> > Forcefully unsubscribing people is not a fair way to silence them.
> Not
> > even
> > explaining why is even worse.
> >
> > Maybe somebody of you will reply "Welcome to world!", but this
> doesn't
> > make
> > you any better at all.
>
>
> Could it be that there where bouncing emails because o
Forcefully unsubscribing people is not a fair way to silence them. Not even
explaining why is even worse.
Maybe somebody of you will reply "Welcome to world!", but this doesn't make
you any better at all.
Giampaolo
___
Help us build a comprehensive Cla
> Quoting Giampaolo Tomassoni :
>
> > In 6 months there were many clamav updates. I would have put the
>
> Signature updates, yes, but not code updates. To make any changes,
> you need code updates, not signature updates.
Of course I meant code updates. How can you change
> Giampaolo Tomassoni wrote:
> >> In response to your example, that was a DOS attack and is illegal.
> >> Microsoft updates have causes systems including servers to fail and
> >> crash, should you be petitioning to have Microsoft prosecuted under
> >
> Giampaolo, you're one of us. You may have a dissenting opinion, but
> otherwise you're level headed and logical and seem to have some passion
> for your job. So, you're cool in my book.
Thank you, Cody, for your good words: I needed some... :)
Giampaolo
> In response to your example, that was a DOS attack and is illegal.
> Microsoft updates have causes systems including servers to fail and
> crash, should you be petitioning to have Microsoft prosecuted under
> this law?
It happens.
Anyway, the fact is that you keep comparing two different thing.
> On Fri, Apr 16, 2010 at 01:15:45PM +0200, Giampaolo Tomassoni said:
> ... omissis ...
> On Sat, Apr 17, 2010 at 03:56:38PM +0200, Giampaolo Tomassoni said:
Fine. You filed your request. Now the maillist admins will decide if I was
runting, there. And will take action if ne
> Can the listmoms please throttle or remove this guy? This is roughly
> 50
> messages containing the same rant over the last several days. There is
> no argument that needs to be spread over that much email and waste that
> much of everyone's time.
Would you please show me the 50 messages you s
> Obviously neither side of the discussion can be convinced. It would
> possibly be a good idea to through in some more general thoughts about
> GPL'ed software.
> If I understood RMS' basic intention right he is all for the freedom of
> the _user_. This basically means no software vendor or suppli
> Hello Giampaolo Tomassoni,
Hello Michelle,
> It depends on what youmean with "five small companies".
>
> Here I have a bunch of such small companies with 3-5 employees...
> where
> I maintain the Intranet-Server. And since they are All-In-One-
> Systems, o
> >> Why is it ridiculous? You could have configured you server to send
> >> the
> >> mail in case of ClamAV failure and yet you did not? Why?
> >
> > Know what? I didn't even need to.
> >
> > And you are still missing the point. Hope you don't do the same with
> > your
> > life.
> >
> > Giampaolo
> But you have not been forced to go to bleeding edge. 0.95 is outdated
> but still receives the updates OK. In all development there comes a
> time when you have to break with compatibility in order to achieve the
> results you desire. The ClamAV team felt that this was the time.
Incompatibility
> None, and what you be doing next month when the new signatures came
> out and those same unpatched systems 'failed'?
According to the way I see it had to be, those unpatched systems would
simply don't get any update.
___
Help us build a comprehensive
> >>> What if your PS3 stops working because the maker thinks it is a
> too-old model to still go?
> >>
> >> A fine question. Let's suppose a certain old PS3 model has a
> serious
> >> manufacturing defect, such that it can overheat and catch fire.
> >
> > Which is not our case...
>
> You suggest
> >
> > Wasn't it better to simply let these system go the way they were used
> to?
> >
> > What's the difference from the clamav standpoint?
>
> The ClamAV developers want to continue on with things they way they are
> used to. They don't want to overhaul their update system just so they
> can c
> > I see you're quite far from it at the moment, since you are trying to
> > drive people to think that complains are only from bad sysadms. I
> > can't of course speak for others, but I'm complaining because of the
> > bad light in which the ClamAV team put open-software with the 0.96
> > case.
