressed by others on the list).
1) It sucks my time because I immediately have to learn more than I
want to about ClamAV (and freshclam and clamav-milter and the
interactions between all these applications).
2) The installation is probably going to be sub-optimal because I
don't have enough time to spend on ClamAV to become the expert that
others on this list clearly are.
You don't have to be an expert to tune it if you're just reading the
config file, though. If you have problems with the server spiking
CPU usage or running out of RAM, it's not hard to look and see what
settings would affect that.

If you can't do this and the material is out there for people to
easily refer to, maybe you're short on staff (and need more people in
your department) or there's some management problems that keep you
from effectively doing your job, from the sounds of it.
Post by Jim Redman
3) It encourages bad/insecure installations because people
(including me) without enough time to spend on researching the best
way to install ClamAV (and associated apps) will be ignorant of
possible security hole (or not recognize the significance of
them). Bad installations could be REALLY bad - is there any way
ClamAV could be instrumental in generating mails to the SENDER of a
virus e-mail?
This can be a problem with ANY software. I don't know anything about
AutoCAD, yet am expected to install and troubleshoot it at times. I
rely on the people who know AutoCAD (but squat about computers) to
tell me when something is "wrong" with their install and troubleshoot
it from there (yes, we're understaffed, otherwise I'd dedicate more
time to learning it; just the reality of the situation).

It means that either they hire more people, let me dedicate more time
to troubleshooting and repairing server work, or suffer the
consequences of the short staffed. I'm not going to bitch to the
software programmers that they need to fix my problems that are
caused by management on my side, though, since there is documentation
and references available for the software package...I just click
through the defaults and mop up problems later on.
Post by Jim Redman
4) (Altruism) It limits the adoption of ClamAV which in turn
increase the number/penetration of viruses.
Maybe the project doesn't WANT people who have problems with their
installs caused by willful ignorance...just a thought. The OP showed
this right off with the title "cherishing my ignorance". If someone
wants a labor-centric job with no skills to enhance, apply at
McBurger King. They cherish employees who cherish ignorance because
they're easy to hire and fire.

IT isn't a McJob that it seems to get treated as. One person doing
overlapping job skills without an adequate staff to support them will
cause problems, and the business needs to recognize that.
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
Daniel J McDonald
2006-11-09 19:40:34 UTC
Permalink
Post by Bart Silverstrim
Post by Jim Redman
Chris,
My observation is that of all the modern packages ClamAV fails to
install and run successfully and securely without operator
intervention. I think that this should be refined to reference
Fedora packages and perhaps not all of them.
I don't use Fedora - I use Mandriva. And my experience has been that
the RPMS provided by Mandriva do allow you to run out of the box with
very little tweaking. That is important to me - I manage about 20 linux
servers, but my primary responsibility is 196 routers and firewalls.
I'm not ignorant of the build process - I learned how to build SRPM's
working with this package - I merely don't have the time to mess with
it. So, I understand the sentiment.
Post by Bart Silverstrim
Post by Jim Redman
There are a number of reasons why I consider this a bad thing
(other opinions have been expressed by others on the list).
4) (Altruism) It limits the adoption of ClamAV which in turn
increase the number/penetration of viruses.
Maybe the project doesn't WANT people who have problems with their
installs caused by willful ignorance...just a thought.
I personally think that's a poor attitude. Clueless newbies are
important too. I personally will dump a project that takes too long to
get working at all. As long as I can see progress it will keep my
interest.

For example, the Hobbitmonitor project is buried deep on my todo list -
There are about 15 "post release" patches that have to be individually
applied in a certain order, and I have yet to get it right and have it
compile. So I ignore it, and think "If I ever get about 4 hours of
un-interrupted time, I'm going to tackle that beast". Of course, I
don't have 4 hours, so it just gets deeper on the pile, and I never get
my monitoring server built, and I never am able to contribute back to
the project by helping other clueless newbies...
--
Daniel J McDonald, CCIE # 2495, CISSP # 78281, CNX
Austin Energy
http://www.austinenergy.com
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
Christopher X. Candreva
2006-11-09 19:52:02 UTC
Permalink
Post by Daniel J McDonald
Post by Jim Redman
My observation is that of all the modern packages ClamAV fails to
install and run successfully and securely without operator
intervention. I think that this should be refined to reference
Fedora packages and perhaps not all of them.
I don't use Fedora - I use Mandriva. And my experience has been that
the RPMS provided by Mandriva do allow you to run out of the box with
You've just hit the problem: Which distributions should the "Clam Team" be
spending time on - Fedora, Mandriva, Ubuntu, SUSE - - - my favorite, your
favorite ?

This is not a unique complaint to Clam - I see similar problems on the
MailMan list, and RedHat/Fedora again is a big source of complaints.

As far as I know, across Linux, packages for distibutions are the
responibility of the distro, not the project in question. Fedora is fairly
well known for making changes to the default way that applications are set
up, often moving things around (files, sockets, etc).

I think what the OP is asking for misses this fact. When you install Clam
from Fedora packages, basicly you need to get support from Fedora.

Maybe you need a different distro, that keeps things in default locations.


==========================================================
Chris Candreva -- ***@westnet.com -- (914) 967-7816
WestNet Internet Services of Westchester
http://www.westnet.com/
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
Bryan Bradsby
2006-11-09 20:48:35 UTC
Permalink
Post by Christopher X. Candreva
Maybe you need a different distro, that keeps things in default locations.
http://FreeBSD.org

-bryan
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
Rob Munsch
2006-11-09 19:44:46 UTC
Permalink
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Post by Daniel J McDonald
For example, the Hobbitmonitor project is buried deep on my todo list -
There are about 15 "post release" patches that have to be individually
applied in a certain order,
You want the "allinone.patch" referenced on that page, which is exactly
what its name implies :). If you apply that you may proceed with
./configure et. al., and all will Just Work.

- --
Rob Munsch
Solutions For Progress IT
www.solutionsforprogress.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFU4UuBvBcJFK6xYURAuheAJ4qgAo414hjntjRnYKHBqA3qfF0MgCfcGUU
RJDriFBSOT0GjBnoN2XR5iw=
=C/BW
-----END PGP SIGNATURE-----
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
Rob Munsch
2006-11-09 20:28:20 UTC
Permalink
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

sorry, meant that to be a private reply back to the OP -.-

- --
Rob Munsch
Solutions For Progress IT
www.solutionsforprogress.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFU49kBvBcJFK6xYURApogAJ9nM08ECu0ia5fJS/JIIWDSzuGJ9gCff61R
ak0UDNpdGhEE48aX8STQxxM=
=4vIq
-----END PGP SIGNATURE-----
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
Bart Silverstrim
2006-11-10 15:56:31 UTC
Permalink
Post by Daniel J McDonald
Post by Bart Silverstrim
Post by Jim Redman
Chris,
My observation is that of all the modern packages ClamAV fails to
install and run successfully and securely without operator
intervention. I think that this should be refined to reference
Fedora packages and perhaps not all of them.
I don't use Fedora - I use Mandriva. And my experience has been that
the RPMS provided by Mandriva do allow you to run out of the box with
very little tweaking. That is important to me - I manage about 20 linux
servers, but my primary responsibility is 196 routers and firewalls.
I'm not ignorant of the build process - I learned how to build SRPM's
working with this package - I merely don't have the time to mess with
it. So, I understand the sentiment.
Post by Bart Silverstrim
Post by Jim Redman
There are a number of reasons why I consider this a bad thing
(other opinions have been expressed by others on the list).
4) (Altruism) It limits the adoption of ClamAV which in turn
increase the number/penetration of viruses.
Maybe the project doesn't WANT people who have problems with their
installs caused by willful ignorance...just a thought.
I personally think that's a poor attitude. Clueless newbies are
important too. I personally will dump a project that takes too long to
get working at all. As long as I can see progress it will keep my
interest.
Cluelessness is one thing. Willful cluelessness is another. There
is a difference.

What you're talking about is hassle...if it's too much hassle, you
move on to something else. That's fine and dandy. But there are
many many many people who are using, for example, ClamAV without
throwing a fit because there's too much in the conf file to set up.

The distinction is you can get frustrated and ask for help, or you
can get frustrated and bitch about it rather than read the comments
in the conf file. There's a lot, it can be tedious to a degree, but
you're not having to go through source code to figure out how to get
it to work. I have found that *overall*, with all the different
distros out there, it is impossible to come up with a one-size-fits-
all solution but the config files and guides for installation and
configuration on the Internet are enough that you need not invest a
lifetime to getting this one project working.

As I've said in other posts, the problem (as I see it) isn't
necessarily that he's clueless, or a newbie. It's the attitude he
approached the group with, the attitude of "I don't know anything and
want to stay ignorant. You should make it so I can stay ignorant but
get this to work." This is something that can easily ruffle some
feathers, especially when so many in the group have started in that
position but learned how to get it to work. It's also shocking for a
sysadmin to declare that they want to stay ignorant of the equipment
they're using..."I want to be a rocket scientist, but don't want to
take that nasty physics stuff...you should make it easier!"
Post by Daniel J McDonald
For example, the Hobbitmonitor project is buried deep on my todo list -
There are about 15 "post release" patches that have to be individually
applied in a certain order, and I have yet to get it right and have it
compile. So I ignore it, and think "If I ever get about 4 hours of
un-interrupted time, I'm going to tackle that beast". Of course, I
don't have 4 hours, so it just gets deeper on the pile, and I never get
my monitoring server built, and I never am able to contribute back to
the project by helping other clueless newbies...
Then cut it loose.

This seems to be a hard concept...similar problems crop up, and my
response is something along the lines of, "Well, your company isn't
hiring enough to properly staff your department or manage the staff
properly...if it were truly important, you'd get the time. So either
suffer with the lack of XYZ, or have them hire more people, or move
to another company that does respect their IT department's role
more." "Well, that's not realistic..." "Well, then it sounds like
you are going with A, suffer the lack of XYZ. Accept it, quit
complaining."

<crickets...>

I'm not saying every project requires you to cut off fingers and
chant voodoo incantations to work. I'm just saying that ClamAV isn't
rocket science, there are some problems, and your average sysadmin
should be able to go through a conf file to configure it and be able
to get it to integrate with most MTA's using docs on the Internet
with relatively little energy lost. I am tired of the couch sysadmin
running mail servers using a black box approach, relaying spam or
implementing poor security because they're too damn lazy to actually
figure out what running a mail server means, and when someone comes
along saying that they have problems XYZ the "real" sysadmin takes
their advice and learns what is happening while the couch sysadmin
ignores it or complains it's their mail server vendor's fault because
they didn't make it simple enough to just run the installer and ignore.


