BYOE issues with ClamXav Sentry

Discussions relating to ClamXav

Moderator: Mark

Re: BYOE issues with ClamXav Sentry

Postby eiichi » Thu 23 Jun 2016 11:45 pm

Notes for B.Y.O.E users:

Mark has announced a new Public Beta of version ClamXav 2.9.
ClamXav 2.9 has a new engine install and uninstall mechanism.
If all files ClamXav 2.9 needs are not installed correctly, it starts to replace B.Y.O.E by official engine included in ClamXav 2.9.

I am now testing ClamXav 2.9 with my B.Y.O.E (ClamAV Development Version).
For details to "Running ClamXav Version 2.9.x with B.Y.O ClamAV engine".
eiichi
 
Posts: 33
Joined: Sat 19 Mar 2016 5:41 am

Re: BYOE issues with ClamXav Sentry

Postby eiichi » Tue 12 Jul 2016 12:21 pm

Notes for B.Y.O.E Users:

Mark has released ClamXav Version 2.9 (2378) including ClamXav Sentry Version 3.9 (2378).
Be sure you have /usr/local/clamXav backed up before updating.
eiichi
 
Posts: 33
Joined: Sat 19 Mar 2016 5:41 am

Re: BYOE issues with ClamXav Sentry

Postby eiichi » Wed 13 Jul 2016 2:21 am

- Important Notes -
Mark has stopped official support for B.Y.O. engine.
If you keep using B.Y.O. engine, do that in your responsibility.
eiichi
 
Posts: 33
Joined: Sat 19 Mar 2016 5:41 am

Re: BYOE issues with ClamXav Sentry

Postby ChipMcKNo2 » Wed 13 Jul 2016 9:52 am

eiichi wrote:- Important Notes -
Mark has stopped official support for B.Y.O. engine.
If you keep using B.Y.O. engine, do that in your responsibility.
Poor choice IMHO.
That has been one of the attractive features of ClamXav, the ability of keep up with ClamAV updates despite Mark's scheduling conflicts.
ChipMcKNo2
 
Posts: 87
Joined: Sun 07 Dec 2014 11:20 pm
Location: U S of A

Re: BYOE issues with ClamXav Sentry

Postby eiichi » Wed 13 Jul 2016 10:26 am

Poor choice IMHO.
That has been one of the attractive features of ClamXav, the ability of keep up with ClamAV updates despite Mark's scheduling conflicts.

I am all of the same mind.
eiichi
 
Posts: 33
Joined: Sat 19 Mar 2016 5:41 am

Re: BYOE issues with ClamXav Sentry

Postby brianallenlevine » Wed 13 Jul 2016 8:32 pm

I'm also unhappy with the loss of BYOE support...

--Brian
brianallenlevine
 
Posts: 16
Joined: Thu 28 Jun 2007 6:19 am

Re: BYOE issues with ClamXav Sentry

Postby eiichi » Fri 15 Jul 2016 4:35 am

I've been using B.Y.O. engine as ClamXav back-end for more than 10 years.
As far as ClamXav allows me to use it, I'd like to keep using B.Y.O. engine.

The following are the reasons that I use B.Y.O. engine.
1. I can upgrade the scanning engine to the latest version at the same time as ClamAV releases the latest edition.
2. I can configure the engine to get the best optimization in my system.

Image
eiichi
 
Posts: 33
Joined: Sat 19 Mar 2016 5:41 am

Re: BYOE issues with ClamXav Sentry

Postby alvarnell » Sat 16 Jul 2016 2:39 am

Just a few comments here that represent my own two cents. I won't pretend to know the reasons for the delays or use of various configurations, but some considerations on why B.Y.O.E. isn't needed by most users any more.

Most updates of the ClamAV scan engine, do not contain any fixes or enhancements that impact OS X in any manner, so there is rarely a need to rush to the latest version. The last major security release was 97.7.

I distinctly remember 0.99.2 being released within an hour of Mark's release of 2.8.9.3 on May 3. The only improvement that impacted OS X was bb11188 - Upgrade to use libtool 2.4.6 for ClamAV building: fixes issues with MacOSX 10.10 and 10.11 and a workaround was already in place, so there was no rush to get 2.8.9.4 out until a few of the known ClamXav bugs were resolved.

The reason for some configuration items relate to maintaining support for OS X 10.6.8 which is still the third most popular OS being used, amounting to just under 10% of ClamXav users. I realize that certainly is of no interest to those reading this, but I mention it as probably the primary reason for their use. I believe that ClamXav is the only current A-V software available to Snow Leopard users.

