On 2005-01-08 03:06:56 +0300, Arkady V.Belousov wrote: > 7-???-2005 21:32 [EMAIL PROTECTED] (Peter J. Holzer) wrote to ClamAV users ML > <clamav-users@lists.clamav.net>: > > >> Infected machine _isn't_ _rare_ situation. > PJH> No, but > PJH> 1) I think real viruses which infect other programs are getting rare. > > For me, as victim of virus like CIH, is unimportant that this virus is > "rare".
Ah, first you claim that it isn't rare, now you don't care whether it is
rare.
> BTW, CIH infects almost all executables in system. I fear to
> imagine, what happens, if ClamAV will be runned on such machine (and ClamAV
> removes almost all, including itself)...
Don't run a virus scanner on an already infected system - you can't
trust it (especially not if it has been infected itself). Boot from a
known clean medium (e.g. a CD-ROM) and run it from there. If almost
every executable has been infected, wipe the machine clean, reinstall
and restore the data from backup. Scan again to make sure you haven't
restored the virus.
But if you are already infected, you haven't used ClamAV as intended:
It's job is to *prevent* infection by inspecting files *before* they are
executed, not to clean up the mess after the damage has been done.
It is a testing tool, not an antidote. If you find a mushroom in the
woods, you can use it to find out whether the mushroom is edible or
poisonous. It is not intended to heal you if you eat the poisonous
mushroom (although in some limited circumstances it may still help you).
> PJH> non-internet methods of delivering updates. If you don't have internet
> PJH> access, maybe you should ask whether someone could mail the updates to
> PJH> you.
>
> Even if updates will not distributed through maillist officialy, I may
> download them from ftp (_if_ this access will be opened).
How is FTP an improvement over HTTP? You need direct internet access for
both, and FTP isn't friendly to firewalls (and therefore often blocked).
Everybody who can use FTP can also use HTTP (unless their sysadmin was
completely out of his mind), but the reverse is not true.
(Are there still FTP-Mail gateways? I remember using them in the 1980's
- if so they probably also handle HTTP these days).
> But how to inject updates without disturbing my (isolated) machine by
> fat error-prone pigs like IIS or Apache?
That has been explained - just copy the files and restart clamd. It has
also been explained why running a local http server (it doesn't have to
be a fat error-prone pig like IIS or Apache, it can also be a lean
error-prone pig like thttpd :-)) is a better idea.
> >> JM> doing is attempting to make a program fit where it was not designed. I
> >> Hm. There was promotions, that ClamAV is comparable to other
> >> commercial
> >> _antiviruses_, and I, as free software preferer, was plan to use it as my
> >> (main) antivirus on my home machine.
> PJH> Since ClamAV is advertised as "a GPL anti-virus toolkit for UNIX"
>
> Promotions, which I hear, lost suffix "for UNIX". And, I download not
> "for UNIX" distributive.
I don't know what "promotions" about ClamAV you get. I don't get any
glossy flyers about ClamAV in my mail. I was quoting from the ClamAV
home page - which is IMNSHO the most authoritative source for
information about ClamAV.
> PJH> Like any good tool, ClamAV is used for tasks for which it wasn't
> PJH> designed. However, if you do that, you must be prepared to invest a
> PJH> little work by yourself, and can't expect everything to work out of the
> PJH> box.
>
> This is why I subscribed to this group and try to ask. But I get even
> answers with proposal to use carrier pigeons... :(
You know RFC 1149? That has even been implemented :-)
Seriously: Setting up different ways of distribution costs time and
money. Distributing updates via mail has been discussed on this list
and it was determined that the cost would be prohibitive (to be fair,
the goal was to provide faster notifications, not to send updates to
people who can't use HTTP - the latter would probably be a lot cheaper).
So you have been told:
1) Updates are distributed officially only by HTTP
2) You don't need freshclam to do the updates, but if you update
manually, you also have to restart clamd and check for errors
manually. (And I guess most people here consider having to do this
about once per day unacceptable - Unix sysadmins are lazy).
It is now your problem to put this information together. But
don't seem to want ClamAV - you want Dr.Web for free.
hp
--
_ | Peter J. Holzer | Je höher der Norden, desto weniger wird
|_|_) | Sysadmin WSR | überhaupt gesprochen, also auch kein Dialekt.
| | | [EMAIL PROTECTED] | Hallig Gröde ist fast gänzlich dialektfrei.
__/ | http://www.hjp.at/ | -- Hannes Petersen in desd
pgp0rjVI2E5qS.pgp
Description: PGP signature
_______________________________________________ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
