Quantcast

Re: openSUSE-RU-2015:2060-1: moderate: Recommended update for clamav-database

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: openSUSE-RU-2015:2060-1: moderate: Recommended update for clamav-database

Christian Boltz-7
Hello,

Am Freitag, 20. November 2015 schrieben Sie:
>    openSUSE Recommended Update: Recommended update for clamav-database

>    This is the weekly internal clamav database refresh on November
> 16th.

Does shipping weekly updates of the virus signatures really make sense?
They are probably already outdated when the update is released,
especially when it comes to catching new viruses/malware/etc.

Wouldn't it be better to setup an (at least) daily cronjob that runs
freshclam?


Regards,

Christian Boltz
--
You could just randomly throw darts at the list of packages on the
DVD and not on the CD and any of them can be removed with little or
no end-user visibility. [Greg Freemyer in opensuse-factory]

--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: openSUSE-RU-2015:2060-1: moderate: Recommended update for clamav-database

Andreas Stieger-2
Hello,

On 11/21/2015 03:51 PM, Christian Boltz wrote:

> Am Freitag, 20. November 2015 schrieben Sie:
> >    openSUSE Recommended Update: Recommended update for clamav-database
>
> >    This is the weekly internal clamav database refresh on November
> > 16th.
>
> Does shipping weekly updates of the virus signatures really make sense?
> They are probably already outdated when the update is released,
> especially when it comes to catching new viruses/malware/etc.
>
> Wouldn't it be better to setup an (at least) daily cronjob that runs
> freshclam?
This package is not primarily intended for the use case you are
describing. Yes many users should use freshclam. The clamav-database
package is for disconnected / sneakernetted users as well as
environments where no network connection is available, e.g. as in
openSUSE's own build service where it is used to scan incoming source
submissions for threats.

Andreas

--
Andreas Stieger <[hidden email]>
Project Manager Security
SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton,
HRB 21284 (AG Nürnberg)


signature.asc (817 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: openSUSE-RU-2015:2060-1: moderate: Recommended update for clamav-database

Marcus Meissner
On Sat, Nov 21, 2015 at 04:30:28PM +0100, Andreas Stieger wrote:

> Hello,
>
> On 11/21/2015 03:51 PM, Christian Boltz wrote:
> > Am Freitag, 20. November 2015 schrieben Sie:
> > >    openSUSE Recommended Update: Recommended update for clamav-database
> >
> > >    This is the weekly internal clamav database refresh on November
> > > 16th.
> >
> > Does shipping weekly updates of the virus signatures really make sense?
> > They are probably already outdated when the update is released,
> > especially when it comes to catching new viruses/malware/etc.
> >
> > Wouldn't it be better to setup an (at least) daily cronjob that runs
> > freshclam?
>
> This package is not primarily intended for the use case you are
> describing. Yes many users should use freshclam. The clamav-database
> package is for disconnected / sneakernetted users as well as
> environments where no network connection is available, e.g. as in
> openSUSE's own build service where it is used to scan incoming source
> submissions for threats.

It is actually only used on the SLES side currently, Leap was not set up
this way.

If there is interest in post-build virus scanning we could set up the same for Leap.

Ciao, Marcus
--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: openSUSE-RU-2015:2060-1: moderate: Recommended update for clamav-database

Christian Boltz-7
Hello,

Am Samstag, 21. November 2015 schrieb Marcus Meissner:

> On Sat, Nov 21, 2015 at 04:30:28PM +0100, Andreas Stieger wrote:
> > This package is not primarily intended for the use case you are
> > describing. Yes many users should use freshclam. The clamav-database
> > package is for disconnected / sneakernetted users as well as
> > environments where no network connection is available, e.g. as in
> > openSUSE's own build service where it is used to scan incoming
> > source submissions for threats.
>
> It is actually only used on the SLES side currently, Leap was not set
> up this way.
>
> If there is interest in post-build virus scanning we could set up the
> same for Leap.

I'd argue that an additional check is always a good idea ;-) so please
enable it for Leap (and maybe also for Tumbleweed if it doesn't cause
too much load on the build service).


Regards,

Christian Boltz
--
Aber immer, wenn ich nichts Böses erwarte, dann passierts.
Dann hat irgend ein Hirni was geändert, was mehr Arbeit macht.
Und der Hirni sitzt hinter 'nem Busch und lacht sich tot
[Ernst Scott in opensuse-de]

--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Loading...