>
> > An open-source project is not supposed to change rules at will. The
> license
> > itself of open source software is often oriented toward this view,
> such
> > that
> > it guarantees people to keep using software they already got, even
> when the
> > project becomes a completely commercial one.
> > An open-source project is not supposed to change rules at will. The
> > license
> > itself of open source software is often oriented toward this view,
> > such that
> > it guarantees people to keep using software they already got, even
> > when the
> > project becomes a completely commercial on
> Just one remark: Anyone Ran Linux on their PlayStation lately?
>
> http://en.wikipedia.org/wiki/PlayStation_3#Removal_of_.22Other_OS.22_su
> pport_with_firmware_v3.21
Aaah, see? This is how things go with commercial products. This to the
various iPad/iPhone etc. It is the same or even worse.
P
> On Apr 16, 2010, at 1:42 PM, Giampaolo Tomassoni wrote:
> >> The owner of the box. They may not be qualified to manage the
> machine,
> >> but computers don't plug themselves into the network-- every machine
> >> belongs to someone who pays for electric
> > I'm know a bit uncomfortable with the idea that the ClamAV team can
> so
> > easily "unplug the wire". When there are other ways to do the same
> with few
> > more effort, if at all, too.
>
> So am I. And I'm a little uncomfortable that I didn't suggest other
> ways to accomplish this when th
> > This is not a matter of missing upgrades. This is a matter of
> proactively
> > breaking running systems.
>
> Exactly. They proactively broke the scanner so people would know why
> it
> broke, rather than letting it die with nothing more than an obscure
> malformatted hexstring error.
Wasn't
> And you are free to do so, just as the developers are free to release
> signatures that do not work with older versions. That is ALL that
> happened. In doing so, clamd fails to be able to properly read the
> database and fails.
Things are a bit more complex, because I see the problem of long si
> It isn't the software per se that is the problem, it is the virus
> database subscription... If you want to maintain your own virus
> database, you can run as old a version of clamav software as you want.
>
> Asking clamav to support definitions for old versions is like asking
> other vendors t
> Obviously, you are choosing to be dense. The bottom line is that the
> particulars regarding this event were published. Whether or not you
> availed yourself of that notification is immaterial. There was not
> anything nefarious in the ClamAV team's actions. You have obviously
> bought into the s
> >>> NOBODY, BUT NOBODY, HAS THE RIGHT TO SHUT DOWN SOMEONE ELSES
> >> SERVERS!!!
> >>
> >> They did not in any way shut down your server. No shutdown or
> reboot
> >> command was issued. They didn't turn off your power. Your server
> is
> >> up and running just fine, or if not, it isn't clamav
> > The ClamAV team have commanded old versions of its product to stop
> working.
> > Not even Microsoft do this.
>
> I can't tell you how many support calls I've received over the years
> with people saying "my Internet stopped working" and it was due to
> their
> Norton or McAfee license expirin
> > The ClamAV team have commanded old versions of its product to stop
> working.
>
> I would not describe what they did that way.
>
> Older versions of clamd were going to crash on signatures that newer
> versions would accept, and the devs have been prevented for at least 6
> months from using
> Pointing out that they are wrong, why they are wrong, and how they
> should
> do things instead _IS_ helping them. That is the way people work, that
> is the way people learn, that is how wrong situations get corrected.
The only "wrong situation" I see is the fact that bunch of people, urged by
> >>
> >> Check the mailing list archives...
> >
> > Let me see: I subscribed to this list in Nov 2009. I need more time
> > to fetch
> > it.
> >
> >
> > Giampaolo
> >
> >
>
> Then how could you possibly have missed the announcement that clamd
> installations will be disabled?
Probably I didn't e
> > Err, it does have something to do with it. You made the assertion
> > that no-one would spend money replacing a system rather than upgrade
> > it. Two of us now have pointed out that real world PHB do exactly
> > that sort of thing - and this issue with clamav getting the kill
> > switch can be
> >I guess around 25-50% of the malware is old, well-known one. So it is
> not
> >that silly to have an outdated AV running to lower the received one.
