From owner-freebsd-ports@FreeBSD.ORG Wed Mar 22 09:10:40 2006 Return-Path: X-Original-To: freebsd-ports@freebsd.org Delivered-To: freebsd-ports@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4291916A42C for ; Wed, 22 Mar 2006 09:10:40 +0000 (UTC) (envelope-from apircalabu@bitdefender.com) Received: from mail.bitdefender.com (ns.bitdefender.com [217.156.83.1]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7399243D5D for ; Wed, 22 Mar 2006 09:10:37 +0000 (GMT) (envelope-from apircalabu@bitdefender.com) Received: (qmail 20408 invoked by uid 1010); 22 Mar 2006 11:10:33 +0200 Received: from apircalabu.dsd.ro (10.10.15.22) by mail.bitdefender.com with AES256-SHA encrypted SMTP; 22 Mar 2006 11:10:33 +0200 Date: Wed, 22 Mar 2006 11:08:19 +0200 From: Adi Pircalabu To: Ion-Mihai Tetcu Message-ID: <20060322110819.63f7e511@apircalabu.dsd.ro> In-Reply-To: <20060322103146.3c1f6997@it.buh.tecnik93.com> References: <20060321233021.59hsmdorkgckc0so@webmail.1command.com> <20060322103146.3c1f6997@it.buh.tecnik93.com> Organization: BitDefender X-Mailer: Sylpheed-Claws 2.0.0 (GTK+ 2.8.16; i386-portbld-freebsd6.1) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-BitDefender-SpamStamp: 1.1.4 049000040111AAAAAAEAAAAAAAAAAAAAAAAAAAAAB X-BitDefender-Scanner: Clean, Agent: BitDefender Qmail 1.6.2 on mail.bitdefender.com X-BitDefender-Spam: No (0) Cc: Chris , "\[FBSDP\]" Subject: Re: bdc BitDefender Console - problems, problems X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Mar 2006 09:10:40 -0000 On Wed, 22 Mar 2006 10:31:46 +0200 Ion-Mihai Tetcu wrote: > > [ cc'ing port maintainer, which is always a good idea ] Definetely a good idea, thanks Ionut :) > > > On Tue, 21 Mar 2006 23:30:21 -0800 > Chris wrote: > > > Hello, > > I built & installed bdc-7.0.1_1 from the ports on a 5.4 system. Good, thanks for using it :) > > > I have a couple of problems: > > After the build/ install I logged out/ logged in and performed > > bdc --update. As instructed by the banner displayed upon successful > > installation. After updating bdc. I performed bdc --info which > > returned: > > > > Error: core initialization failed: Libfn initialization failed > > > > Googling for this error returned a solution that someone on the > > freebsd-questions list provided back in June of 2005. Further > > indicationg that "work was underway to release a libfn.so file, > > which will be available in a future update." This was almost a year > > ago. I hate to sound like I'm whining, or ungreatful (which I'm > > not). But isn't this a long time to wait for something that is > > related to system security? Anyway, the cure is to build/ install > > misc/comapt4x. Which I did. It is a long time, indeed, and I shall commit a fix for this, but it is not critical at all. The product works using misc/compat4x > > Interesting. Adi, maybe the port should depend on compat4x until the > problem is fixed ? Might be an idea, but I'll go for the right path and commit the real fix. > > One last problem; about bdc itself. I ran it against all the > > mailboxes after making it happy about the libfn problem. I used the > > following: > > > > bdc --arc --files --log --debug --mail --disinfect --move /var/mail > > > > which returned: > > > > BDC/FreeBSD 5.x-Console (v7.0-2545) (i386) (Dec 22 2004 19:56:57) > > Copyright (C) 1996-2004 SOFTWIN SRL. All rights reserved. > > > > /var/mail/infos=>(message 37)=>[S ... (CET)]=>(MIME > > part)=>q361598.exe infected: Win32.Swen.A@mm <- cevakrnl.xmd > > /var/mail/infos=>(message 37)=>[Subject: ... 6 +0100 (CET)]=>(MIME > > part)=>q361598.exe move failed <- cevakrnl.xmd > > > > It doesn't appear that all that work to get bdc installed and > > working was worth the time and trouble after all. Isn't it capable > > of disinfection yet? bdc can not disinfect or move infected objects from mbox files (not eml files kept in maildir format). The real "issue" is not the disinfection / deletion or the virus, but the repacking of mbox. At this time bdc does not support this feature. The action of rebuilding a mbox after modifying it is extremely tricky. I've seen lots of mailboxes corrupted by a faulty repack, that I'm really glad BitDefender does not have this feature :) > > My policy has always been that infected mail should be deleted :) Mine too, but people usually try to use as many features as possible > > > It *does* know what it is; as indicated with the following: > > > > bdc --arc --files --log --debug --mail --disinfect /var/mail > > BDC/FreeBSD 5.x-Console (v7.0-2545) (i386) (Dec 22 2004 19:56:57) > > Copyright (C) 1996-2004 SOFTWIN SRL. All rights reserved. > > > > /var/mail/infos=>(message 37)=>[S ... (CET)]=>(MIME > > part)=>q361598.exe infected: Win32.Swen.A@mm <- cevakrnl.xmd > > /var/mail/infos=>(message 37)=>[Subject: M ... :16 +0100 > > (CET)]=>(MIME part)=>q361598.exe deleted <- cevakrnl.xmd > > /var/mail/infos=>(message 37)=>[Subject: Mic ... Feb 2006 21:29:16 > > +0100 (CET)]=>(MIME part) updated <- mime.xmd > > /var/mail/infos=>(message 37) updated <- mbox.xmd > > /var/mail/infos update failed This is exactly what I wrote above. It can take actions upon an infected object, but does NOT update the mbox file itself. On the other hand, what are the real benefits of disinfecting a mailbox? The virus in this case is MIME-encapsulated. You can get infected only if you import that mailbox and execute the infected file. And, if this happens one way or another, the user really knows what he's doing, or is dumb enough to use a computer at all :) > > > > So it *knows* what it is. But doesn't appear to be a mature enough > > ant-virus application to actually disinfect or protect a system yet. > > Is that true? No, it's not true. But I work for BitDefender and my opinions can be easily seen as biased. You can check for yourself the various comparions charts regarding features, detection rates, updates of virus detection routines and signatures, and the such. > > Might be true for disinfection for some viruses, but not for all. As > to protection, I believe it does it job adequately: it detects the > viruses and the signatures are updated very quick. > > -- Adi Pircalabu (PGP Key ID 0x04329F5E) -- This message was scanned for spam and viruses by BitDefender. For more information please visit http://www.bitdefender.com/