_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
Jim Maul
2006-11-10 16:17:07 UTC
Permalink
Post by Daniel J McDonald
Post by Bart Silverstrim
Post by Jim Redman
Chris,
My observation is that of all the modern packages ClamAV fails to
install and run successfully and securely without operator
intervention. I think that this should be refined to reference
Fedora packages and perhaps not all of them.
I don't use Fedora - I use Mandriva. And my experience has been that
the RPMS provided by Mandriva do allow you to run out of the box with
very little tweaking. That is important to me - I manage about 20 linux
servers, but my primary responsibility is 196 routers and firewalls.
I'm not ignorant of the build process - I learned how to build SRPM's
working with this package - I merely don't have the time to mess with
it. So, I understand the sentiment.
Post by Bart Silverstrim
Post by Jim Redman
There are a number of reasons why I consider this a bad thing
(other opinions have been expressed by others on the list).
4) (Altruism) It limits the adoption of ClamAV which in turn
increase the number/penetration of viruses.
Maybe the project doesn't WANT people who have problems with their
installs caused by willful ignorance...just a thought.
I personally think that's a poor attitude. Clueless newbies are
important too. I personally will dump a project that takes too long to
get working at all. As long as I can see progress it will keep my
interest.
Cluelessness is one thing. Willful cluelessness is another. There is a
difference.
What you're talking about is hassle...if it's too much hassle, you move
on to something else. That's fine and dandy. But there are many many
many people who are using, for example, ClamAV without throwing a fit
because there's too much in the conf file to set up.
The distinction is you can get frustrated and ask for help, or you can
get frustrated and bitch about it rather than read the comments in the
conf file. There's a lot, it can be tedious to a degree, but you're not
having to go through source code to figure out how to get it to work. I
have found that *overall*, with all the different distros out there, it
is impossible to come up with a one-size-fits-all solution but the
config files and guides for installation and configuration on the
Internet are enough that you need not invest a lifetime to getting this
one project working.
As I've said in other posts, the problem (as I see it) isn't necessarily
that he's clueless, or a newbie. It's the attitude he approached the
group with, the attitude of "I don't know anything and want to stay
ignorant. You should make it so I can stay ignorant but get this to
work." This is something that can easily ruffle some feathers,
especially when so many in the group have started in that position but
learned how to get it to work. It's also shocking for a sysadmin to
declare that they want to stay ignorant of the equipment they're
using..."I want to be a rocket scientist, but don't want to take that
nasty physics stuff...you should make it easier!"
I understand completely what you are saying and also agree with it.
However, regardless of how clueless the rocket scientist wants to remain
(which, yes, is a poor attitude), IF there is room for improvement or IF
some part of the process CAN be made easier, shouldnt it? This has
nothing to do with the fact that he wants to remain ignorant. It really
seems as if everyone read that part and COMPLETELY missed what he was
really trying to say and instead focused on blasting the guy because of
his willingness to remain ignorant.
Post by Daniel J McDonald
For example, the Hobbitmonitor project is buried deep on my todo list -
There are about 15 "post release" patches that have to be individually
applied in a certain order, and I have yet to get it right and have it
compile. So I ignore it, and think "If I ever get about 4 hours of
un-interrupted time, I'm going to tackle that beast". Of course, I
don't have 4 hours, so it just gets deeper on the pile, and I never get
my monitoring server built, and I never am able to contribute back to
the project by helping other clueless newbies...
Then cut it loose.
This seems to be a hard concept...similar problems crop up, and my
response is something along the lines of, "Well, your company isn't
hiring enough to properly staff your department or manage the staff
properly...if it were truly important, you'd get the time. So either
suffer with the lack of XYZ, or have them hire more people, or move to
another company that does respect their IT department's role more."
"Well, that's not realistic..." "Well, then it sounds like you are
going with A, suffer the lack of XYZ. Accept it, quit complaining."
<crickets...>
I'm not saying every project requires you to cut off fingers and chant
voodoo incantations to work. I'm just saying that ClamAV isn't rocket
science, there are some problems, and your average sysadmin should be
able to go through a conf file to configure it and be able to get it to
integrate with most MTA's using docs on the Internet with relatively
little energy lost. I am tired of the couch sysadmin running mail
servers using a black box approach, relaying spam or implementing poor
security because they're too damn lazy to actually figure out what
running a mail server means, and when someone comes along saying that
they have problems XYZ the "real" sysadmin takes their advice and learns
what is happening while the couch sysadmin ignores it or complains it's
their mail server vendor's fault because they didn't make it simple
enough to just run the installer and ignore.
AHA!. This seems to be it. Everyone is pissed off at shitty admins!
So forget the fact that they actually might have a valid point one day,
lets just insult them and tell them they are stupid and ignore anything
that comes out of their mouths. Im sorry for whoever feels this way.
Life must be very frustrating for you. Im done here.

Jim
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
Ken Jones
2006-11-10 16:34:18 UTC
Permalink
This thread reminds me of an old saying ....

Make it simple enough even an idiot can use it, and ONLY and idiot will use it.


Considering all the possabilites for installing Clamav, and intergrating it, I
wouldn't want to be near systems that the admin said "do it for me" to the
packagers.

Yes, as pointed out you can connect to an apache server after installing,
without doing much ... but you still do have a few things to do.

This is a package that can be considered a security package. It protects your
system / email / network from virus' ... it's only as good as you set it up.

If you are putting a security system in your house, you choose to either do it
your self or to hire it done. If you choose to hire it, do you hire your 12
year old neighbor kid or a licensed / bonded professional.

In installing packages, I still want to know how to audit the install / setup.
It's the security of MY systems at stake.

It takes me all of 5 minutes to upgrade versions ... that's it. When I was
doing it on 5 systems, 5 minutes ... ok it took me 20 minutes to set that up,
but after that 5 minutes.

Wanting to stay ignorant about what you are doing is a sure sign of problems
to come.
--
Ken Jones


_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
Bart Silverstrim
2006-11-10 20:22:30 UTC
Permalink
Post by Jim Maul
Post by Bart Silverstrim
Post by Daniel J McDonald
Post by Bart Silverstrim
Post by Jim Redman
Chris,
My observation is that of all the modern packages ClamAV fails to
install and run successfully and securely without operator
intervention. I think that this should be refined to reference
Fedora packages and perhaps not all of them.
I don't use Fedora - I use Mandriva. And my experience has been that
the RPMS provided by Mandriva do allow you to run out of the box with
very little tweaking. That is important to me - I manage about 20 linux
servers, but my primary responsibility is 196 routers and firewalls.
I'm not ignorant of the build process - I learned how to build SRPM's
working with this package - I merely don't have the time to mess with
it. So, I understand the sentiment.
Post by Bart Silverstrim
Post by Jim Redman
There are a number of reasons why I consider this a bad thing
(other opinions have been expressed by others on the list).
4) (Altruism) It limits the adoption of ClamAV which in turn
increase the number/penetration of viruses.
Maybe the project doesn't WANT people who have problems with their
installs caused by willful ignorance...just a thought.
I personally think that's a poor attitude. Clueless newbies are
important too. I personally will dump a project that takes too long to
get working at all. As long as I can see progress it will keep my
interest.
Cluelessness is one thing. Willful cluelessness is another.
There is a difference.
What you're talking about is hassle...if it's too much hassle, you
move on to something else. That's fine and dandy. But there are
many many many people who are using, for example, ClamAV without
throwing a fit because there's too much in the conf file to set up.
The distinction is you can get frustrated and ask for help, or you
can get frustrated and bitch about it rather than read the
comments in the conf file. There's a lot, it can be tedious to a
degree, but you're not having to go through source code to figure
out how to get it to work. I have found that *overall*, with all
the different distros out there, it is impossible to come up with
a one-size-fits-all solution but the config files and guides for
installation and configuration on the Internet are enough that you
need not invest a lifetime to getting this one project working.
As I've said in other posts, the problem (as I see it) isn't
necessarily that he's clueless, or a newbie. It's the attitude he
approached the group with, the attitude of "I don't know anything
and want to stay ignorant. You should make it so I can stay
ignorant but get this to work." This is something that can easily
ruffle some feathers, especially when so many in the group have
started in that position but learned how to get it to work. It's
also shocking for a sysadmin to declare that they want to stay
ignorant of the equipment they're using..."I want to be a rocket
scientist, but don't want to take that nasty physics stuff...you
should make it easier!"
I understand completely what you are saying and also agree with it.
However, regardless of how clueless the rocket scientist wants to
remain (which, yes, is a poor attitude), IF there is room for
improvement or IF some part of the process CAN be made easier,
shouldnt it?
Sure. Taking into consideration other factors.
A) Pay them for the features...this is all volunteer work.
B) No one is proposing how this is to be done. What distro do you
aim for? What MTA? Integration with another spam scanner? How to
make this simpler without crippling or making more difficult getting
it to work with particular setups?
C) How can you simplify or get this to work to the point where a user
who states right out that it's too hard for him to read a conf file
is able to use it? That is NOT what one would expect from a sysadmin
doing his job.
Post by Jim Maul
This has nothing to do with the fact that he wants to remain
ignorant. It really seems as if everyone read that part and
COMPLETELY missed what he was really trying to say and instead
focused on blasting the guy because of his willingness to remain
ignorant.
He was saying he is too ignorant to configure his install for his
mail server setup and wanted other people to do it for him rather
than have him read the config file.

That probably irks a lot of people who use ClamAV with minimal effort
and also have to support people who have this guy's type of attitude
because he is running a server that takes some knowledge and skill
yet willfully remains ignorant on the details of how to properly do
so. For all the whining about poor attitudes from the list...well,
tough, we have bad days spent supporting the willfully ignorant! If
you're an admin, you should follow the job duties that come with it
or go for another job or a job that doesn't take skills. Maintaining
servers is a pain in the arse sometimes, but it's PART OF THE JOB.
If you're not competent in that area, outsource it or hire more staff
that does know something about it.
Post by Jim Maul
Post by Bart Silverstrim
Post by Daniel J McDonald
For example, the Hobbitmonitor project is buried deep on my todo list -
There are about 15 "post release" patches that have to be
individually
applied in a certain order, and I have yet to get it right and have it
compile. So I ignore it, and think "If I ever get about 4 hours of
un-interrupted time, I'm going to tackle that beast". Of course, I
don't have 4 hours, so it just gets deeper on the pile, and I never get
my monitoring server built, and I never am able to contribute back to
the project by helping other clueless newbies...
Then cut it loose.
This seems to be a hard concept...similar problems crop up, and my
response is something along the lines of, "Well, your company
isn't hiring enough to properly staff your department or manage
the staff properly...if it were truly important, you'd get the
time. So either suffer with the lack of XYZ, or have them hire
more people, or move to another company that does respect their IT
department's role more." "Well, that's not realistic..." "Well,
then it sounds like you are going with A, suffer the lack of XYZ.
Accept it, quit complaining."
<crickets...>
I'm not saying every project requires you to cut off fingers and
chant voodoo incantations to work. I'm just saying that ClamAV
isn't rocket science, there are some problems, and your average
sysadmin should be able to go through a conf file to configure it
and be able to get it to integrate with most MTA's using docs on
the Internet with relatively little energy lost. I am tired of
the couch sysadmin running mail servers using a black box
approach, relaying spam or implementing poor security because
they're too damn lazy to actually figure out what running a mail
server means, and when someone comes along saying that they have
problems XYZ the "real" sysadmin takes their advice and learns
what is happening while the couch sysadmin ignores it or complains
it's their mail server vendor's fault because they didn't make it
simple enough to just run the installer and ignore.
AHA!. This seems to be it. Everyone is pissed off at shitty
admins! So forget the fact that they actually might have a valid
point one day, lets just insult them and tell them they are stupid
and ignore anything that comes out of their mouths. Im sorry for
whoever feels this way. Life must be very frustrating for you. Im
done here.
He's installing ClamAV. On a server. On the Internet. No?

That means that the willfully ignorant is a hazard to everyone else
out there.

If you're running a mail server, you're expected to do a certain
amount of work to, you know, know what you're doing.

Is this just kind of lost on you? Or do you not see what happens as
the clueless pound your mail server with more spam? Granted it's
coming from home users in botnets more now, but they are still the
ignorant masses for computing...at least they weren't expected to run
a mail server, just responsibly use their computer.

You think he has a valid point, that it's too too hard to configure
ClamAV? Where is your specific complaint on it? Can you point it
out, and suggest something that can be done as a fix without breaking
other installations?

HE WISHES TO REMAIN IGNORANT TO THE POINT WHERE HE CAN'T EVEN SPECIFY
THE PROBLEM NOR SUGGEST A FIX. What is a reasonable way to make this
as braindead simple as possible without breaking other installs or
options for people running postfix or sendmail or qmail or procmail
or spamassassin (or not)?

He wants to have others make it simpler for him. Goody, he as a
point. Let's make it simpler.

How? What specifically is too hard for him to configure that so many
others have been able to work around? The simpler installer, as I
see it, would still interrogate you for settings specific to your
needs...which is still exactly what he doesn't want!!

