> I've already mentioned this jokingly, but I was half serious: I think
> setting up a bittorrent would solve a lot of the bandwidth problems.
>
Been playing with that a bit recently - the more I think about it, the more
I like it... saw a website that has built a custom tracker to manage
leeches,
> The mirror page talkes about the need for mirrors, about
> exponential growth,
> and how at least a 10mbit pipe is needed to host a mirror. It puts March
> 2004 traffic at about 120gig/month
>
I think I read it differently... I thought it was 120GB / month per mirror
(at that point in time there
In a perfect world, wouldn't this be the ultimate application for say,
multicast? Just keep casting the database over and over, when it
changes, you instantly have it! ;-)
--
Robert Blayzor, BOFH
INOC, LLC
[EMAIL PROTECTED]
PGP: http://www.inoc.net/~dev/
Key fingerprint = 1E02 DABE F989 BC03 3D
OK, here's my pitch
I like the DNS idea as a way to push out just the version number of the
update. This "pattern serial number" would be the current version of the
CVD file.
A record like this in tinydns:
'dbversion.clamav.net:447:600
would create a DNS TXT record for "dbversion.clamav.net" wi
Am Mittwoch, 11. August 2004 01:58 schrieb Tomasz Kojm:
Hi,
> > Is there any "serial number" feature?
>
> Yes, there is.
And I can assume that freshclam looks at the serial number and never does a
downgrade?!
Yours,
-- martin
Dipl.-Phys. Martin Konold
e r f r a k o n
Erlewein, Frank, Konold
Where can I download samples of the new virus and test my ClamAV?
TIA,
Zoong
___
THIS EMAIL IS CONFIDENTIAL. If you have received this email in error please forward
it to [EMAIL PROTECTED] It may contain personal
On Wed, 11 Aug 2004 03:36:50 +0200
Martin Konold <[EMAIL PROTECTED]> wrote:
> Am Mittwoch, 11. August 2004 01:18 schrieb Tomasz Kojm:
>
> Hi,
>
> > > I am wondering how authenticity and integrity of clamav updates is
> > > handled.
> >
> > All *.cvd databases are digitally signed (signatures use
Jeremy Kitchen wrote:
On Tuesday 10 August 2004 02:41 pm, Damian Menscher wrote:
[snip: using a program delivery to process update mailing list mails]
With sendmail, you could add to /etc/aliases something like:
clamav-updates | sigtool --add
that's the ticket.
And a cool little DOS tool. Nothin
Jeremy Kitchen wrote:
or scrap the whole idea all together :)
Maybe the best thing written on the subject today! ;-) j/k
But really, what's the problem? Shouldn't "big time folks" complain to
the commercial companies to whom they pay for service and still they got
updates later than Clam? Instead
Am Mittwoch, 11. August 2004 01:18 schrieb Tomasz Kojm:
Hi,
> > I am wondering how authenticity and integrity of clamav updates is
> > handled.
>
> All *.cvd databases are digitally signed (signatures use 1024 bit RSA
> key with MD5 hash).
How does this protect from "replaying" old patterns?
Is
On Tue, 10 Aug 2004 20:08:27 +0200
Martin Konold <[EMAIL PROTECTED]> wrote:
>
> Hi,
>
> I am wondering how authenticity and integrity of clamav updates is
> handled.
All *.cvd databases are digitally signed (signatures use 1024 bit RSA
key with MD5 hash).
--
oo. Tomasz Kojm
On Tuesday 10 August 2004 02:41 pm, Damian Menscher wrote:
[snip: using a program delivery to process update mailing list mails]
> With sendmail, you could add to /etc/aliases something like:
> clamav-updates| sigtool --add
that's the ticket.
> Anyone know if it's really feasible for us t
On Tue, Aug 10, 2004 at 10:39:19PM +0200, Peter J. Holzer wrote:
> On 2004-08-10 14:41:28 -0500, Damian Menscher wrote:
[... about sending clamav updates quickly to all subscribers]
> > Anyone know if it's really feasible for us to obtain a mailserver that
> > can send out 2k emails to all (100,000
On Tue, 2004-08-10 at 12:40, Christopher X. Candreva wrote:
> If people can't check for database updates more often than once an hour,
> then there is a pressing need.
[...]
> If only 1.3% of every update is actually needed, and people only downloaded
> what they needed, the traffic on the mirro
Christopher X. Candreva wrote:
This thread on Trojan.JS.RunMe had me thinking: Hourly virus updates is
better than any of the commercial virus scanners, but obviously still has
issues, especially since a bunch of us obviously submitted updates that had
already been entered. I gather from thes
On 2004-08-10 14:41:28 -0500, Damian Menscher wrote:
> On Tue, 10 Aug 2004, Jeremy Kitchen wrote:
> > On Tuesday 10 August 2004 12:23 pm, Damian Menscher wrote:
> > > Ok, this is turning into a scary beast. But we already have several
> > > mailing lists (clamav-users, for example) which can obvio
On Tue, 10 Aug 2004, Damian Menscher wrote:
> Anyone know if it's really feasible for us to obtain a mailserver that
> can send out 2k emails to all (100,000?) users in a short (5-10 mins)
> time?