Just because something is newer, does not always indicate that it will provide any additional capability to ClamXav or the scan engine. For instance, if PCRE provides all the API's necessary for ClamAV operation, PCRE2 isn't needed and could even break something.
-Al-
--
iMac(21.5-inch, Mid 2011) 2.8GHz Intel Core i7/OSX 10.10.5, 10.11.6, 10.12.6 & 10.13.6/ClamXAV v3.0.9 (7713)/0.100.2_01
iMac(Retina 5K, 27-inch, 2017) 4.2GHz Intel Core i7/macOS 10.12.6, 10.13.6 & 10.14.5/ClamXAV v3.0.11 (7899)/0.101.2_09
alvarnell
Site Admin
 
Posts: 5509
Joined: Thu 04 Sep 2008 1:18 am
Location: Mountain View, CA, USA

Re: BYOE issues with ClamXav Sentry

Postby eiichi » Sat 16 Jul 2016 5:07 am

Al,
I'm not going to argue with your opinion.
Flexibility which permits B.Y.O.E has been one of the attractive features of ClamXav.
Thanks to its flexibility, I can still run ClamXav Sentry with B.Y.O.E (ClamAV 0.99.2) on Mac OS X 10.4.11.
I only want ClamXav to keep its flexibility.
eiichi
 
Posts: 33
Joined: Sat 19 Mar 2016 5:41 am

Re: BYOE issues with ClamXav Sentry

Postby eiichi » Sat 16 Jul 2016 8:14 am

P.S.
I know that most users don't need B.Y.O.E. and have no interest in it.

While ClamXav was free, most users thought "Ah, Mark is too busy to update an engine. It's free." and then they waited an update, and most B.Y.O.E users started to build by their own effort.

But ClamXav is now a commercial product and therefore quality management is required, I think.
I think that most users want not to see WARNING as below:
--------------------------------------
ClamAV update process started at xxx xxx xx xx:xx:xx xxxx
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: x.xx.x Recommended version: x.xx.x
DON'T PANIC! Read http://www.clamav.net/support/faq

That's the reason I noted "*Commercial Product" in my previous post.
eiichi
 
Posts: 33
Joined: Sat 19 Mar 2016 5:41 am

Re: BYOE issues with ClamXav Sentry

Postby alvarnell » Sat 16 Jul 2016 8:35 am

eiichi wrote:I only want ClamXav to keep its flexibility.
AFAIK, Mark has no intention of somehow crippling ClamXav so that B.Y.O.E. is not an option. You, of all people must realize that his support for it dwindled over the past few years and his decision to deprecate support and put more time into development was made last Fall, but there were still some hooks in it from ClamXav and of course the menu item that takes you to the page where he used to support it was still there. He decided v2.9 was the right time to remove the prompt from ClamXav and announce the end of official support.

In all honesty, I think you currently understand a lot more about B.Y.O.Engine with ClamXav than anybody else. Of course you don't have ClamXav's programatic details to warn you of changes that might impact it, but you certainly have mastered compiling ClamAV to meet your unique needs. I don't know whether Mark would be open to allowing you to maintain the web page or possibly just a link to your own instructions would be sufficient.
-Al-
--
iMac(21.5-inch, Mid 2011) 2.8GHz Intel Core i7/OSX 10.10.5, 10.11.6, 10.12.6 & 10.13.6/ClamXAV v3.0.9 (7713)/0.100.2_01
iMac(Retina 5K, 27-inch, 2017) 4.2GHz Intel Core i7/macOS 10.12.6, 10.13.6 & 10.14.5/ClamXAV v3.0.11 (7899)/0.101.2_09
alvarnell
Site Admin
 
Posts: 5509
Joined: Thu 04 Sep 2008 1:18 am
Location: Mountain View, CA, USA

Re: BYOE issues with ClamXav Sentry

Postby alvarnell » Sat 16 Jul 2016 8:41 am

eiichi wrote:I think that most users want not to see WARNING
It would certainly cut down on the HelpDesk questions that come up every time, but since that warning comes automatically from freshclam, there's not much that can be done about it.

There is a bit that is set to turn this notification on when SourceFire/ClamAV feels the necessity. In the old days they used to wait weeks or months before setting that bit, unless the update was considered urgent. For whatever reason, the current management feels the need to set it almost immediately these days.
-Al-
--
iMac(21.5-inch, Mid 2011) 2.8GHz Intel Core i7/OSX 10.10.5, 10.11.6, 10.12.6 & 10.13.6/ClamXAV v3.0.9 (7713)/0.100.2_01
iMac(Retina 5K, 27-inch, 2017) 4.2GHz Intel Core i7/macOS 10.12.6, 10.13.6 & 10.14.5/ClamXAV v3.0.11 (7899)/0.101.2_09
alvarnell
Site Admin
 
Posts: 5509
Joined: Thu 04 Sep 2008 1:18 am
Location: Mountain View, CA, USA

Re: BYOE issues with ClamXav Sentry

Postby eiichi » Sun 17 Jul 2016 2:56 am

alvarnell wrote:Most updates of the ClamAV scan engine, do not contain any fixes or enhancements that impact OS X in any manner, so there is rarely a need to rush to the latest version.