Am I the only one that sees that there is little value in trying to
help him with his message, as it was worded? What he really should
have done was just ask for a place to find a prepackaged ClamAV that
fits his distro and his mail setup. He didn't even supply that
information, though. So what then...ask the developers to hurry up
with that telepathic API they've been working on but keeping secret
from him?
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
jef moskot
2006-11-10 16:07:37 UTC
Permalink
What you're talking about is hassle...if it's too much hassle, you move
on to something else. That's fine and dandy. But there are many many
many people who are using, for example, ClamAV without throwing a fit
because there's too much in the conf file to set up.
He didn't throw a fit, he suggested that if a package exists, it ought to
work. I don't think that's unreasonable.

Calling him lazy is obscuring and sidestepping the actual problem. It's
also pointless, since if you've read the subject line, you already know
that he's lazy. He's admitted it, hooray, you win.

If some packages install without difficulty and others do not, then how
about we work together to bring the less efficient packages in line with
the more effective ones?

Jeffrey Moskot
System Administrator
***@math.miami.edu
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
Bart Silverstrim
2006-11-10 20:26:19 UTC
Permalink
Post by jef moskot
What you're talking about is hassle...if it's too much hassle, you move
on to something else. That's fine and dandy. But there are many many
many people who are using, for example, ClamAV without throwing a fit
because there's too much in the conf file to set up.
He didn't throw a fit, he suggested that if a package exists, it ought to
work. I don't think that's unreasonable.
It does work. It installs, you then set up the conf file for your
specific setup.

Unless you have a way of packaging it so that you download
CLAMAV for POSTFIX filtered through AMAVISD-NEW using SPAMASSASSIN
with options (XYZ) preset.rpm

And rewrite all the configs for those files in turn so it doesn't
upset your site-specific info...

THAT was what he was asking for.
Post by jef moskot
Calling him lazy is obscuring and sidestepping the actual problem.
It's
also pointless, since if you've read the subject line, you already know
that he's lazy. He's admitted it, hooray, you win.
YAY! Let's have devs go out of their way to help someone too lazy to
do the most basic steps. If he's that lazy and ignorant, what makes
you think he'd even work with packagers to assist in customizing a
package for him?
Post by jef moskot
If some packages install without difficulty and others do not, then how
about we work together to bring the less efficient packages in line with
the more effective ones?
Now see, that's a reasonably worded request, but see, he didn't do
that. He said he's ignorant, this stuff takes (/whine) too much
effort to configure(/whine), and wants someone to do it for him as a
package.

It's called outsourcing.
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
jef moskot
2006-11-10 21:10:05 UTC
Permalink
Post by jef moskot
If some packages install without difficulty and others do not, then
how about we work together to bring the less efficient packages in line
with the more effective ones?
Now see, that's a reasonably worded request, but see, he didn't do that.
Couldn't we just pretend he did and move on from there?

Jeffrey Moskot
System Administrator
***@math.miami.edu
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
Bart Silverstrim
2006-11-11 05:01:38 UTC
Permalink
Post by jef moskot
Post by jef moskot
If some packages install without difficulty and others do not, then
how about we work together to bring the less efficient packages in line
with the more effective ones?
Now see, that's a reasonably worded request, but see, he didn't do that.
Couldn't we just pretend he did and move on from there?
Not really...he didn't tell us what the specific problem is aside
from mentioning that he is unwilling to read the config file. I
shudder to think how he is going to get it to integrate with the MTA
of choice...

He didn't tell us his config, his distro, anything. How do you help
him?

Or are you going to create a custom out-of-box working package for
him from the information the original message?
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
Dennis Peterson
2006-11-08 00:34:54 UTC
Permalink
Post by Christopher X. Candreva
Your opinions, seem to be the prevalent attitude of the vocal members of this
list - if you don't suffer, it wasn't worth it.
I would disagree, in that I don't see it as suffering.
Forgive me if I missed it, but what is your specific problem ? Perhaps we
have different definitions of suffering.
His specific problem is he lacks the skill to install and manage the product.
He thinks the responsibility for correcting this deficiency belongs to unnamed
packagers. So far he's not offered to pay anyone to do his job for him, but
I'm available at my usual $300/hour.

dp

_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
Tom Metro
2006-11-10 00:23:22 UTC
Permalink
Post by Dennis Peterson
Post by Jim Redman
Your opinions, seem to be the prevalent attitude of the vocal
members of this list - if you don't suffer, it wasn't worth it.
His specific problem is he lacks the skill to install and manage the product.
It's rather sad to see that this elitist attitude - which was
commonplace on Usenet back in the early 90's - is still alive and well
here in 2006. I'm not sure why people who otherwise are enthusiastic
supporters of open source don't see how this damages the community.

The argument is also flawed. So, the people criticizing the OP's premise
all build their software from scratch, build their own OS distributions,
and never used packaged software - right? No? Do you at least review
all the source code before you install a package? No?

We've built up these layers not always because the end users don't have
the knowledge to reproduce them themselves, but because it would be a
waste of effort to replicate them. This hold as true for rewriting a
virus scanning engine from scratch as it does for writing your own
installation script. (If your environment requires custom behavior, then
by all means, write your own installation script...or for that matter,
customize the virus scanning engine.)

Ease of installation is valued by knowledgeable users also. Why spend
time on a problem that others have already solved hundreds of times
over. I'd much rather use my time in solving unexpected problems that
are specific to my environment.

There are good reasons why distributions providing packaged software are
the dominant distributions in use today.

Instead of attacking the OP's premise, a more productive response is
suggesting other repositories that offer better packages, and other
distributions that provide better designed packages, and fortunately
this information was provided by others in among the noise.

It would also be nice to see the project leaders show a better attitude
towards package maintainers. Not to say they necessarily have a poor
attitude towards them, but there wasn't anything positive put forth in
this thread. No one expects ClamAV to natively support specific
distributions, but a statement along the lines of "yeah, we've heard the
Fedora RPM isn't the smoothest install, but we're working with the
maintainer to improve it." Or, "we've accepted and incorporated numerous
patches from downstream packagers, so if you're having a problem with a
specific package, your best recourse is to report the problem to the
maintainer and have them report to us any changes that need to be made."

A related issue is how often it is recommended on the list just to build
from source. It's an understandable way to respond to packaging problems
on a project list, where the project has no direct control over the
packages. It's the fastest work-around, and the only short-term
solution. But it suggests that packaging for ClamAV seems to be more
problematic than for other comparable apps., and maybe that's because
more could be done in the core project to accommodate packagers.

-Tom
--
Tom Metro
Venture Logic, Newton, MA, USA
"Enterprise solutions through open source."
Professional Profile: http://tmetro.venturelogic.com/
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
Stephen Gran
2006-11-10 01:14:38 UTC
Permalink
Post by Tom Metro
Post by Dennis Peterson
Post by Jim Redman
Your opinions, seem to be the prevalent attitude of the vocal
members of this list - if you don't suffer, it wasn't worth it.
His specific problem is he lacks the skill to install and manage the product.
It's rather sad to see that this elitist attitude - which was
commonplace on Usenet back in the early 90's - is still alive and well
here in 2006. I'm not sure why people who otherwise are enthusiastic
supporters of open source don't see how this damages the community.
I agree that the argument "you don't want to spend your time looking
at gdb/valgrind/whatever output, so your input isn't welcome" is a
flawed argument. I do feel that we have to ask a little bit from people
who intend to run servers, though. I have always felt that one of the
reasons we have giant waves of botnets is the idea that anyone can run
an internet facing computer. Not to say we can't be more welcoming to
newcomers, but I do think we have to ask for something in return.
Post by Tom Metro
It would also be nice to see the project leaders show a better attitude
towards package maintainers. Not to say they necessarily have a poor
attitude towards them, but there wasn't anything positive put forth in
this thread. No one expects ClamAV to natively support specific
distributions, but a statement along the lines of "yeah, we've heard the
Fedora RPM isn't the smoothest install, but we're working with the
maintainer to improve it." Or, "we've accepted and incorporated numerous
patches from downstream packagers, so if you're having a problem with a
specific package, your best recourse is to report the problem to the
maintainer and have them report to us any changes that need to be made."
Speaking as a downstream packager, I have always had a very good
relationship with all of the clamav team members, except when I manage
to put my foot in my mouth. They have always been curteous, respectful,
and willing to accomodate issues that arise from the specific wierdnesses
of working within distro restraints. Even when I manage to put my
foot in my mouth, they have managed to have the good grace to forget
reasonably quickly :)

It's true that, in general, it's best to run as recent a version of the
code base as possible for support and/or security issues, but that's the
same with every codebase, and not particular to clamav.
--
--------------------------------------------------------------------------
| Stephen Gran | Catharsis is something I associate with |
| ***@lobefin.net | pornography and crossword puzzles. -- |
| http://www.lobefin.net/~steve | Howard Chaykin |
--------------------------------------------------------------------------
Tomasz Papszun
2006-11-13 23:24:55 UTC
Permalink
[...]
Post by Stephen Gran
Post by Tom Metro
It would also be nice to see the project leaders show a better attitude
towards package maintainers. Not to say they necessarily have a poor
attitude towards them, but there wasn't anything positive put forth in
this thread.
See below :-) .

[...]
Post by Stephen Gran
Speaking as a downstream packager, I have always had a very good
relationship with all of the clamav team members, except when I manage
to put my foot in my mouth. They have always been curteous, respectful,
and willing to accomodate issues that arise from the specific wierdnesses
of working within distro restraints. Even when I manage to put my
foot in my mouth, they have managed to have the good grace to forget
reasonably quickly :)
[...]

I don't think that the rest of the team can deny my statement below:
:-)

As a member of the ClamAV team and a Debian user I am *very* glad that
Stephen Gran is the Debian maintainer of the ClamAV packages.

He has always been very kind, helpful, competent and patient. He reacts
quickly to various problems/questions related to his packages and to
updates/fixes of the code. And he possesses a sense of humour :-) .

We highly appreciate Stephen's work.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
tomek at lodz.tpsa.pl http://www.lodz.tpsa.pl/iso/ | ones and zeros.
tomek at clamav.net http://www.ClamAV.net/ A GPL virus scanner
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
Dennis Peterson
2006-11-10 01:28:02 UTC
Permalink
Post by Tom Metro
Post by Dennis Peterson
Post by Jim Redman
Your opinions, seem to be the prevalent attitude of the vocal
members of this list - if you don't suffer, it wasn't worth it.
His specific problem is he lacks the skill to install and manage the product.
It's rather sad to see that this elitist attitude - which was
commonplace on Usenet back in the early 90's - is still alive and well
here in 2006. I'm not sure why people who otherwise are enthusiastic
supporters of open source don't see how this damages the community.
Everyone is a volunteer - the best that can be done in an all-volunteer
market place is being done now. In this case it was not good enough for
the OP. He could have offered to pay somebody to teach him or an employee
how to package things to his liking but he did not. Like you, he expects
that somebody will hear the whine and respond with a turnkey package. And
in a year when an upgrade is needed he will wonder why that volunteer
abandonded the project and left all his customers hanging, never realizing
they he has no customers, as he volunteered his labor.

Open source is a beautiful thing but it does not come with a promise of
endentured servitude on the part of the maintainers. If one cannot do what
is needed to install and maintain a product one should hire it out or find
another product. One should not get pissy with the volunteer support group
that is a keystone to this product's success.

Better than ranting here about it you could write the turnkey package for
him in the spirit of Kum-Bay-Yah and good fellowship. He's desperate for a
solution as long as he doesn't have to put any effort into it. As for providing
alternate solutions, that what Google is for - this is 2006, afterall.

dp

_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
Bit Fuzzy
2006-11-10 01:33:20 UTC
Permalink
My god!
This topic hasn't been killed yet?!?


_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
Tom Metro
2006-11-10 02:44:37 UTC
Permalink
Post by Dennis Peterson
Everyone is a volunteer - the best that can be done in an all-volunteer
market place is being done now.
...
Post by Dennis Peterson
Open source is a beautiful thing but it does not come with a promise of
endentured servitude on the part of the maintainers.
Yes, it's a volunteer effort, but it is also perfectly legitimate for
end-users of open source applications to provide feedback to the project
developers. I'm not a code contributor on ClamAV, and I don't think you
are either, but on projects where I do contribute, I look forward to
end-user feedback, as it helps direct your efforts.

