From owner-freebsd-ports@FreeBSD.ORG Wed Mar 22 10:41:21 2006 Return-Path: X-Original-To: freebsd-ports@freebsd.org Delivered-To: freebsd-ports@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 75E9A16A422 for ; Wed, 22 Mar 2006 10:41:21 +0000 (UTC) (envelope-from bsd@1command.com) Received: from mail.1command.com (mail.1command.com [216.177.243.35]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9DCA243D46 for ; Wed, 22 Mar 2006 10:41:20 +0000 (GMT) (envelope-from bsd@1command.com) Received: from mail.1command.com (localhost.1command.com [127.0.0.1]) by mail.1command.com (8.13.3/8.13.3) with ESMTP id k2MAfB68003923; Wed, 22 Mar 2006 02:41:11 -0800 (PST) (envelope-from bsd@1command.com) Received: (from www@localhost) by mail.1command.com (8.13.3/8.13.3/Submit) id k2MAfAZG003922; Wed, 22 Mar 2006 02:41:10 -0800 (PST) (envelope-from bsd@1command.com) X-Authentication-Warning: mail.1command.com: www set sender to bsd@1command.com using -f Received: from mail.1command.com (mail.1command.com [216.177.243.35]) by webmail.1command.com (H.R. Communications Messaging System) with HTTP; Wed, 22 Mar 2006 02:41:10 -0800 Message-ID: <20060322024110.5z4jw43b4ww00cgs@webmail.1command.com> X-Priority: 3 (Normal) Date: Wed, 22 Mar 2006 02:41:10 -0800 From: Chris To: Adi Pircalabu References: <20060321233021.59hsmdorkgckc0so@webmail.1command.com> <20060322103146.3c1f6997@it.buh.tecnik93.com> <20060322110819.63f7e511@apircalabu.dsd.ro> In-Reply-To: <20060322110819.63f7e511@apircalabu.dsd.ro> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format="flowed" Content-Disposition: inline Content-Transfer-Encoding: 7bit User-Agent: H.R. Communications Internet Messaging System (HCIMS) H3 (4.0.4) / FreeBSD-5.5 Cc: Ion-Mihai Tetcu , "\[FBSDP\]" Subject: Re: bdc BitDefender Console - problems, problems X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Mar 2006 10:41:21 -0000 Quoting Adi Pircalabu : > On Wed, 22 Mar 2006 10:31:46 +0200 > Ion-Mihai Tetcu wrote: > >> >> [ cc'ing port maintainer, which is always a good idea ] > > Definetely a good idea, thanks Ionut :) Thanks for replying. :) > >> >> > On Tue, 21 Mar 2006 23:30:21 -0800 >> Chris wrote: >> >> > Hello, >> > I built & installed bdc-7.0.1_1 from the ports on a 5.4 system. > > Good, thanks for using it :) > >> >> > I have a couple of problems: >> > After the build/ install I logged out/ logged in and performed >> > bdc --update. As instructed by the banner displayed upon successful >> > installation. After updating bdc. I performed bdc --info which >> > returned: >> > >> > Error: core initialization failed: Libfn initialization failed >> > >> > Googling for this error returned a solution that someone on the >> > freebsd-questions list provided back in June of 2005. Further >> > indicationg that "work was underway to release a libfn.so file, >> > which will be available in a future update." This was almost a year >> > ago. I hate to sound like I'm whining, or ungreatful (which I'm >> > not). But isn't this a long time to wait for something that is >> > related to system security? Anyway, the cure is to build/ install >> > misc/comapt4x. Which I did. > > It is a long time, indeed, and I shall commit a fix for this, but it is > not critical at all. The product works using misc/compat4x Understood. But took a search on Google to discover it. ;) > >> >> Interesting. Adi, maybe the port should depend on compat4x until the >> problem is fixed ? > > Might be an idea, but I'll go for the right path and commit the real > fix. Excellent to hear. > >> > One last problem; about bdc itself. I ran it against all the >> > mailboxes after making it happy about the libfn problem. I used the >> > following: >> > >> > bdc --arc --files --log --debug --mail --disinfect --move /var/mail >> > >> > which returned: >> > >> > BDC/FreeBSD 5.x-Console (v7.0-2545) (i386) (Dec 22 2004 19:56:57) >> > Copyright (C) 1996-2004 SOFTWIN SRL. All rights reserved. >> > >> > /var/mail/infos=>(message 37)=>[S ... (CET)]=>(MIME >> > part)=>q361598.exe infected: Win32.Swen.A@mm <- cevakrnl.xmd >> > /var/mail/infos=>(message 37)=>[Subject: ... 