clam tk
Craig White
craigwhite at azapple.com
Tue May 4 15:38:25 MST 2010
On Mon, 2010-05-03 at 07:52 -0700, betty wrote:
> well, no, of course i am not running anything complicated (surely you
> jest !) as you know my non-existent level of expertise. the primary
> reason why i got the program, and it is running fine (i guess, how would
> i know?) is that after 10 years of linux and never using a virus
> program, i got an email from a friend that was obviously a bad thing,
> didn't even open it of course, but nevertheless, it came into my
> mailbox. then after that, firefox started running weird. (maybe
> coincidence. so then i got concerned since i always hear buzz about even
> linux and mac are not immune blahblah blah.) so what the heck i
> installed it.
>
> anyway, now everything seems to work fine.
> i'll be soooo interested in what the list says.
----
When all you have is a hammer, everything tends to look like a nail.
I noticed that as I acquired the skills/tools to minimize spam on my
customers mail servers, some of them became paranoid that their mail
server wasn't working because the spam in their inbox provided a bit of
'visual comfort' to them and when spam stopped showing up, they lost
that indicator. That's sort of like logging all the dropped packets on a
firewall (iptables?). It's not the packets that are blocked that you
need to worry about.
Clearly ClamAV is very useful on e-mail servers. But signature based
pattern matching is incredibly inefficient and imprecise.
http://en.wikipedia.org/wiki/Antivirus_software - pay attention to the
section on 'Effectiveness'
Probably the most significant issue is that the typical Windows or
Macintosh user runs as super-user and even knowledgeable people can be
tricked into executing malicious software. So Windows and Macintosh try
to implement various methods of 'User Access Control' so people can
still run as super-user and hopefully be afforded some protection - of
course they know it doesn't actually work so well in real life...
http://www.pcmag.com/article2/0,2817,2335122,00.asp (see the last
paragraph on the first page).
So if you aren't running a mail server or a file server for Windows
users and it gives you some comfort to run ClamAV scanning, by all
means, go for it. If the wasted computer cycles are significant enough
to impair your ability to use the computer, then you probably have more
problems with your computer than ClamAV.
Recognize that as an AV scanner compared to Windows based virus scan
software, ClamAV ranked rather poorly...
http://en.wikipedia.org/wiki/Clam_AntiVirus
see the section on 'Comparisons'
If you really care about security on any OS - do not run as
super-user... period, end of story.
As for Firefox... the easiest way to make it run like crap is to install
Adobe Reader and Adobe Flash. Jobs is right about one thing for sure -
Flash sucks and HTML 5 is definitely going to be much better for
everyone. I'm conveniently ignoring the fact that Apple is not the least
bit interested in open source unless it sells more of their
proprietary/closed source devices.
Craig
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the PLUG-discuss
mailing list