It's a mistake to take the stance that just because it is an open source
project, there is no legitimate feedback other than code patches.
However, that doesn't mean that end-users should expect their needs to
be met on their time table, or at all, if resources aren't available.

Again, rather than attacking the premise, a more legitimate response
from someone who isn't actually writing the code is to offer an opinion
on where you think the OPs request should fall on the list of priorities.

For the actual developers, they could point the OP toward the correct
down-steam parties, agree with his point and say where it is or isn't on
the priority list, or provide an explanation for why they think it isn't
an area where they will spend their time. Any of those are perfectly
fine responses.

-Tom
--
Tom Metro
Venture Logic, Newton, MA, USA
"Enterprise solutions through open source."
Professional Profile: http://tmetro.venturelogic.com/
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
Mark
2006-11-11 23:55:37 UTC
Permalink
-----Original Message-----
Dennis Peterson
Sent: vrijdag 10 november 2006 2:28
Subject: Re: [Clamav-users] Cherishing my ignorance - An
appeal to package rs
If one cannot do what is needed to install and maintain a product
one should hire it out or find another product.
In general, there's an attitude prevalent in the UNIX world, like: "If you
cannot do this-or-that, then get your whiney ass back to Windoze." As is
the attitude of others to eagerly jump in with the grandstanding, so as to
associate themselves with the "real" UNIX folks.

Is that the case here, though? I think not. Rude as it may sound (and is
sometimes really worded that way, too), there's truly not a way to get
around having a minimal familiarity with installing stuff. For instance,
when I was upgrading to an earlier version of clamav, sigtool appeared to
need a newer version of the libgmp math library. Then you just need to do
that. It's a bit of work. But what's the alternative? Ask sigtool not to
use it? It needs it; so, if you want it, install it. Period. And when it
said that curl was still compiled against an earlier version of openssl,
and might conflict, then too, you just need to do what an admin does: his
job. :)

Getting back to my opening paragraph, I have on occasion noticed that
requests for easier installation are met with somewhat crabby answers
here. But the reality remains that you're all admins: it's no more
unreasonable to ask of a cobbler that he knows how to mend shoes, then it
is to ask of an admin that his knowledge of installing packages extend
beyond just "point-and-click". Not that I never asked a question here; but
I think there's a difference between asking a normal question, and
cherishing one's ignorance.

- Mark



_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
Bart Silverstrim
2006-11-10 16:08:49 UTC
Permalink
Post by Tom Metro
Post by Dennis Peterson
Post by Jim Redman
Your opinions, seem to be the prevalent attitude of the vocal
members of this list - if you don't suffer, it wasn't worth it.
His specific problem is he lacks the skill to install and manage the product.
It's rather sad to see that this elitist attitude - which was
commonplace on Usenet back in the early 90's - is still alive and
well here in 2006. I'm not sure why people who otherwise are
enthusiastic supporters of open source don't see how this damages
the community.
Probably because Open Source isn't about selling a product. It's
people doing this as a hobby, in the end, and if you want to use it,
there it is...if not, *shrug*. That's the attitude I see (except
from the just plain rude and arrogant who want to keep their toys to
themselves).

And in the quote above, he isn't necessarily saying the poster is
stupid, just lacking a skill. What's wrong in that? Maybe I don't
remember what else was said, but if you lack a skill in something,
you lack the skill. Approach the group with the attitude of, "Can
someone help me figure this out?," instead of, "Fix this for me," and
you might see a change in how people respond.
Post by Tom Metro
The argument is also flawed. So, the people criticizing the OP's
premise all build their software from scratch, build their own OS
distributions, and never used packaged software - right? No? Do
you at least review all the source code before you install a
package? No?
We've built up these layers not always because the end users don't
have the knowledge to reproduce them themselves, but because it
would be a waste of effort to replicate them. This hold as true for
rewriting a virus scanning engine from scratch as it does for
writing your own installation script. (If your environment requires
custom behavior, then by all means, write your own installation
script...or for that matter, customize the virus scanning engine.)
And ClamAV has been built in a way that many people have not had this
as a major stumbling block. I'm not a programmer, but had installed
Clam on at least three platforms. I'm not a guru, hold no certs for A
+ or Cisco or MS or any other groups. So what's going on here...am I
lying? Extremely lucky?...
Post by Tom Metro
Ease of installation is valued by knowledgeable users also.
Yes, especially if they already know why it is working and how to fix
it if something goes wrong.
Post by Tom Metro
Why spend time on a problem that others have already solved
hundreds of times over. I'd much rather use my time in solving
unexpected problems that are specific to my environment.
But you advocate not knowing anything about that environment in the
first place.

Where did that email go? Well I have it filtered in the bastion
server here first, then it goes to this scanner for spam, then this
for antivirus, then forwarded to this queue and out to this server...

But you want a drop-in solution so you don't need to know
anything...how do you troubleshoot something when you don't know what
it's doing in the first place?

Maybe it's just my opinion, for what little it's worth.


_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
Gary V
2006-11-10 16:32:56 UTC
Permalink
Post by Tom Metro
Ease of installation is valued by knowledgeable users also.
Yes, especially if they already know why it is working and how to fix it
if something goes wrong.
But you want a drop-in solution so you don't need to know anything...how
do you troubleshoot something when you don't know what it's doing in the
first place?
Hmm, I wonder how many of the people who responded in one way or another is
actually familiar with the package in question. I have been using Linux for
a couple years now and have installed thousands of packages. In general, I
have not had any problems navigating the package after it has been
installed. Sure packages need configuration. Sure, time is well spent
figuring out how to configure them. I would have been happy to use the
package in question rather than compile from source, but after spending 30
minutes trying to get into the mindset of the packager so I could actually
get clamav to function, I said f*** it.

Gary V

_________________________________________________________________
Stay in touch with old friends and meet new ones with Windows Live Spaces
http://clk.atdmt.com/MSN/go/msnnkwsp0070000001msn/direct/01/?href=http://spaces.live.com/spacesapi.aspx?wx_action=create&wx_url=/friends.aspx&mkt=en-us

_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
Bart Silverstrim
2006-11-10 20:29:56 UTC
Permalink
Post by Gary V
Post by Bart Silverstrim
Post by Tom Metro
Ease of installation is valued by knowledgeable users also.
Yes, especially if they already know why it is working and how to
fix it if something goes wrong.
But you want a drop-in solution so you don't need to know
anything...how do you troubleshoot something when you don't know
what it's doing in the first place?
Hmm, I wonder how many of the people who responded in one way or
another is actually familiar with the package in question. I have
been using Linux for a couple years now and have installed
thousands of packages. In general, I have not had any problems
navigating the package after it has been installed. Sure packages
need configuration. Sure, time is well spent figuring out how to
configure them. I would have been happy to use the package in
question rather than compile from source, but after spending 30
minutes trying to get into the mindset of the packager so I could
actually get clamav to function, I said f*** it.
See, you do that much effort, but then the OP said he just hacks the
word "example" out of the config file and runs the app as root. That
means he took what, five minutes of effort?

The conf for ClamAV is rather well documented from my experiences
with it. The packages may have altered the defaults or where the
files are located, but once it's in place, it's not normally that
hard to get working. The hard part is integrating with other daemons
and scanners. How do you expect THAT to be simplified for everyone
and all situations?
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
Gary V
2006-11-10 23:28:14 UTC
Permalink
Hmm, I wonder how many of the people who responded in one way or another
is actually familiar with the package in question. I have been using
Linux for a couple years now and have installed thousands of packages. In
general, I have not had any problems navigating the package after it has
been installed. Sure packages need configuration. Sure, time is well
spent figuring out how to configure them. I would have been happy to use
the package in question rather than compile from source, but after
spending 30 minutes trying to get into the mindset of the packager so I
could actually get clamav to function, I said f*** it.
See, you do that much effort, but then the OP said he just hacks the word
"example" out of the config file and runs the app as root. That means he
took what, five minutes of effort?
The conf for ClamAV is rather well documented from my experiences with it.
The packages may have altered the defaults or where the files are
located, but once it's in place, it's not normally that hard to get
working. The hard part is integrating with other daemons and scanners.
How do you expect THAT to be simplified for everyone and all situations?
Yes, unlike the OP, I was willing to spend the time, but like the OP I wish
I could have simply installed it and had it functioning (at least to the
point I could then tweak it). This particular package appears to me it *is*
trying to figure out and mold itself to environments like "CLAMAV for
POSTFIX filtered through AMAVISD-NEW using SPAMASSASSIN" which in fact was
my case, but somehow broke itself in the process of figuring this out. Your
experience may differ. Heck, my experience may differ if I try to install
the aforementioned packages in a different sequence, but I'm not sure my
experience should differ. I would rather it simply put stuff in reasonably
predictable places, then left it up to me to finish the configuration (if
needed). The complexity of the package left me wanting something I could at
least predict.

Gary V

_________________________________________________________________
Get today's hot entertainment gossip
http://movies.msn.com/movies/hotgossip?icid=T002MSN03A07001

_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
Bart Silverstrim
2006-11-11 05:04:24 UTC
Permalink
Post by Gary V
Post by Bart Silverstrim
Post by Gary V
Hmm, I wonder how many of the people who responded in one way or
another is actually familiar with the package in question. I
have been using Linux for a couple years now and have installed
thousands of packages. In general, I have not had any problems
navigating the package after it has been installed. Sure
packages need configuration. Sure, time is well spent figuring
out how to configure them. I would have been happy to use the
package in question rather than compile from source, but after
spending 30 minutes trying to get into the mindset of the
packager so I could actually get clamav to function, I said f***
it.
See, you do that much effort, but then the OP said he just hacks
the word "example" out of the config file and runs the app as
root. That means he took what, five minutes of effort?
The conf for ClamAV is rather well documented from my experiences
with it. The packages may have altered the defaults or where the
files are located, but once it's in place, it's not normally that
hard to get working. The hard part is integrating with other
daemons and scanners. How do you expect THAT to be simplified
for everyone and all situations?
Yes, unlike the OP, I was willing to spend the time, but like the
OP I wish I could have simply installed it and had it functioning
(at least to the point I could then tweak it). This particular
package appears to me it *is* trying to figure out and mold itself
to environments like "CLAMAV for POSTFIX filtered through AMAVISD-
NEW using SPAMASSASSIN" which in fact was my case, but somehow
broke itself in the process of figuring this out. Your experience
may differ. Heck, my experience may differ if I try to install the
aforementioned packages in a different sequence, but I'm not sure
my experience should differ. I would rather it simply put stuff in
reasonably predictable places, then left it up to me to finish the
configuration (if needed). The complexity of the package left me
wanting something I could at least predict.
The only way to solve this problem is to find someone willing to set
up a Linux VMWare image of a turnkey mail server for people who can't
figure out how to fulfill their sysadmin duties.

Then you can answer the questions of how to set up VMWare Player or
VMWare server.