> >
> >But anyway, we are speaking of stuff which worked. It wasn't perfect,
> but it
> >worked. And in this days the ClamAV staff decided to break
> > OK, who's the mental midget that decided to just up and kill all
> > installations of clamav ??? I am flooded today with calls that email
> > servers are not working! Every d*(n one of them is the same
> > thing. ClamAV just died. Stupid I have never heard of a
> > program that jus
> >> The sysadmins could have done this by turning off freshclam..
> and
> >> saved themselves from having to deal with the upgrade.
> >
> > Who is the sysadmin of an unmanaged box?
>
> The owner of the box. They may not be qualified to manage the machine,
> but computers don't plug thems
> >> Then that is their choice and when it fails, they can bitch to the
> >> developers of that system and switch to another vendor ...
> >
> > Apart the fact that open software is not yet-another-vendor. It is a
> > culture.
> >
>
> No, ClamAV is a VENDOR that happens to be part of the open s
> > NOBODY, BUT NOBODY, HAS THE RIGHT TO SHUT DOWN SOMEONE ELSES
> SERVERS!!!
>
> They did not in any way shut down your server. No shutdown or reboot
> command was issued. They didn't turn off your power. Your server is
> up and running just fine, or if not, it isn't clamav's fault.
>
> They
> > If nobody had to turn off freshclam, why clamscan had to stop
> working?
>
> Have you actually been reading and comprehending what has been stated
> in this thread?
Yes, I did. Did you? If you know, just tell me why.
> > In this thread I'm seeing a lot of people blaming the sysadmin. Is it
> > If nobody had to turn off freshclam, why clamscan had to stop
> working?
> >
> > In this thread I'm seeing a lot of people blaming the sysadmin. Is it
> > crowded by sysadmins who like to show they are much more competent
> > than
> > their colleagues?
>
> Why, because all the whiners on the l
> Quoting Giampaolo Tomassoni :
>
> >> The sysadmins could have done this by turning off freshclam..
> and
> >> saved themselves from having to deal with the upgrade.
> >
> > Who is the sysadmin of an unmanaged box?
>
> There should be
> > The fact that old clamscans stop working because of a remote "kill"
> > update,
> > is grave as it would be for Microsoft to stop 2000 from working with
> > an
> > update. Yes, 2000 is a dangerous thing nowadays. But nevertheless
> > who are
> > you to shut my computer?
>
> I guess you have ne
> And if the server owners / sysadmins feel that sending mail is more
> IMPORTANT than sending clean mail, they do not not need to install any
> AV software and their mail system will happily send out all it's
> mail
I guess around 25-50% of the malware is old, well-known one. So it is not
tha
> > Unfortunately, the net result will be that the management of the
> small
> > companies running their crappy and old mailing systems will have to
> > hardly
> > face the fact their mailing box doesn't work anymore because a free
> > component in it unreasonably stopped working. This will decreas
> > Was this the purpose?
> >
> > Giampaolo
> >
>
> Then that is their choice and when it fails, they can bitch to the
> developers of that system and switch to another vendor ...
Apart the fact that open software is not yet-another-vendor. It is a
culture.
The way the clamav team managed th
> The sysadmins could have done this by turning off freshclam.. and
> saved themselves from having to deal with the upgrade.
Who is the sysadmin of an unmanaged box?
If nobody had to turn off freshclam, why clamscan had to stop working?
In this thread I'm seeing a lot of people blaming t
> > It is not something to do know, but instead something that could have
> been
> > done introducing 0.96...
>
> Giampaolo: There are lots of things that COULD be done, but it is not
> the
> philosophy of the ClamAV project.
>
> As I said, the devs have made it clear in the past that they feel
> > Obviously this is not a retroactive solution, but now that they know
> > this may be necessary, something can be changed so that it can be
> dealt
> > with more smoothly in the future.
>
> It already has been. 0.95 recognizes signatures which can tell
> freshclam to not update anymore. So if
> > Unfortunately, the net result will be that the management of the
> small
> > companies running their crappy and old mailing systems will have to
> > hardly face the fact their mailing box doesn't work anymore because a
> > free component in it unreasonably stopped working. This will decrease
>
> Quoting Giampaolo Tomassoni :
>
> > What if this DNS name stops responding (and be propagated to mirrors)
> and
> > instead a new current1.cvd.clamav.net (or maybe
> current.cvd1.clamav.net if
> > you dislike the first) start working? Clamav's 0.96 could iss
> The philosophy of the ClamAV team has always been, when in doubt clamd
> will not run. There are many people, myself included, who disagree with
> this. We have made our objections known, and this is not how the devs
> choose to run their project.
