Date: Wed, 22 Mar 2006 02:41:10 -0800 From: Chris <bsd@1command.com> To: Adi Pircalabu <apircalabu@bitdefender.com> Cc: Ion-Mihai Tetcu <itetcu@people.tecnik93.com>, "\[FBSDP\]" <freebsd-ports@freebsd.org> Subject: Re: bdc BitDefender Console - problems, problems Message-ID: <20060322024110.5z4jw43b4ww00cgs@webmail.1command.com> In-Reply-To: <20060322110819.63f7e511@apircalabu.dsd.ro> References: <20060321233021.59hsmdorkgckc0so@webmail.1command.com> <20060322103146.3c1f6997@it.buh.tecnik93.com> <20060322110819.63f7e511@apircalabu.dsd.ro>
next in thread | previous in thread | raw e-mail | index | archive | help
Quoting Adi Pircalabu <apircalabu@bitdefender.com>: > On Wed, 22 Mar 2006 10:31:46 +0200 > Ion-Mihai Tetcu <itetcu@people.tecnik93.com> wrote: > >> >> [ cc'ing port maintainer, which is always a good idea ] > > Definetely a good idea, thanks Ionut :) Thanks for replying. :) > >> >> > On Tue, 21 Mar 2006 23:30:21 -0800 >> Chris <bsd@1command.com> wrote: >> >> > Hello, >> > I built & installed bdc-7.0.1_1 from the ports on a 5.4 system. > > Good, thanks for using it :) > >> >> > I have a couple of problems: >> > After the build/ install I logged out/ logged in and performed >> > bdc --update. As instructed by the banner displayed upon successful >> > installation. After updating bdc. I performed bdc --info which >> > returned: >> > >> > Error: core initialization failed: Libfn initialization failed >> > >> > Googling for this error returned a solution that someone on the >> > freebsd-questions list provided back in June of 2005. Further >> > indicationg that "work was underway to release a libfn.so file, >> > which will be available in a future update." This was almost a year >> > ago. I hate to sound like I'm whining, or ungreatful (which I'm >> > not). But isn't this a long time to wait for something that is >> > related to system security? Anyway, the cure is to build/ install >> > misc/comapt4x. Which I did. > > It is a long time, indeed, and I shall commit a fix for this, but it is > not critical at all. The product works using misc/compat4x Understood. But took a search on Google to discover it. ;) > >> >> Interesting. Adi, maybe the port should depend on compat4x until the >> problem is fixed ? > > Might be an idea, but I'll go for the right path and commit the real > fix. Excellent to hear. > >> > One last problem; about bdc itself. I ran it against all the >> > mailboxes after making it happy about the libfn problem. I used the >> > following: >> > >> > bdc --arc --files --log --debug --mail --disinfect --move /var/mail >> > >> > which returned: >> > >> > BDC/FreeBSD 5.x-Console (v7.0-2545) (i386) (Dec 22 2004 19:56:57) >> > Copyright (C) 1996-2004 SOFTWIN SRL. All rights reserved. >> > >> > /var/mail/infos=>(message 37)=>[S ... (CET)]=>(MIME >> > part)=>q361598.exe infected: Win32.Swen.A@mm <- cevakrnl.xmd >> > /var/mail/infos=>(message 37)=>[Subject: ... 6 +0100 (CET)]=>(MIME >> > part)=>q361598.exe move failed <- cevakrnl.xmd >> > >> > It doesn't appear that all that work to get bdc installed and >> > working was worth the time and trouble after all. Isn't it capable >> > of disinfection yet? > > bdc can not disinfect or move infected objects from mbox files (not > eml files kept in maildir format). The real "issue" is not the > disinfection / deletion or the virus, but the repacking of mbox. At > this time bdc does not support this feature. The action of rebuilding a > mbox after modifying it is extremely tricky. I've seen lots of > mailboxes corrupted by a faulty repack, that I'm really glad > BitDefender does not have this feature :) Good to know. Thank you for not corrupting my mailboxes. :) Is there a better application of BDC in this regard? > >> >> My policy has always been that infected mail should be deleted :) > > Mine too, but people usually try to use as many features as possible My policy also. But had understood from the doc's that the --mail switch would (could?) handle this situation. > >> >> > It *does* know what it is; as indicated with the following: >> > >> > bdc --arc --files --log --debug --mail --disinfect /var/mail >> > BDC/FreeBSD 5.x-Console (v7.0-2545) (i386) (Dec 22 2004 19:56:57) >> > Copyright (C) 1996-2004 SOFTWIN SRL. All rights reserved. >> > >> > /var/mail/infos=>(message 37)=>[S ... (CET)]=>(MIME >> > part)=>q361598.exe infected: Win32.Swen.A@mm <- cevakrnl.xmd >> > /var/mail/infos=>(message 37)=>[Subject: M ... :16 +0100 >> > (CET)]=>(MIME part)=>q361598.exe deleted <- cevakrnl.xmd >> > /var/mail/infos=>(message 37)=>[Subject: Mic ... Feb 2006 21:29:16 >> > +0100 (CET)]=>(MIME part) updated <- mime.xmd >> > /var/mail/infos=>(message 37) updated <- mbox.xmd >> > /var/mail/infos update failed > > This is exactly what I wrote above. It can take actions upon an infected > object, but does NOT update the mbox file itself. > On the other hand, what are the real benefits of disinfecting a > mailbox? The virus in this case is MIME-encapsulated. You can get > infected only if you import that mailbox and execute the infected file. > And, if this happens one way or another, the user really knows what > he's doing, or is dumb enough to use a computer at all :) Sure. I understand. But I had hoped that it could (would) be removed from the mbox. That is to say; that it would remove the message as required. I simply wasn't aware that it couldn't (safely) re-construct the mbox afterwards. > >> > >> > So it *knows* what it is. But doesn't appear to be a mature enough >> > ant-virus application to actually disinfect or protect a system yet. >> > Is that true? > > No, it's not true. But I work for BitDefender and my opinions can be > easily seen as biased. You can check for yourself the various comparions > charts regarding features, detection rates, updates of virus detection > routines and signatures, and the such. OH! I *completely* believe you. I have a *purchased* copy for (win)NT server. Which I am *very* impressed with. This is why I chose it for all the BSD boxes. As I *depend* on these boxes. As windows is a virus magnet. Antivirus protection is *not* an option. But in the case of the FreeBSD version; it didn't *appear* to be as effective. That is why I made the comment. > >> >> Might be true for disinfection for some viruses, but not for all. As >> to protection, I believe it does it job adequately: it detects the >> viruses and the signatures are updated very quick. >> >> > > -- > Adi Pircalabu (PGP Key ID 0x04329F5E) > > > -- > This message was scanned for spam and viruses by BitDefender. > For more information please visit http://www.bitdefender.com/ > > Thank you for all your time and consideration in this matter. --Chris -- Microsoft: Disc space -- the final frontier! ----------------------------------------------------------------- FreeBSD 5.4-RELEASE-p12 (SMP - 900x2) Tue Mar 7 19:37:23 PST 2006 /////////////////////////////////////////////////////////////////
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060322024110.5z4jw43b4ww00cgs>