-Bart
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
Dennis Peterson
2006-11-11 05:40:38 UTC
Permalink
Post by Gary V
Post by Bart Silverstrim
Post by Gary V
Hmm, I wonder how many of the people who responded in one way or
another is actually familiar with the package in question. I have
been using Linux for a couple years now and have installed
thousands of packages. In general, I have not had any problems
navigating the package after it has been installed. Sure packages
need configuration. Sure, time is well spent figuring out how to
configure them. I would have been happy to use the package in
question rather than compile from source, but after spending 30
minutes trying to get into the mindset of the packager so I could
actually get clamav to function, I said f*** it.
See, you do that much effort, but then the OP said he just hacks the
word "example" out of the config file and runs the app as root.
That means he took what, five minutes of effort?
The conf for ClamAV is rather well documented from my experiences
with it. The packages may have altered the defaults or where the
files are located, but once it's in place, it's not normally that
hard to get working. The hard part is integrating with other
daemons and scanners. How do you expect THAT to be simplified for
everyone and all situations?
Yes, unlike the OP, I was willing to spend the time, but like the OP I
wish I could have simply installed it and had it functioning (at least
to the point I could then tweak it). This particular package appears
to me it *is* trying to figure out and mold itself to environments
like "CLAMAV for POSTFIX filtered through AMAVISD-NEW using
SPAMASSASSIN" which in fact was my case, but somehow broke itself in
the process of figuring this out. Your experience may differ. Heck, my
experience may differ if I try to install the aforementioned packages
in a different sequence, but I'm not sure my experience should differ.
I would rather it simply put stuff in reasonably predictable places,
then left it up to me to finish the configuration (if needed). The
complexity of the package left me wanting something I could at least
predict.
The only way to solve this problem is to find someone willing to set up
a Linux VMWare image of a turnkey mail server for people who can't
figure out how to fulfill their sysadmin duties.
Then you can answer the questions of how to set up VMWare Player or
VMWare server.
-Bart
This isn't too far fetched an idea. At least with an Intel Mac running
Parallels you can distribute a complete Fedora Linux VM complete with
all the bells and whistles as a file in a CD. With Sendmail, Postfix, or
what ever you want installed and running along with SpamAssassin and
ClamAV. Once you have it built it is trivial to save it and distribute
it as a VM SMTP gateway solution.

Run it headless on a Core Duo Mac Mini and you have a nice small
footprint, small office SMTP front end that has the best tools
available. You can stuff a lot of Mini's in a refrigerator in your
basement and offer them and yourself as an SMTP service provider.

Or pick another VM package - same idea. I like the idea of Parallels,
though for the price advantage.

I've actually built some Mac Mini mail servers for remote sales offices
and they run and run. And the underlying Unix foundation works very much
the way a remote Linux system runs. And if the systems are low usage you
can install mulitple VM's for multiple customers, and a second Mini to
handle ClamAV chores.

Somebody's taking it seriously: http://www.macminicolo.net/

dp

dp
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
Bart Silverstrim
2006-11-09 15:11:53 UTC
Permalink
Post by Jim Redman
Steve,
Post by Steve Holdoway
You really do need to get out of the mindset that you don't
actually >need to know what you're doing to administer a server. It
is *NOT* a >trivial task, requires skills to support it, and years
of experience to >do it well.
Your opinions, seem to be the prevalent attitude of the vocal
members of this list - if you don't suffer, it wasn't worth it.
Is it really suffering if the steps are documented and you can follow
them?

Suffering to me would be if the steps are outlined somewhere and in
the course of following those directions, you get errors and
failures. Or the routine isn't documented anywhere so you have to
dig and hunt and infer how to configure something.

If you're a sysadmin and following directions is defined as
suffering, I think you may have other problems to deal with...
Post by Jim Redman
I would argue that I'm know enough about server administration to
realize that my knowledge of ClamAV will never be as deep as others
on this list, how much better if they create a secure, stable,
successful, packaged configuration and everyone (which happens to
also include me!) benefits from their knowledge. Or does that
sound like flamebait?
Because what fits your needs may not fit other people's needs when
you stop to consider how draconian or how absolutely loose-and-free
different mail admins can be? There are still idiots running open
relays out there. Encouraging people to know what the hell they're
doing helps separate those idiots from the rest of the populace.

Maybe what would actually be helpful is an automated uninstall/
reinstall that asks what options you want set to what values, and
compares changes from the previous install. Makes it more tedious
though.

-Bart
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
Dennis Peterson
2006-11-07 22:05:23 UTC
Permalink
Post by Jim Redman
Bowie,
The obvious observation that while this might work for you it's not a
general solution, so now everyone needs to create a script.
F'chrissake... It is trivial to do this. Less than 10 minutes, start
to stop. I wrote the script I use 3 years and it took just minutes. I have
10 mail servers in 5 timezones and three continents. They are all updated
within 30 minutes of a new drop. This is not rocket science - in fact this
is very simple stuff. If you are challenged by *any* of this you are in the
wrong business.

dp


_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
John Rudd
2006-11-08 00:05:15 UTC
Permalink
Post by Dennis Peterson
Post by Jim Redman
Bowie,
The obvious observation that while this might work for you it's not a
general solution, so now everyone needs to create a script.
F'chrissake... It is trivial to do this. Less than 10 minutes, start
to stop. I wrote the script I use 3 years and it took just minutes. I have
10 mail servers in 5 timezones and three continents. They are all updated
within 30 minutes of a new drop. This is not rocket science - in fact this
is very simple stuff. If you are challenged by *any* of this you are in the
wrong business.
Care to share your script?

(and, hopefully its written in a fashion that is portable, instead of
being linux specific ... or worse yet, specific to a given linux distro)
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
Dennis Peterson
2006-11-08 07:09:37 UTC
Permalink
Post by John Rudd
Post by Dennis Peterson
Post by Jim Redman
Bowie,
The obvious observation that while this might work for you it's not a
general solution, so now everyone needs to create a script.
F'chrissake... It is trivial to do this. Less than 10 minutes, start
to stop. I wrote the script I use 3 years and it took just minutes. I have
10 mail servers in 5 timezones and three continents. They are all updated
within 30 minutes of a new drop. This is not rocket science - in fact this
is very simple stuff. If you are challenged by *any* of this you are in the
wrong business.
Care to share your script?
(and, hopefully its written in a fashion that is portable, instead of
being linux specific ... or worse yet, specific to a given linux distro)
I don't care for any flavor of Linux. The only Linux system I manage has
Postfix installed and I don't care for it, either. The script is simply
what has been suggested already.

I run Solaris and korn shell but bourne shell works the same:

Download the new release to a download directory
Burst the tar.gz file in a working directory, gzip the tar file and put
it into a permanent central repository.
run buildit.sh (see below)
cd to the build directory of the currently running version, run svcadm
disable clamd, run make uninstall, cd - and run make install. While
that's happening I examine the new config files to see what changes are
made since the last version. I tweak them to suit my needs and put them
in RCS and the working directory. I then run svcadm enable clamd, and
then perform some tests on example viruses I have for the purpose.

On the next cycle, within the hour, cfengine propagates the binaries to
all the managed systems and restarts them.

The buildit.sh script is just a short script that consistently
configures the build between versions and then runs make. I use user
smmsp because that is also the user that my milter runs as it it
simplifies ownerships. And it means I don't have to install a new account.

buildit.sh:

#!/bin/sh

./configure \
--enable-milter \
--enable-bigstack \
--disable-clamuko \
--with-user=smmsp \
--with-group=smmsp \
--without-curl \
--without-clamav-milter |tee config.txt

make |tee build.log
# end

Your requirements will likely vary and you probably don't have cfengine
installed. I'd hate to be without it.

dp
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
Jim Redman
2006-11-09 19:09:40 UTC
Permalink
Folks,

I have to say, of all the lists I subscribe to, the vocal members of
this list are the most arrogant and insulting. However, I consider
comments such as Luca Gibelli's, bandwidth wasting, "We are happy to
suffer this loss." and Dennis Peterson's "His specific problem is he
lacks the skill to install and manage the product" reflect more about
the person making the comment, rather than the target.

I would also consider the prevalent attitude misplaced and wrong, and
before you berate me for knowing nothing, let me say this I've been
managing mail systems on Linux since the late 1.x releases and build and
support embedded Linux distros. If you're following the logic here,
that still doesn't prove that I know much, but at least I have some
background...

Somewhere between my teenage years and now, I have enough experience to
realize that I don't know everything. I can't create faster/better
optimized programs using assembler than a high level language, and I'm
not the worlds most knowledgeable Linux security expert. The many
packages that make up Linux are better understood by those who created
and maintain them and these people are the most qualified to produce
secure configurations of these packages. Even if I DID understand a
package better than the maintainer, or have a better grasp of security
than the person producing configuration, I would recognize that having
more people look at the configuration WILL improve the system. This is
one of the basic arguments of Eric Raymond's "The Cathedral and the
Bazaar" http://www.firstmonday.org/issues/issue3_3/raymond/

I no longer possess the desire to build Linux systems from scratch, or
to customize them so heavily that I cannot benefit from the work of some
of the greats in the community, although I may occasionally humbly make
suggestions that I think might be of benefit (some of these are not
necessarily accepted as such).

I'll further encourage these efforts because, having done this for a
while, I realize that it _IS_ now possible for someone who knows almost
nothing about Linux administration to take a distro, install it, update
it using one of the package managers and have a secure, if sub-optimal
installation, taking the defaults at installation. When I realize that
this person might otherwise have put Windows on the net and become
another spam and virus spewing Bot I feel that anything that can be done
to make the standard distros easier to use, and so to encourage their
uptake, is good.

And yet, when you suggest that one of the advances that ClamAV could
make is to be in a position to help these people, the responses
represent an elitist (and mis-guided) attitude that everyone should be a
highly skill sysadmin more knowledgeable of the ClamAV system.

So, now you have some more flamebait. I'm signing off, because, for the
vocal members of this list at least, Scott Adams seems to have the right
idea (http://dilbertblog.typepad.com/):

"Let me begin by saying I don’t debate with advocates. An advocate says
that everything is right about one position and everything is wrong
about the other side. You might as well debate with a doorknob."

Jim
--
Jim Redman
(505) 662 5156 x85
http://www.ergotech.com
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
John Hinton
2006-11-09 19:35:23 UTC
Permalink
<snippage>
I no longer possess the desire to build Linux systems from scratch, or
to customize them so heavily that I cannot benefit from the work of
some of the greats in the community, although I may occasionally
humbly make suggestions that I think might be of benefit (some of
these are not necessarily accepted as such).
<more snippage>

I have to agree with the general request made by Jim. Unfortunately,
most of us end user sysadmins have a lot on our plates. Compiling is not
that hard, but it is definitely harder than using something like an RPM.
And as the config file is normally not replaced, setting things up the
way you want it normally is left alone. I really can't imagine trying to
keep up with a full linux server these days with all the security
issues, if I had to compile each and every update to each and every
program... thus the success of distros such as Redhat, Suse and Debian
to name just a few.

I personally run CentOS for all my systems. I use the dag repository for
many additional packages, ClamAV being one of the main packages. I find
his ClamAV RPM works right out of the box, and is updated as needed,
which allows the use of yum or up2date to keep Clam updated. But his
repository is aimed at Redhat.

I have to compliment the ClamAV team for providing a great list of other
sources for obtaining ClamAV. Perhaps taking a careful look there first
is something we should all consider, if that resource has been overlooked.

http://clamav.net/binary.html


Thanks for a great product.

John Hinton
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
tBB
2006-11-10 00:12:41 UTC
Permalink
Post by Jim Redman
I have to say, of all the lists I subscribe to, the vocal members of
this list are the most arrogant and insulting. However, I consider
comments such as Luca Gibelli's, bandwidth wasting, "We are happy to
suffer this loss." and Dennis Peterson's "His specific problem is he
lacks the skill to install and manage the product" reflect more about
the person making the comment, rather than the target.
I really hope this thread dies a quick death. If you consider
L.Gibelli's and D.Petterson's replys a bandwidth wasting, what are you
calling your repetitive mindless blather like "I'm not spending another
two days monkeying with configuration"?

None of the comparably few and well documented options in ClamAv's
config files should be hard to understand for someone who is allegedly
administrating Linux servers since "late 1.x release", not to mention a
software developer like you also alleged to be. As for your comparison
with a doorknob, if a doorknob has the better arguments it's reasonable
that you don't want to debate with it.

I'm sorry for the probably "arrogant and insulting" tone but you're
literally asking for it.
--
Q: Because it reverses the logical flow of conversation.
A: Why is putting a reply at the top of the message frowned upon?




