I haven't been following the whole discussion, but I thought this was
mostly to provide support to "p
On Tue, Aug 10, 2004 at 01:47:52PM -0400, Brett Simpson said:
> On Mon, 2004-08-09 at 22:21, Stephen Gran wrote:
> > Don't loop - make a more complicated data structure, like a multi level
> > hash (ugly pseudo-code to follow):
>
> Ok.
>
> > Just read the file once, fill in the bits as you go, an
On Tue, 10 Aug 2004, Jeremy Kitchen wrote:
> On Tuesday 10 August 2004 12:23 pm, Damian Menscher wrote:
> > Ok, this is turning into a scary beast. But we already have several
> > mailing lists (clamav-users, for example) which can obviously handle a
> > bit of a load. Might be interesting to con
Jason Haar wrote:
On Mon, Aug 09, 2004 at 04:44:23PM -0500, Steven Stern wrote:
As usual, ClamAV's name came out too soon The standard naming seems to
Yes - well done. ClamAV had updates for this virus hours before they started
hitting our site. I also want to point out that the two commercial
On Tuesday 10 August 2004 04:57 am, Jeremy Kitchen wrote:
> Tomasz, et al.: Please expect to see an email from me by the end of the
> work day tomorrow (or rather, today, but I haven't slept yet)
sigh, and after saying that I now have tons of work to do so I won't be able
to get this email to yo
On Tuesday 10 August 2004 12:23 pm, Damian Menscher wrote:
> Ok, this is turning into a scary beast. But we already have several
> mailing lists (clamav-users, for example) which can obviously handle a
> bit of a load. Might be interesting to concoct a specially-formatted
> message that the milte
On Mon, 2004-08-09 at 22:21, Stephen Gran wrote:
> Don't loop - make a more complicated data structure, like a multi level
> hash (ugly pseudo-code to follow):
Ok.
> Just read the file once, fill in the bits as you go, and process the
> whole thing at the end.
I wrote this and it's much much fas
On Tue, 10 Aug 2004, Lionel Bouton wrote:
> > Another possibility might be to patch the .cvd file(s)
> >
>
> That was one proposition I made last year. But in practice it seems there
> isn't really a pressing need now.
If people can't check for database updates more often than once an hour,
On Tue, 10 Aug 2004, Bart Silverstrim wrote:
>
> Maybe like a modified GPG-signed listserv system only on it's own "clam
> update daemon" port...take a little more configuration since the people
> installing clam would have to subscribe and install a GPG key or
> something like that in the process,
On Aug 10, 2004, at 5:57 AM, Jeremy Kitchen wrote:
Mitch (WebCob) wrote:
Just a few ideas...
hey, brainstorming is good, it's just the ideas aren't always ;)
Another stupid idea...how about a mechanism where clam can have updates
"pushed" to it, so servers controlled by the clam team can distribut
Hi,
I am wondering how authenticity and integrity of clamav updates is handled.
Any pointer to some documentation available?
Yours,
-- martin
Dipl.-Phys. Martin Konold
e r f r a k o n
Erlewein, Frank, Konold & Partner - Beratende Ingenieure und Physiker
Nobelstrasse 15, 70569 Stuttgart, Germa
> right, but as discussed below, generally bind servers don't have
> 100k people
> waiting for notifications and updates.
>
Nope, true... but like I suggested, the notification tree doesn't have to be
flat...
One server notifying 10 servers is time consuming and sure - costs a lot
of bandwidt
On Tue, 10 Aug 2004 07:59:42 -0700
exo dia <[EMAIL PROTECTED]> wrote:
> So it appears that there is a fairly significant file handle leak in
> this ClamAV version I am using. Has this been fixed following 7/31?
Yes, the problem has been fixed.
--
oo. Tomasz Kojm <[EMAIL PRO
Erich Titl wrote the following on 08/10/2004 05:12 PM :
At 16:03 10.08.2004, you wrote:
...
I've also thought about rsync -- if putting the cvd files on an rsync
server
would lighten the load at all.
Oh it would, rsync is quite effective.
Not much with compressed files like *.cvd.
Another possib
Erich Titl wanted us to know:
>>I've also thought about rsync -- if putting the cvd files on an rsync
>>server would lighten the load at all.
>Oh it would, rsync is quite effective. Another possibility might be to
>patch the .cvd file(s)
Agree with rsync, depends how much changes in the file
At 16:03 10.08.2004, you wrote:
...
I've also thought about rsync -- if putting the cvd files on an rsync server
would lighten the load at all.
Oh it would, rsync is quite effective. Another possibility might be to
patch the .cvd file(s)
0.02
Erich
THINK
Püntenstrasse 39
8143 Stallikon
mailto
I've been using ClamAV for some time and am so happy you are providing
this solution, especially with the latest Bagel variant that is going
around.
