[Bug 270581] New: Clam AV real-time Agent cannot identify test malicious code download
https://bugzilla.novell.com/show_bug.cgi?id=270581 Summary: Clam AV real-time Agent cannot identify test malicious code download Product: openSUSE 10.2 Version: Final Platform: i386 OS/Version: Other Status: NEW Severity: Critical Priority: P5 - None Component: Security AssignedTo: security-team@suse.de ReportedBy: alpha096@tpg.com.au QAContact: qa@suse.de This bug was identified to CLAM AV at https://wwws.clamav.net/bugzilla/show_bug.cgi?id=443 I am sorry I am unable to add you as CC address. The statement made in reply Quote Not true. zolw@Wierszokleta:/tmp$ clamscan eicarcom2.zip eicarcom2.zip: Eicar-Test-Signature FOUND ----------- SCAN SUMMARY ----------- Known viruses: 108083 Engine version: 0.90.1 Scanned directories: 0 Scanned files: 1 Infected files: 1 Data scanned: 0.00 MB Time: 3.126 sec (0 m 3 s) Indicates and tests identically, that ClamAV will ONLY fund malicious script whilst clamscan is performed. The real-time agent therefore serves no purpose in that it will not, either by functional design or fault, detect malicious code being downloaded. As such IF the real-time agent cannot identify malicious code we must provide GUI scanning options to the user. Especially as a result of advertising "Anti_virus" Protection on the boxed version. It would appear that Clamav do NOT want to enter into ANY discussion re- the real-time agent from the lack of response despite re-opening of bug and submitting further details. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=270581 meissner@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |INVALID ------- Comment #1 from meissner@novell.com 2007-05-02 23:45 MST ------- Please understand that ClamAV is a toolset / framework for virus testing. It still requires client integration. - several MTAs are clamav integration capable and can be configured to use it. - kmail and other GUI clients have clamav scanning options that can be enabled. - samba-vscan has clamav integration. So the clients need to be aware and several are. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=270581 alpha096@tpg.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|INVALID | ------- Comment #2 from alpha096@tpg.com.au 2007-05-03 01:29 MST ------- Fiefox and Konqueror are not aware of the real-time-action either being non apparent in taking action.I would hazard a guess that any HTTP or HTTPS request of a OpenSuse HTTP also does not provide any real-time protection. Also if changes cannot be functionally altered to provide "protection" I strongly advise you remove from the list of features on the Box Version and other promotional information. We are at a base level when Firefox and Konqueror will NOT identify any malicious script at all that is either downloaded by HTTP or HTTPS and in various form I can see NO important functional reason why it should be part of the distro and marketed as such. "Virus Protection" needs immediate removal from Boxed and Promotional documentation as we are getting down to very basic ideas when "Protection" is taken literally and we are now in a situation where its works sometimes and not others. - An announcement of this nature reflects badly. Certainly with the Major Opposition announcing today of Microsoft Security Services we should at the very least try to make ClamavV work for all applications evolved with Internet access/interface. It does involve a lot of code but the basic principal is the same for every application that draws files/info from the net. Sorry - re-opened as commercially expectant, currently misleading in I don't know how many versions for your's this effects. Please consider further consideration. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=270581 alpha096@tpg.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |NEW -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=270581 meissner@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|security-team@suse.de |michl@novell.com Severity|Critical |Normal ------- Comment #3 from meissner@novell.com 2007-05-03 02:21 MST ------- We never claimed for it to have what you call "real time protection". I dont have a box right here, but I am pretty sure iot never said "real time" together with viruses. ALso I suspect malicious javascript code or similar is not detected by any scanner. -> Michl, perhaps we can reword the "Antivirus protection" marketing blurb on the outside of the box. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=270581 ------- Comment #4 from alpha096@tpg.com.au 2007-05-03 07:38 MST ------- Totally agree - The words are "protection" when in fact we are NOT protecting. The term real-time agent is one the techos use, however to the user I would assume "Protection" mean just that and we do not provide it. In all above instances the purpose of the Quotation "" marks indicate what is quoted on the box - a usual acceptable English convention. When I refer to real-time - I refer to the functional operation of the term "Protection" There should be no need for confusion here. "Antivirus detection" is all we can clam without seen to be misrepresenting the function. The term "Anti-virus Protection" is NOT functionally currently provided to a user who picks up a box. This has possible far reaching changes, I gather you dont want to provide real-time protection" for SLES and SLED products although I have not seen the box nor sales material. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=270581 michl@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |WONTFIX ------- Comment #5 from michl@novell.com 2007-05-22 07:50 MST ------- We're not naming Clam-AV on the retail box. No need to change anything -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=270581 alpha096@tpg.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|WONTFIX | ------- Comment #6 from alpha096@tpg.com.au 2007-05-22 17:26 MST ------- NO - The claim is on the 10.2 retail box "Spam blocker, antivirus protection and firewall" -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=270581 michl@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |RESOLVED Resolution| |WONTFIX ------- Comment #7 from michl@novell.com 2007-05-23 02:10 MST ------- K - AntiVir delivers antivirus protection. And it's shipped with each box. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=270581 ------- Comment #8 from scocoo@tpg.com.au 2007-05-23 06:53 MST ------- Created an attachment (id=141716) --> (https://bugzilla.novell.com/attachment.cgi?id=141716&action=view) search for K-Antivir - nil result -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=270581 ------- Comment #9 from scocoo@tpg.com.au 2007-05-23 06:54 MST ------- Created an attachment (id=141718) --> (https://bugzilla.novell.com/attachment.cgi?id=141718&action=view) actual anti-virus scanners shiped with product The attached indicates that k-Antivir is not shipped with retail opensuse 10.2 for which this bug indicates. The author is not wishing to re-open this bug as it would appear that from comment#5 #6 #7 this action would not be constructive. The author's intent in identifying this issue was to protect Novell. The author has never intended to gain anything. With 3 clicks the attached was located and does NOT verify #7. The author leaves this now as a legacy item -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=270581 scocoo@tpg.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
participants (1)
-
bugzilla_noreply@novell.com