_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
John Rudd
2006-11-10 00:35:36 UTC
Permalink
Post by tBB
I'm sorry for the probably "arrogant and insulting" tone but you're
literally asking for it.
Perhaps he is asking for it, but he's also right.


_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
Bart Silverstrim
2006-11-10 14:26:22 UTC
Permalink
Post by Jim Redman
Folks,
I have to say, of all the lists I subscribe to, the vocal members
of this list are the most arrogant and insulting. However, I
consider comments such as Luca Gibelli's, bandwidth wasting, "We
are happy to suffer this loss." and Dennis Peterson's "His specific
problem is he lacks the skill to install and manage the product"
reflect more about the person making the comment, rather than the
target.
You're forgetting one detail that probably was the most provoking,
though. He started right off saying he "cherishes his ignorance".

How many of our problems as sysadmins come from user ignorance? How
much worse is it when you have to deal with another peer's ignorance,
and worse yet, WILLFUL ignorance? "Hi, I'm hired to do a complicated
and skillful job as a sysadmin, but want to know nothing about how or
why this software stuff works...can you help me? By, like, doing it
for me?"

If he was asking for help or proposing a reform without expressly
saying the driving reason was because he wanted to know nothing about
how it worked or how to install it or even how to properly tune it to
keep from annoying fellow mail sysadmins on nearby networks, it
wouldn't have elicited such a venomous response from an open source
group. These people working on ClamAV aren't, to my knowledge, paid
to make the program or keep it up to date, let alone make the
installer and front-end interfaces the most polished. They are
programmers doing this in their spare time to try to make a usable
product for their peers.

And you're surprised that unpaid programmers and sysadmins having to
routinely deal with problems that are often linked to end-user
ignorance would get a little ticked when getting a question from
someone saying they're a sysadmin who wants to remain clueless? More
often than not the way to get respect among that little social club
is to try learning things and expanding your knowledge through your
questions, not chastising them because they're doing something that
forces you to learn something about why and how your system works.
Post by Jim Redman
I would also consider the prevalent attitude misplaced and wrong,
and before you berate me for knowing nothing, let me say this I've
been managing mail systems on Linux since the late 1.x releases and
build and support embedded Linux distros. If you're following the
logic here, that still doesn't prove that I know much, but at least
I have some background...
Personally, I didn't mean to say that you're someone who knows
*nothing* about Linux or Unix. I don't know what your specialty is.
My personal belief is that there are very few gurus who know all
there is to know about hardware and software
administration...sysadmins specialize or they tend to have
superficial knowledge of a wide array of topics. A mail admin may
know about spam filtering, viruses flying around the Internet,
Postfix vs. Qmail, etc., while knowing little about DDR RAM or the
next-gen processors slated for release from Intel. At the same time,
you shouldn't be willfully ignorant about the topics related to your
field and have no desire to learn more since you don't know when that
knowledge will be handy. Sysadmins supposedly carry on the spirit of
the original hackers, and the hallmark was curiosity and willingness
to learn new things.

Proclaiming a desire to be ignorant does not win brownie points among
those he was "asking for help".
Post by Jim Redman
Somewhere between my teenage years and now, I have enough
experience to realize that I don't know everything. I can't create
faster/better optimized programs using assembler than a high level
language, and I'm not the worlds most knowledgeable Linux security
expert. The many packages that make up Linux are better understood
by those who created and maintain them and these people are the
most qualified to produce secure configurations of these packages.
Even if I DID understand a package better than the maintainer, or
have a better grasp of security than the person producing
configuration, I would recognize that having more people look at
the configuration WILL improve the system. This is one of the
basic arguments of Eric Raymond's "The Cathedral and the Bazaar"
http://www.firstmonday.org/issues/issue3_3/raymond/
Which is fine...no one, I believe, was arguing against this idea.

They did seem to take offense to the attitude of "Hello fellow
sysadmins, can you improve this packager so I don't need to know
anything about it, just drop it in place and bingo everything works?"
Post by Jim Redman
I'll further encourage these efforts because, having done this for
a while, I realize that it _IS_ now possible for someone who knows
almost nothing about Linux administration to take a distro, install
it, update it using one of the package managers and have a secure,
if sub-optimal installation, taking the defaults at installation.
When I realize that this person might otherwise have put Windows on
the net and become another spam and virus spewing Bot I feel that
anything that can be done to make the standard distros easier to
use, and so to encourage their uptake, is good.
That is a user. End users do this. Sysadmins should not be ignorant
when running services...it's part of the "administration" in the job
title to imply they know something about what they're doing.

You do people no favor when you encourage a mail sysadmin to not know
what SMTP stands for. Maybe we should advocate that medicine be
simplified to the point where you need a heap of ignorance and a
grain of good will from others to make home surgery kits?

There's a reason sysadmins are supposed to be earning more money than
a go-fer in a company or a burger-flipper at a mcjob. They're
supposed to have more skills and are learning more to enhance those
skills. `
Post by Jim Redman
And yet, when you suggest that one of the advances that ClamAV
could make is to be in a position to help these people, the
responses represent an elitist (and mis-guided) attitude that
everyone should be a highly skill sysadmin more knowledgeable of
the ClamAV system.
No, just not encouraging people to remain ignorant. The more
ignorance you spread, the more support calls you generate. Unless
you're doing it on purpose, in which case I'd wonder if you're
purposely keeping people "stupid" to keep from losing a lucrative
base from which to take advantage of their dependence and ignorance
for your own gains.

There is also the possibility that if people knew the basics of what
they're doing it cuts down on the more frivolous support calls and
requests so people can focus on more important issues that could use
polishing and fixing.
Post by Jim Redman
So, now you have some more flamebait. I'm signing off, because,
for the vocal members of this list at least, Scott Adams seems to
"Let me begin by saying I don’t debate with advocates. An advocate
says that everything is right about one position and everything is
wrong about the other side. You might as well debate with a doorknob."
"Pot, Kettle. Kettle, Pot."

-Bart_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
Jim Maul
2006-11-10 14:45:33 UTC
Permalink
Post by Bart Silverstrim
Post by Jim Redman
Folks,
I have to say, of all the lists I subscribe to, the vocal members of
this list are the most arrogant and insulting. However, I consider
comments such as Luca Gibelli's, bandwidth wasting, "We are happy to
suffer this loss." and Dennis Peterson's "His specific problem is he
lacks the skill to install and manage the product" reflect more about
the person making the comment, rather than the target.
You're forgetting one detail that probably was the most provoking,
though. He started right off saying he "cherishes his ignorance".
How many of our problems as sysadmins come from user ignorance? How
much worse is it when you have to deal with another peer's ignorance,
and worse yet, WILLFUL ignorance? "Hi, I'm hired to do a complicated
and skillful job as a sysadmin, but want to know nothing about how or
why this software stuff works...can you help me? By, like, doing it for
me?"
Maybe i missed it, but where in his original email did he ask anyone to
help him by doing something for him? From what i can see, he didnt even
ask for help at all. The way i took it was:

Gee, I downloaded this package for clamav and installed it and now there
are all sorts of other things that still need to be done to get it
working correctly. Maybe clamav developers could work with the package
maintainers to make this process go more smoothly?

To which he received responses like:

Your an idiot.
We dont care.
Shut up and stop posting crap like this to the list.

To me it seems like everyone missed the point and made their own
assumptions as to what he *really* meant. Maybe the title was worded
poorly, or his post looked too similar to others that people have seen
in the past and it triggered an immediate negative response from them,
or maybe its just that some people on this list havent gotten any lately
and are grumpy - who knows. But to berate someone like this over a post
they made which i believe was interpreted incorrectly to begin with is
completely wrong. I mean cmon, the subject clearly states its directed
at packagers. Give the guy a flippin break.

-Jim
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
Dennis Peterson
2006-11-10 15:13:53 UTC
Permalink
Post by Jim Maul
Post by Bart Silverstrim
Post by Jim Redman
Folks,
I have to say, of all the lists I subscribe to, the vocal members of
this list are the most arrogant and insulting. However, I consider
comments such as Luca Gibelli's, bandwidth wasting, "We are happy to
suffer this loss." and Dennis Peterson's "His specific problem is he
lacks the skill to install and manage the product" reflect more about
the person making the comment, rather than the target.
You're forgetting one detail that probably was the most provoking,
though. He started right off saying he "cherishes his ignorance".
How many of our problems as sysadmins come from user ignorance? How
much worse is it when you have to deal with another peer's ignorance,
and worse yet, WILLFUL ignorance? "Hi, I'm hired to do a complicated
and skillful job as a sysadmin, but want to know nothing about how or
why this software stuff works...can you help me? By, like, doing it
for me?"
Maybe i missed it, but where in his original email did he ask anyone to
help him by doing something for him? From what i can see, he didnt even
Gee, I downloaded this package for clamav and installed it and now there
are all sorts of other things that still need to be done to get it
working correctly. Maybe clamav developers could work with the package
maintainers to make this process go more smoothly?
This is precisely a request for help and for someone, anyone but him, to
build a product to his specification. Your statement is made illogical
by your example.

In fact he went on to write several screens of rant about why he doesn't
like the services of the ClamAV packagers. Had he written code instead
of smearing their efforts he'd have a working installer now.

In fact, apache, a far more common application than ClamAV, requires
vastly more after-install configuration and management effort than does
ClamAV, so his premise is farcical.

There are no well-known IP ports for clamd and no well-known locations
for Unix sockets. There is no master plan to tie various milter/filter
programs together to use ClamAV. I use a milter and Sendmail. Others may
prefer to use procmail. SpamAssassin is popular. Bringing it all
together is what the admin is for. Continued user intervention is
extremely necessary - this product has no brain - come prepared to use
your own.

Finally, it is a service not offered by the ClamAV team and personally
I'd prefer they focus on getting 0.90 released than hand-holding slacker
admins. My, aren't I being judgmental! Hell yes. I'm tired of sharing
critical Internet services with admins who are not committed to their
responsibilities.

The binaries page has several links to packagers who are in a position
to help. One of them supports his package. Those two should get together
and solve this hellish problem. And he should quit laying blame on
everyone else for his dire condition.