>
> It is their right. I choose to run ClamAV an
> > this is the first time, in SEVERAL years that i work with IT,
> > that i've seen a software publisher pushing a 'kill' signature to its
> > own software.
>
> Could you please qualify that statement. Do you mean that this is the
> first instance of this kind you have experienced in several
> >> If I run a ssh service on my machine, and yes I do, I keep track of
> the
> >> ssh announce list.
> >> Why because I hate it to find my root password changed because there
> >> was a security update I didn't updated 6 months ago because an apt-
> get
> >> update/upgrade didn't work anymore.
>
> Not a bad idea. It could be generalized to something like:
>
>0.95.3.cvd.clamav.net
>0.96.cvd.clamav.net
>
> Each version would have it's own DNS name for updates. All of them
> would point to the same group of servers. (Maybe just make them cnames
> for current.cvd...) Then
> If I run a ssh service on my machine, and yes I do, I keep track of the
> ssh announce list.
> Why because I hate it to find my root password changed because there
> was a security update I didn't updated 6 months ago because an apt-get
> update/upgrade didn't work anymore.
So you're subscribed
> If you don't have the time, knowledge, or whatever. Don't be a
> sysadmin.
>
> Being a sysadmin for a PRODUCTION server is a real job.
> I hire someone to fix my car and repair my roof.
It is decades now I'm a sysadmin, but I don't agree with your statement.
I keep repairing my car by myself (
> >> I don't know of any way to stop freshclam from updating.
> >> Some mirrors can blacklist old versions, but not most/all.
> >
> > Using a new DNS tree, such that old freshclam versions were unable to
> > perform the job?
>
> The DNS servers don't receive any information about the version of
>
> > Wasn't it better to instead have freshclam to stop updating the
> database?
>
> I don't know of any way to stop freshclam from updating.
> Some mirrors can blacklist old versions, but not most/all.
Using a new DNS tree, such that old freshclam versions were unable to
perform the job?
Giampao
> It was explicitly stated that clamd will be disabled.
In which language?
Giampaolo
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
> > > Hi,
> > >
> > > Just for interest.. feedback on EOL...
> > >
> > > http://search.twitter.com/search?q=clamav
> >
> > Indeed, an EOL on the previous minor version is quite an hazard and
> may be
> > regarded as a self-destructive behavior: it could easily became an
> > End-Of-(product-)Line, m
> Hi,
>
> Just for interest.. feedback on EOL...
>
> http://search.twitter.com/search?q=clamav
Indeed, an EOL on the previous minor version is quite an hazard and may be
regarded as a self-destructive behavior: it could easily became an
End-Of-(product-)Line, meaning that people will switch to s
> Ok, sorry for language.
> For security reason I can't open the firewall port to download the
> latest
> virus db upgrade directly from the clamAV web site. I need to access to
> the
> site from my work station, download the update locally and finally put
> it on
> the HPUX server.
>
> Do you thi
> Another disclaimer?! What a complete waste of time and energy...
>
> > Ce message est prot?g? par les r?gles relatives au secret des
> > correspondances. Il est donc ?tabli ? destination exclusive de son
> > destinataire. Celui-ci peut donc contenir des informations
> > confidentielles. La divu
nd clear.
Matt, thank you very much: this wipes my doubts about submission policies
and the like.
Giampaolo
>
> On Mon, Sep 14, 2009 at 12:51 PM, Giampaolo Tomassoni <
> giampa...@tomassoni.biz> wrote:
>
> > Hi,
> >
> > I occasionally submit virus samples
Hi,
I occasionally submit virus samples to ClamAV through the official
submission page.
Before submission I also check these viruses with VirusTotal, where at least
a bunch of AV products do often detect my samples as malware.
If this happens, I also add a link to the VirusTotal's analysis page
63 matches
Mail list logo