I have differing opinions on this, but I don't make an issue of that now.

alvarnell wrote:..., but since that warning comes automatically from freshclam, there's not much that can be done about it.

When ClamAV releases the latest update, Canimaan Software Ltd should update bundled engine as soon as possible for customers.
As a result, most customers aren't going to see WARNING.
That brings a feeling of safety and trust to customers.
I think customers don't want to hear:
"Ah, that is certainly the product of our company. But the faulty part is not ours. That's the product of XYZ Company. So there's not much that can be done about it."
eiichi
 
Posts: 33
Joined: Sat 19 Mar 2016 5:41 am

Re: BYOE issues with ClamXav Sentry

Postby eiichi » Mon 18 Jul 2016 1:06 am

Additional and last comment about B.Y.O.E. issues:

eiichi wrote:
alvarnell wrote:Most updates of the ClamAV scan engine, do not contain any fixes or enhancements that impact OS X in any manner, so there is rarely a need to rush to the latest version.
I have differing opinions on this, but I don't make an issue of that now.

If my understanding is right, to put it plainly, ClamXav (including ClamXav Sentry) is an application which covers ClamAV engine with G.U.I. wrappers for OS X.
ClamAV engine is a generic name of packages which include ClamAV command line tools.
See drawing below:


Image


So the updates which fix or enhance the tools used in ClamXav (e.g. clamd, clamdscan, clamscan, freshclam and so on) impact ClamXav.
This is why I'm trying to keep up with ClamAV updates.

Lastly, sorry for my bad English.
Thanks.
eiichi
 
Posts: 33
Joined: Sat 19 Mar 2016 5:41 am

Re: BYOE issues with ClamXav Sentry

Postby alvarnell » Mon 18 Jul 2016 2:42 am

eiichi wrote:Additional and last comment about B.Y.O.E. issues
I don't want to discourage our continued discussions here, but everybody does need to realize that nothing we say here will result in any changes with regard to ClamXav. This is now simply a user-to-user Forum to help each other with issues or refine our understanding of ClamXav operations. At some point the Forum will be taken down, so I encourage everyone to use it while we can.
If my understanding is right, to put it plainly, ClamXav (including ClamXav Sentry) is an application which covers ClamAV engine with G.U.I. wrappers for OS X.
ClamAV engine is a generic name of packages which include ClamAV command line tools.
See drawing below:
Image

Yes, you have a very good understanding of both components and that's an excellent depiction of it, but perhaps you are overlooking a couple of features that are over and above what the ClamAV scan engine provides.

- Current versions of ClamXav also load and update unique OS X signatures that are not included in the official ClamAV database. At this time there are over 83,000 such OS X ClamXav unofficial signatures compared to 6,111 for ClamAV.
- ClamXav is now (since v2.9) much more than just a front-end to the ClamAV scanning engine. It now has it's own process to identify and deal with complex malware installations that are not covered by any conventional ClamAV-like signature.
So the updates which fix or enhance the tools used in ClamXav (e.g. clamd, clamdscan, clamscan, freshclam and so on) impact ClamXav.
This is why I'm trying to keep up with ClamAV updates.
I don't challenge any of that. All I meant was that when a new ClamAV engine is released, the first thing I do is open the Change Log and search for "OSX" and "OS X". The majority of the time, I don't find anything and with few exceptions the ones that do show up are minor or limited to "rare occurrence" type fixes. Only one update in all the time I've been using ClamAV (which preceded my use of ClamXAV, by the way) involved a security issue worthy of rushing it into use.

I realize that many of the other enhancements/fixes that address Windows users are useful to those ClamXav users who share files with Windows users or environments, so I'm sure having the most up-to-date engine is important to some.

But I know for certain that Mark does a something similar, weighing the improvements in the scan engine against those in ClamXav that are being worked and decides which is a better use of his time and release schedule. As a minimum, there must be an alpha and beta test period to determine if anything in the new engine requires a re-coding effort in ClamXav to either work with it or take advantage of some added capability. So there will always be some period of time between engine release and ClamXav engine updates going forward.

And if there was any bad English here, I missed it.
-Al-
--
iMac(21.5-inch, Mid 2011) 2.8GHz Intel Core i7/OSX 10.10.5, 10.11.6, 10.12.6 & 10.13.6/ClamXAV v3.0.9 (7713)/0.100.2_01
iMac(Retina 5K, 27-inch, 2017) 4.2GHz Intel Core i7/macOS 10.12.6, 10.13.6 & 10.14.5/ClamXAV v3.0.11 (7899)/0.101.2_09
alvarnell
Site Admin
 
Posts: 5509
Joined: Thu 04 Sep 2008 1:18 am
Location: Mountain View, CA, USA

PreviousNext

Return to ClamXav

Who is online

Users browsing this forum: No registered users