dp
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
Jim Maul
2006-11-10 16:06:50 UTC
Permalink
Post by Dennis Peterson
Post by Jim Maul
Post by Bart Silverstrim
Post by Jim Redman
Folks,
I have to say, of all the lists I subscribe to, the vocal members of
this list are the most arrogant and insulting. However, I consider
comments such as Luca Gibelli's, bandwidth wasting, "We are happy to
suffer this loss." and Dennis Peterson's "His specific problem is he
lacks the skill to install and manage the product" reflect more
about the person making the comment, rather than the target.
You're forgetting one detail that probably was the most provoking,
though. He started right off saying he "cherishes his ignorance".
How many of our problems as sysadmins come from user ignorance? How
much worse is it when you have to deal with another peer's ignorance,
and worse yet, WILLFUL ignorance? "Hi, I'm hired to do a complicated
and skillful job as a sysadmin, but want to know nothing about how or
why this software stuff works...can you help me? By, like, doing it
for me?"
Maybe i missed it, but where in his original email did he ask anyone
to help him by doing something for him? From what i can see, he didnt
Gee, I downloaded this package for clamav and installed it and now
there are all sorts of other things that still need to be done to get
it working correctly. Maybe clamav developers could work with the
package maintainers to make this process go more smoothly?
This is precisely a request for help and for someone, anyone but him, to
build a product to his specification. Your statement is made illogical
by your example.
Says who, you? Sorry, but I really couldn't care less about what you
have to say. By the way, it was a SUGGESTION, not "precisely a request
for help" as you seem to think.
Post by Dennis Peterson
In fact he went on to write several screens of rant about why he doesn't
like the services of the ClamAV packagers. Had he written code instead
of smearing their efforts he'd have a working installer now.
Sorry, everyone isnt as smart as you think you are.
Post by Dennis Peterson
In fact, apache, a far more common application than ClamAV, requires
vastly more after-install configuration and management effort than does
ClamAV, so his premise is farcical.
Yes, but will it WORK without this after-install configuration and
management? Yes, it will.
Post by Dennis Peterson
There are no well-known IP ports for clamd and no well-known locations
for Unix sockets. There is no master plan to tie various milter/filter
programs together to use ClamAV. I use a milter and Sendmail. Others may
prefer to use procmail. SpamAssassin is popular. Bringing it all
together is what the admin is for. Continued user intervention is
extremely necessary - this product has no brain - come prepared to use
your own.
Of course. This job is not for the braindead or those who would rather
not exercise their mind. That is in no way a reason for a product not
to be improved if there is room for improvement.
Post by Dennis Peterson
Finally, it is a service not offered by the ClamAV team and personally
I'd prefer they focus on getting 0.90 released than hand-holding slacker
admins. My, aren't I being judgmental! Hell yes. I'm tired of sharing
critical Internet services with admins who are not committed to their
responsibilities.
And the OP may very well not be one of those committed admins. Who
cares? He is still human and may actually have a valid suggestion -
imagine that?! You seem to have completely ignored the real reason for
the post and instead focused on the negatives as you seem to have some
personal vendetta against anyone that isnt as smart as you. I bet its
lonely on top your little pedestal, no?
Post by Dennis Peterson
The binaries page has several links to packagers who are in a position
to help. One of them supports his package. Those two should get together
and solve this hellish problem. And he should quit laying blame on
everyone else for his dire condition.
To think that there *might* actually be some packagers who are
listening. Blasphemous!
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
Dennis Peterson
2006-11-10 18:01:51 UTC
Permalink
Post by Jim Maul
Post by Dennis Peterson
Post by Jim Maul
Gee, I downloaded this package for clamav and installed it and now
there are all sorts of other things that still need to be done to get
it working correctly. Maybe clamav developers could work with the
package maintainers to make this process go more smoothly?
This is precisely a request for help and for someone, anyone but him, to
build a product to his specification. Your statement is made illogical
by your example.
Says who, you? Sorry, but I really couldn't care less about what you
have to say. By the way, it was a SUGGESTION, not "precisely a request
for help" as you seem to think.
It was the ? at the end of your statement that gave it away. That forced it
away from a suggestion to an actual beseeching.
Post by Jim Maul
From Webster's
beseech
One entry found for beseech.
Main Entry: beseech
Pronunciation: bi-'sEch, bE-
Function: verb
Inflected Form(s): -seeched or besought /-'sot/; -seeching
Etymology: Middle English besechen, from be- + sechen to seek
transitive verb
1 : to beg for urgently or anxiously
2 : to request earnestly : IMPLORE
intransitive verb : to make supplication
synonym see BEG
- beseechingly /-'sE-chi[ng]-lE/ adverb

I like the synomym offered.

Nothing to see here, people, let's get back to work.

dp
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
Jim Maul
2006-11-10 18:23:14 UTC
Permalink
Post by Dennis Peterson
Post by Jim Maul
Post by Dennis Peterson
Post by Jim Maul
Gee, I downloaded this package for clamav and installed it and now
there are all sorts of other things that still need to be done to get
it working correctly. Maybe clamav developers could work with the
package maintainers to make this process go more smoothly?
This is precisely a request for help and for someone, anyone but him, to
build a product to his specification. Your statement is made illogical
by your example.
Says who, you? Sorry, but I really couldn't care less about what you
have to say. By the way, it was a SUGGESTION, not "precisely a request
for help" as you seem to think.
It was the ? at the end of your statement that gave it away. That forced it
away from a suggestion to an actual beseeching.
Thank you for your overly literal take on my post. Is this a question?:

Hi?

Adding a ? to the end of a sentence does not magically turn the sentence
into a question. At least not one thats meant to be responded to as
one. One can make a suggestion in a questioning manner in such a way
that they are not actually looking for an answer to the question.

Take this brief conversation for example:

Customer: When im driving and my car reaches 50mph, my steering wheel
shakes badly.
Mechanic: Well there could be a couple things wrong that would cause that.
Customer: Maybe its my new tires I just had installed?

Would you take this to mean that the customer is actually asking if the
new tires are at fault? It makes more sense to take this as the
customer is SUGGESTING to the mechanic that MAYBE the tires are at fault
and that it would be a good starting point to begin troubleshooting the
problem. Just like the OP was suggesting that maybe the clamav team
could work with package maintainers to make the process of installing
clamav from packages more consistent/user friendly. If the clamav team
does not like this suggestion, they are free to ignore it and if they do
like it, then maybe something will be done with it some day. Either
way, the OP in no way deserved the insults and harassment he received.
Post by Dennis Peterson
Post by Jim Maul
From Webster's
beseech
One entry found for beseech.
Main Entry: beseech
Pronunciation: bi-'sEch, bE-
Function: verb
Inflected Form(s): -seeched or besought /-'sot/; -seeching
Etymology: Middle English besechen, from be- + sechen to seek
transitive verb
1 : to beg for urgently or anxiously
2 : to request earnestly : IMPLORE
intransitive verb : to make supplication
synonym see BEG
- beseechingly /-'sE-chi[ng]-lE/ adverb
I like the synomym offered.
Thats nice. I like pizza.
Post by Dennis Peterson
Nothing to see here, people, let's get back to work.
I've been working all day, but thanks for the permission.

-Jim
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
Rob Munsch
2006-11-10 19:07:21 UTC
Permalink
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Depends on your definition of "this," but this definitely is: isn't it
about time a moderator stepped in and stopped the spamflow?

Once any argument on the internet gets down to quoting the dictionary,
it's all over.

(That wasn't, for those keeping count, and neither is this.)
- --
Rob Munsch
Solutions For Progress IT
www.solutionsforprogress.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFVM3pBvBcJFK6xYURAnvzAJ0ayNafCJe0uF50avLdOplOgrLjsQCfVX7c
7Bs2IFXK09w4EnwtirCI1tU=
=8kQk
-----END PGP SIGNATURE-----
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
Philip Allison
2006-11-22 10:55:50 UTC
Permalink
Post by Jim Maul
Post by Dennis Peterson
In fact, apache, a far more common application than ClamAV, requires
vastly more after-install configuration and management effort than does
ClamAV, so his premise is farcical.
Yes, but will it WORK without this after-install configuration and
management? Yes, it will.
I promised myself I wouldn't stick my nose into this overgrown
monstrosity of a thread, but I cannot resist.

I don't condone ignorance, nor do I condone elitism, but in this
particular instance I see a rather large point being missed by the OP's
sympathisers. If I remember rightly, when I installed ClamAV on Gentoo,
it did "just work" - in the sense that I could run "/etc/init.d/clamd
start" and ClamD would start, and in the sense that the library and
header files were installed in sane locations.

However... nothing was actually scanning anything for viruses!

ClamAV is a toolkit and a service, not a mail scanner or a web-page
scanner or an on-access file scanner in its own right. It's one thing
having a package that installs and works, but "working" from a
functional point of view is a separate issue from "doing what the user
wants". The critical point here is that "what the user wants" can be one
of an unlimited number of things, precisely because ClamAV is a means to
an end, not the end itself.

Those familiar with Windows may think of it this way: ClamAV itself is
more like a collection of DLLs, and NOT - for example - an end-product
like Norton AntiVirus. (Yes, I am aware of ClamWin, but we are debating
the ClamAV package itself here. The two are not the same product.)
--
Philip Allison
Developer

SmoothWall Ltd. - http://www.smoothwall.net/

This email and any attachments transmitted with it are confidential to
the intended recipient(s) and may not be communicated to any other
person or published by any means without the express permission of
SmoothWall Ltd. Any views expressed in this message are solely those of
the author. See http://www.smoothwall.net/emailnotice.html for the full
text of this notice.


This email has been processed by SmoothZap - www.smoothwall.net


_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
James Kosin
2006-11-10 15:29:41 UTC
Permalink
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Post by Jim Maul
Maybe i missed it, but where in his original email did he ask anyone
to help him by doing something for him? From what i can see, he
Gee, I downloaded this package for clamav and installed it and now
there are all sorts of other things that still need to be done to
get it working correctly. Maybe clamav developers could work with
the package maintainers to make this process go more smoothly?
Your an idiot.
We dont care.
Shut up and stop posting crap like this to the list.
To me it seems like everyone missed the point and made their own
assumptions as to what he *really* meant. Maybe the title was
worded poorly, or his post looked too similar to others that people
have seen in the past and it triggered an immediate negative
response from them, or maybe its just that some people on this list
havent gotten any lately and are grumpy - who knows. But to berate
someone like this over a post they made which i believe was
interpreted incorrectly to begin with is completely wrong. I mean
cmon, the subject clearly states its directed at packagers. Give
the guy a flippin break.
-Jim
Ok,

I'm usually very patient when it comes to responses to email's like
this. But, I believe he is really asking the wrong people. He should
be going to the package maintainers. This group is usually content
with compiling and installing directly from source.

Like Dennis said "Bringing it all together is what the admin is for."

ClamAV is a powerful tool; but, would you give a chainsaw to your
2-year old to use.... I think not.

Everyone has to learn. There is no shortcuts when it comes to being a
sysadmin, no matter what level you are. You can make things easier;
but, usually at a cost. No one here is willing to make ClamAV a
butter knife when it is already a chainsaw.

- -James
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFVJrkkNLDmnu1kSkRAiY3AJ4q4FvrEKs7qdvylNclGZPn3IZYKwCffyxj
cpwgnnzStfnSaPFScEbD3Is=
=5i3r
-----END PGP SIGNATURE-----
--
Scanned by ClamAV - http://www.clamav.net

_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
Jim Maul
2006-11-10 15:53:21 UTC
Permalink
Post by Rob Munsch
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Post by Jim Maul
Maybe i missed it, but where in his original email did he ask anyone
to help him by doing something for him? From what i can see, he
Gee, I downloaded this package for clamav and installed it and now
there are all sorts of other things that still need to be done to
get it working correctly. Maybe clamav developers could work with
the package maintainers to make this process go more smoothly?
Your an idiot.
We dont care.
Shut up and stop posting crap like this to the list.
To me it seems like everyone missed the point and made their own
assumptions as to what he *really* meant. Maybe the title was
worded poorly, or his post looked too similar to others that people
have seen in the past and it triggered an immediate negative
response from them, or maybe its just that some people on this list
havent gotten any lately and are grumpy - who knows. But to berate
someone like this over a post they made which i believe was
interpreted incorrectly to begin with is completely wrong. I mean
cmon, the subject clearly states its directed at packagers. Give
the guy a flippin break.
-Jim
Ok,
I'm usually very patient when it comes to responses to email's like
this. But, I believe he is really asking the wrong people. He should
be going to the package maintainers. This group is usually content
with compiling and installing directly from source.
Are they really no package maintainers on this list? I find that hard
to believe. Is it really necessary to punish someone for thinking that
maybe, just maybe, a message about clamav packages on the clamav-users
list might actually get seen by some packagers themselves?
Post by Rob Munsch
Like Dennis said "Bringing it all together is what the admin is for."
ClamAV is a powerful tool; but, would you give a chainsaw to your
2-year old to use.... I think not.
Everyone has to learn. There is no shortcuts when it comes to being a
sysadmin, no matter what level you are. You can make things easier;
but, usually at a cost. No one here is willing to make ClamAV a
butter knife when it is already a chainsaw.
Of course. Im not saying i completely agree with everything the OP
wrote. Im simply saying that i believe people misinterpreted what he
was ultimately trying to say, and then insulted him because of it.

-Jim
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
James Kosin
2006-11-10 17:11:38 UTC
Permalink
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Post by Jim Maul
Are they really no package maintainers on this list? I find that
hard to believe. Is it really necessary to punish someone for
thinking that maybe, just maybe, a message about clamav packages on
the clamav-users list might actually get seen by some packagers
themselves?
Yes, there are; but, most are looking here for updates, issues, etc.
that may make thing easier for supporting the users of the packages.
All package maintainers also have their own email addresses. Most are
willing to take suggestions. Some even make changes.
But, asking this community outright for a change like this to take
place at ClamAV is difficult to manage, and misplaced.

