Hi,
At 16:05 20.12.2006 -0500, Kyle Wheeler wrote:
>On Wednesday, December 20 at 07:46 AM, quoth Mattias Wikstrom:
>> qscanq with ClamAV is a good choice. If you want to run clamd
>> supervised under daemontools you can use Bill Shupp's patch to
>> enable logging to stderr (even though it is for an older version of
>> ClamAV, it works OK with the current).
>>
>> http://www.qscanq.org/
>> http://shupp.org/toaster/#clamav
>> http://shupp.org/patches/clamav-0.88.4-stderr.patch
>
>On most modern Linux boxes, though, instead of patching it, you can
>simply tell it to log to /dev/stderr
>
>~Kyle
You are joking. If you've looked into the code, you can see, logging to
STDERR is broken.
Bill has identified this and provides a patch.
I have identified this some time ago (~ 1 year) and opened an incident on
this issue using standard ClamAV channels.
This has neither been acknowledged nor corrected (though I submitted the
patch) -- at least not for <= 0.88.6.
>From my point of view
a) ClamAV is working fine,
b) clamd + clamdscan needs some attention -- once clamd is blocked the
whole qmail-smtpd is blocked,
c) one has to take care about regular ClamAV updates; there *are*
significant changes in the virus detection sections. There is no clean
scheme in ClamAV which minor releases are due to "simple" fixes or
significant changes in the scan engine.
d) Due to that, pre-packaged ClamAV solutions (a la Debian) are too slow to
(re-)act on version changes. A prinicipally good idea turns into the opposite.
e) With ClamAV ripmime (or reformime) becomes obsolute (@Len) since it
"understands" MIME et al.
As with the whole internet malware: Watch out! No lunch for free!
regards.
--eh.
Dr. Erwin Hoffmann | FEHCom | http://www.fehcom.de/
Wiener Weg 8, 50858 Cologne | T: +49 221 484 4923 | F: ...24
|