I am using the development version from CVS on 7/31/04, and have been
sticking with it because it seems to have solved all of the memory
leak problem
On Tue, 10 Aug 2004, Fajar A. Nugraha wrote:
> The only snag, is that TXT record is limited to a number of bytes ( I tried
> putting 4096 bytes on it, it didn't work).
> Now, the question is, can the daily (or hourly) updates fit in a single TXT
> record?
I don't know that putting ALL of the reco
On Tue, 10 Aug 2004 at 14:30:32 +0200, Niek wrote:
> Tomasz Papszun said the following on 8/10/2004 1:45 PM GMT+2:
> >On Tue, 10 Aug 2004 at 13:39:57 +0300, Arthur Kerpician wrote:
> >
> >>Clamdscan is called by qmail-scanner-1.23 and don't remember
> >>setting any -r option anywhere.
> >
> >I don
On Tuesday 10 Aug 2004 13:00, Doug Monroe wrote:
> Turns out its the same msg doing it repeatedly - I assume because it
> never got delivered and is being retried. And, though it may seem that
> way to the casual observer, it is not "spam" since it's directly related
> to the recipient org, not
Tomasz Papszun said the following on 8/10/2004 1:45 PM GMT+2:
On Tue, 10 Aug 2004 at 13:39:57 +0300, Arthur Kerpician wrote:
Tomasz Papszun wrote:
Because these warnings from clamdscan have been introduced just
recently (they are needed to help avoid repeated complaints like
"I use 'clamdscan --mbo
Jason Haar wrote:
On Mon, Aug 09, 2004 at 11:19:11PM -0400, Doug Monroe wrote:
I notice clamscan options within QS have changed from:
my $clamscan_options="-r --disable-summary --max-recursion=10
--max-space=10";
to:
my $clamscan_options="-r -m --unzip --unrar --unzoo --lha
--disable-summary
On Tue, 10 Aug 2004 at 13:39:57 +0300, Arthur Kerpician wrote:
> Tomasz Papszun wrote:
> >
> >Which options you start clamd with - is irrelevant here.
> >
> >It matters which options you call clamdscan with!
> >
> I was using a snapshot (clamav-20040805.tar.gz) when getting this
> warning. Now I r
Tomasz Papszun wrote:
On Tue, 10 Aug 2004 at 11:42:16 +0300, Arthur Kerpician wrote:
Hi all,
Is anybody getting this message in the mail notifications?
---clamdscan results ---
^
WARNING: Ignoring option -r: please edit clamav.conf instead.
---
Couldn't find anything related
Mitch (WebCob) wrote:
What about a deeper mirroring system? Perhaps one that supports
notification?
One of the things I like about BIND (not enough to use it, but still an
admired concept ;-) is the way zones can be distributed... notification
speeds things up if it works, polling creates a failsaf
On Tue, 10 Aug 2004 at 11:42:16 +0300, Arthur Kerpician wrote:
> Hi all,
> Is anybody getting this message in the mail notifications?
> ---clamdscan results ---
^
> WARNING: Ignoring option -r: please edit clamav.conf instead.
> ---
>
> Couldn't find anything related to thet -r switch
On Tue, 10 Aug 2004, Arthur Kerpician wrote:
; Hi all,
; Is anybody getting this message in the mail notifications?
; ---clamdscan results ---
; WARNING: Ignoring option -r: please edit clamav.conf instead.
; ---
Whatever process is using the 'clamdscan' command is passing the -r flag
to it which
> On Tue, 2004-08-10 at 09:42, Arthur Kerpician wrote:
> > Hi all,
> > Is anybody getting this message in the mail notifications?
> > ---clamdscan results ---
> > WARNING: Ignoring option -r: please edit clamav.conf instead.
> > ---
> >
> > Couldn't find anything related to thet -r switch. I start
On Tue, 2004-08-10 at 09:42, Arthur Kerpician wrote:
> Hi all,
> Is anybody getting this message in the mail notifications?
> ---clamdscan results ---
> WARNING: Ignoring option -r: please edit clamav.conf instead.
> ---
>
> Couldn't find anything related to thet -r switch. I start clamd only
> w
Hi all,
Is anybody getting this message in the mail notifications?
---clamdscan results ---
WARNING: Ignoring option -r: please edit clamav.conf instead.
---
Couldn't find anything related to thet -r switch. I start clamd only
with -c to point to the configuration file.
Thanks for any ideas.
Arthu
Doug Monroe said the following on 8/10/2004 5:19 AM GMT+2:
linux RH9 2.4.20-31.9
Qmail-Scanner 1.23
clamav 0.75.1
odd problem since upgrading to 1.23, with coincidental update to clamav
0.75
Over the past 3-4 days I've seen clamscan processes hanging around,
sucking up resources, never dying, c
On Tuesday 10 Aug 2004 06:44, Todd Lyons wrote:
> John Twyman wanted us to know:
>
> >I haven't changed my clamav.conf file at all between versions. Its contents
> >are:
> >LocalSocket /tmp/clamd
> >FixStaleSocket
> >TCPAddr x.x.x.x
>
> You can't have both a TCP and a unix file socket. Gotta co
48 matches
Mail list logo