When you first install ClamAV (even from source), you have to make
changes to the configuration. This I found out myself after a few
days of ClamAV not working... my first time. Some package maintainers
do make this easier and make a few changes themselves to get things
working; but, then the users may have an inadequate configuration for
their use and not know any better.
Post by Jim Maul
Of course. Im not saying i completely agree with everything the OP
wrote. Im simply saying that i believe people misinterpreted what
he was ultimately trying to say, and then insulted him because of
it.
He insulted himself first with the very misdirected subject to the email.

"[Clamav-users] Cherishing my ignorance - An appeal to packagers:
<QUOTE>
Post by Jim Maul
I WANT to know NOTHING about ClamAV, I wish to remain ignorant. I
even trust the folks who produce RPMs to come up with reasonable
defaults for file locations, max sizes, etc. etc. etc. As _IS_ the
case with just about every other install.
</QUOTE>

He clearly states he wants to know NOTHING about the setup of ClamAV.
This is not the tact to take when installing a package like this. How
it is configured depends heavily on how you want to use it. You have
to learn and overcome your ignorance to accomplish this.

His email has no basis in reality as far as anyone can tell.
Post by Jim Maul
WARNING: Your ClamAV installation is OUTDATED!
Never will be fixed. I'm not spending another two days monkeying
with configuration, so this install of ClamAV stays, just ignore
the warning that it's OUTDATED until then next OS upgrade. So I'll
never see any of the new and great features added.
Yes, it is a WARNING, if you read the whole warning it says NOT to PANIC.
Actually, EVERYONE gets theses once in a while. Unless you have a
script that checks every hour for the latest version you are bound to
get a few of these in the logs. Everyone knows the drill....
download the source, compile, install, done. Usually that simple.
Packages are usually similar, but the maintainer needs to do the work
of compiling, testing, etc before releasing.
Post by Jim Maul
This means that much of the developers work is wasted, because I
take the easiet way around an error, no clamav user, the hell with
it, freshclam runs as root.
config file, just take out "Example" keep hacking until it stops
complaining.
This is just BAD news. ClamAV should not be treated this way.
Running as root aside, you have to READ the configuration file in its
entirety to appreciate its usefulness.

Nothing he said gave the problem clear details, suggestions or otherwise.
Some questions he could have asked are:

Why does ClamAV always complain about the configuration being bad
after I just installed it on my machine?
Why does ClamAV complain about being OUTDATED?
How can I fix these problems?
Where should I go to find out more about the configuration?
What is the proper way to configure ClamAV for my system?
Why can't freshclam write to the directory for the virus updates?
How can I fix this?

But, he didn't ASK a single question.

- -James
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFVLLKkNLDmnu1kSkRAsUBAJ0Yi3gmtAdDW/PUfOg47zomTx6pAgCdHq6s
YIItLVCd8stq3hLZ5+Erh60=
=XBwq
-----END PGP SIGNATURE-----
--
Scanned by ClamAV - http://www.clamav.net

_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
John Rudd
2006-11-10 16:56:59 UTC
Permalink
Post by James Kosin
Like Dennis said "Bringing it all together is what the admin is for."
I disagree. There are some things which are the admin's job, but they
are not the catch-all for all unresolved burdens ("bringing it all
together").

Pardon my lecture, but lets review the root of our discipline:


The purpose of computers is to shift the workload of as many tasks as
possible away from the human and toward automation, freeing up the human
to address more sophisticated problems they were previously unable to
address due to those workloads.


This is the mantra of the entirety of computing. If you are working
with computers, and this isn't the focus of what you're doing, even
indirectly, then you're not contributing to the domains of computer
science and/or computer engineering. Period. No ifs ands nor buts.
Even with games: the "more sophisticated problem" is "having more
complex/sophisticated environments for recreation".

Notice that I did NOT say "users", I said "humans". This applies across
the entire scope of computing, and not just at the level of "what do we
provide to the end user?"

For the hardware developer (whether it's chip developers or platform
developers), their burden is to reduce the workload of everyone by
increasing the overall capacity of the systems ... but more directly,
they should also be reducing the workload of the system engineer.

The system engineer has three groups whose workload they need to reduce:
system administrators, application developers, and users.

Application developers have two groups (depending upon the scope of the
application): other application devleopers, system administrators, and
users.

System administrators have two groups they need to address: application
developers and users.

Users also have groups they need to address: themselves (if they're not
going to leverage the tool to allow them to accomplish tasks that their
previous drudgery was preventing them from addressing, then what's the
point?), and non-computer users that are their "customers" (the bank
teller who can not give you more information than they used to, because
the information is all now at their finger tips ... before computers at
the bank teller, they couldn't do that).



ClamAV is an application. Its target audience is all three of the ones
I mentioned for application developers. Therefore, the developers of
ClamAV have the burden of reducing the workload of system
administrators, users, and other application developers. The obvious
manner in which they address this is "making it easier to identify
viruses so that the user or sysadmin can eliminate the virus from their
environment, or so that other applications may leverage this
identification process for automated deletion/interception of viruses".

But, that is not the only manner in which application developers should
reduce burdens (at the level of the problem being solved). They should
also reduce other burdens where they can, such as reducing the ergonomic
burden of the user (ie. better user interface design). And they should
reduce the burden of the system administrator by making the application
easier to maintain at the system administration level. That means doing
things like using standard installation locations, using standard
configuration tools, etc.

It also means using easier and more reliable packaging and
installation/removal mechanisms. Reduce the burden of the system
administrator by making the installation task more streamlined, more
reliable, and easier.


So, to get back to the original quote:

"Bringing it all together is what the admin is for."

No. You do not get to simply dump this burden upon the sysadmin. That
burden is shared across the entire domain of computing. Each person is
responsible for "bringing it together" for the community to which they
are providing an automation.

You might say "but this subject is the responsibility, within
'Application Development' of the release engineer, and ClamAV doesn't
have enough release engineering volunteers to address more sophisticated
release engineering processes". OK, that's a reasonable response. But
that's saying "we don't have enough resources to address one of our
burdens". That means "the request was valid, but we can't address it".

That is ENTIRELY different from a response of "the request is
unreasonable/invalid because our consumer should just be willing to do
more work" (effectively what the OP's detractors have been saying).
BZZT. That response directly contradicts the central purpose of
computing. Therefore, that response is inherently wrong and inappropriate.
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
Bart Silverstrim
2006-11-10 19:57:30 UTC
Permalink
Post by Jim Maul
Post by Bart Silverstrim
Post by Jim Redman
Folks,
I have to say, of all the lists I subscribe to, the vocal members
of this list are the most arrogant and insulting. However, I
consider comments such as Luca Gibelli's, bandwidth wasting, "We
are happy to suffer this loss." and Dennis Peterson's "His
specific problem is he lacks the skill to install and manage the
product" reflect more about the person making the comment, rather
than the target.
You're forgetting one detail that probably was the most provoking,
though. He started right off saying he "cherishes his ignorance".
How many of our problems as sysadmins come from user ignorance?
How much worse is it when you have to deal with another peer's
ignorance, and worse yet, WILLFUL ignorance? "Hi, I'm hired to do
a complicated and skillful job as a sysadmin, but want to know
nothing about how or why this software stuff works...can you help
me? By, like, doing it for me?"
Maybe i missed it, but where in his original email did he ask
anyone to help him by doing something for him? From what i can
Gee, I downloaded this package for clamav and installed it and now
there are all sorts of other things that still need to be done to
get it working correctly. Maybe clamav developers could work with
the package maintainers to make this process go more smoothly?
Here is what I was reading from the original (I believe)
email...correct me if I'm wrong...
*****
I WANT to know NOTHING about ClamAV, I wish to remain ignorant.
*****
Instead the packages need me to learn some of the inner workings of
ClamAV and FreshClam (forget editing the conf files, the packages don't
even seem to work together out of the box)
******
This means that much of the developers work is wasted, because I take
the easiet way around an error, no clamav user, the hell with it,
freshclam runs as root.
*******
config file, just take out "Example" keep hacking until it stops
complaining.
*******
Sorry if this sounds like a rant, it's not, it's an appeal to make a
priority of simplifying the installation.
*******

If anything, these highlight that the user posting the message:
A) wants to remain ignorant, despite being in charge of whatever
system this is he's administrating
B) is asking for others (packagers, clamav devs...) to fix his
unwillingness to read a config file.

If you want to know where it sounds like he's asking someone to do it
for him, the last quoted line is making an appeal to make a braindead
install routine a priority. That sounds like it's asking someone to
do something to me.

Is what he's asking for out of line? Not necessarily. But if I were
one of the devs doing an install package, I would not be overly
motivated to help someone who is SOOO not willing to work with me on
it that his idea of making it work is to run the software as root and
just delete the word "example" from the conf file instead of reading
what the line says and comprehending what he's doing.

He COULD have mailed in saying, "I'm running distro XYZ and am
looking for opinions on what the simplest installation package is,
and where I can download it with as much preconfiguration as
possible..."

Instead, he sends a message proclaiming that he wants to remain
ignorant of what is going on despite being a sysadmin because things
like the conf file are just too hard to comprehend. He works with
other sourceforge projects, so how can it be so hard for him to
understand a conf file? Worse, he just runs it as root, and then
people talk about not knowing about configurations having security
holes in it? Um...

What kind of sysadmin proclaims it's too hard to read a conf file and
wants everything as braindead simple as possible so he doesn't have
to think? It's nice not to have to get headaches configuring things,
but it kind of goes with the territory!

If he's not a sysadmin, why is he running a mailserver on the
Internet in the first place? How much spam and crap mail comes from
misconfigured mail servers because their admins were too lazy or
incompetent to configure it properly?
Post by Jim Maul
To me it seems like everyone missed the point and made their own
assumptions as to what he *really* meant. Maybe the title was
worded poorly, or his post looked too similar to others that people
have seen in the past and it triggered an immediate negative
response from them, or maybe its just that some people on this list
havent gotten any lately and are grumpy - who knows. But to berate
someone like this over a post they made which i believe was
interpreted incorrectly to begin with is completely wrong. I mean
cmon, the subject clearly states its directed at packagers. Give
the guy a flippin break.
And it was posted to the users list, and sorry, but one of the neat
things of the list is that you can only be judged on your words, and
as a fellow system administrator it isn't exactly very wise to
proclaim yourself ignorant and wishing to remain ignorant and that
you take pride in just being ignorant because it's too hard to read a
conf file that so many others have found to be more than adequate at
describing features and what they do. He does the absolute minimum
to make it work and considers it a hassle that he can't just click on
the Staples Easy button to make the server magically work?

Give the list a flippin' break. There are just some things that you
should know better than to do.
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
Bowie Bailey
2006-11-08 17:48:24 UTC
Permalink
Post by John Rudd
Post by Dennis Peterson
Post by Bowie Bailey
wget (link to current clamav-XXX.tar.gz)
tar xzf clamav-XXX.tar.gz
cd clamav-XXX
configure --disable-zlib-vcheck
make
su
make install
service clamav restart
service freshclam restart
You would be wise to uninstall the previous installation so that
you don't end up with split versions. The man pages have not always
been consistent nor have library names, and uninstall (make
uninstall) helps prevent this.
It would be nice, though, if there was a "clamav-current.tar.gz" to
download, so that such automated processes could be done more ...
automated.
I don't know that I would want to automate a build script that much.
I generally want to be available whenever I install software (source
or RPM) just in case something breaks.

I've never even bothered to automate the process. ClamAV doesn't
update THAT frequently and when it does, the download and build
process is very fast even when done manually.

Of course, if I had to install it on more than a couple of machines, I
might want a script that I could feed the current filename, but I
haven't gotten there yet.
--
Bowie
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
Loading...