6 +0100 (CET)]=>(MIME >> > part)=>q361598.exe move failed <- cevakrnl.xmd >> > >> > It doesn't appear that all that work to get bdc installed and >> > working was worth the time and trouble after all. Isn't it capable >> > of disinfection yet? > > bdc can not disinfect or move infected objects from mbox files (not > eml files kept in maildir format). The real "issue" is not the > disinfection / deletion or the virus, but the repacking of mbox. At > this time bdc does not support this feature. The action of rebuilding a > mbox after modifying it is extremely tricky. I've seen lots of > mailboxes corrupted by a faulty repack, that I'm really glad > BitDefender does not have this feature :) Good to know. Thank you for not corrupting my mailboxes. :) Is there a better application of BDC in this regard? > >> >> My policy has always been that infected mail should be deleted :) > > Mine too, but people usually try to use as many features as possible My policy also. But had understood from the doc's that the --mail switch would (could?) handle this situation. > >> >> > It *does* know what it is; as indicated with the following: >> > >> > bdc --arc --files --log --debug --mail --disinfect /var/mail >> > BDC/FreeBSD 5.x-Console (v7.0-2545) (i386) (Dec 22 2004 19:56:57) >> > Copyright (C) 1996-2004 SOFTWIN SRL. All rights reserved. >> > >> > /var/mail/infos=>(message 37)=>[S ... (CET)]=>(MIME >> > part)=>q361598.exe infected: Win32.Swen.A@mm <- cevakrnl.xmd >> > /var/mail/infos=>(message 37)=>[Subject: M ... :16 +0100 >> > (CET)]=>(MIME part)=>q361598.exe deleted <- cevakrnl.xmd >> > /var/mail/infos=>(message 37)=>[Subject: Mic ... Feb 2006 21:29:16 >> > +0100 (CET)]=>(MIME part) updated <- mime.xmd >> > /var/mail/infos=>(message 37) updated <- mbox.xmd >> > /var/mail/infos update failed > > This is exactly what I wrote above. It can take actions upon an infected > object, but does NOT update the mbox file itself. > On the other hand, what are the real benefits of disinfecting a > mailbox? The virus in this case is MIME-encapsulated. You can get > infected only if you import that mailbox and execute the infected file. > And, if this happens one way or another, the user really knows what > he's doing, or is dumb enough to use a computer at all :) Sure. I understand. But I had hoped that it could (would) be removed from the mbox. That is to say; that it would remove the message as required. I simply wasn't aware that it couldn't (safely) re-construct the mbox afterwards. > >> > >> > So it *knows* what it is. But doesn't appear to be a mature enough >> > ant-virus application to actually disinfect or protect a system yet. >> > Is that true? > > No, it's not true. But I work for BitDefender and my opinions can be > easily seen as biased. You can check for yourself the various comparions > charts regarding features, detection rates, updates of virus detection > routines and signatures, and the such. OH! I *completely* believe you. I have a *purchased* copy for (win)NT server. Which I am *very* impressed with. This is why I chose it for all the BSD boxes. As I *depend* on these boxes. As windows is a virus magnet. Antivirus protection is *not* an option. But in the case of the FreeBSD version; it didn't *appear* to be as effective. That is why I made the comment. > >> >> Might be true for disinfection for some viruses, but not for all. As >> to protection, I believe it does it job adequately: it detects the >> viruses and the signatures are updated very quick. >> >> > > -- > Adi Pircalabu (PGP Key ID 0x04329F5E) > > > -- > This message was scanned for spam and viruses by BitDefender. > For more information please visit http://www.bitdefender.com/ > > Thank you for all your time and consideration in this matter. --Chris -- Microsoft: Disc space -- the final frontier! ----------------------------------------------------------------- FreeBSD 5.4-RELEASE-p12 (SMP - 900x2) Tue Mar 7 19:37:23 PST 2006 /////////////////////////////////////////////////////////////////