[opensuse-security] Re: openSUSE-RU-2015:2060-1: moderate: Recommended update for clamav-database
Hello, Am Freitag, 20. November 2015 schrieben Sie:
openSUSE Recommended Update: Recommended update for clamav-database
This is the weekly internal clamav database refresh on November 16th.
Does shipping weekly updates of the virus signatures really make sense? They are probably already outdated when the update is released, especially when it comes to catching new viruses/malware/etc. Wouldn't it be better to setup an (at least) daily cronjob that runs freshclam? Regards, Christian Boltz -- You could just randomly throw darts at the list of packages on the DVD and not on the CD and any of them can be removed with little or no end-user visibility. [Greg Freemyer in opensuse-factory] -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-security+owner@opensuse.org
Hello, On 11/21/2015 03:51 PM, Christian Boltz wrote:
Am Freitag, 20. November 2015 schrieben Sie:
openSUSE Recommended Update: Recommended update for clamav-database
This is the weekly internal clamav database refresh on November 16th.
Does shipping weekly updates of the virus signatures really make sense? They are probably already outdated when the update is released, especially when it comes to catching new viruses/malware/etc.
Wouldn't it be better to setup an (at least) daily cronjob that runs freshclam?
This package is not primarily intended for the use case you are describing. Yes many users should use freshclam. The clamav-database package is for disconnected / sneakernetted users as well as environments where no network connection is available, e.g. as in openSUSE's own build service where it is used to scan incoming source submissions for threats. Andreas -- Andreas Stieger <astieger@suse.com> Project Manager Security SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg)
On Sat, Nov 21, 2015 at 04:30:28PM +0100, Andreas Stieger wrote:
Hello,
On 11/21/2015 03:51 PM, Christian Boltz wrote:
Am Freitag, 20. November 2015 schrieben Sie:
openSUSE Recommended Update: Recommended update for clamav-database
This is the weekly internal clamav database refresh on November 16th.
Does shipping weekly updates of the virus signatures really make sense? They are probably already outdated when the update is released, especially when it comes to catching new viruses/malware/etc.
Wouldn't it be better to setup an (at least) daily cronjob that runs freshclam?
This package is not primarily intended for the use case you are describing. Yes many users should use freshclam. The clamav-database package is for disconnected / sneakernetted users as well as environments where no network connection is available, e.g. as in openSUSE's own build service where it is used to scan incoming source submissions for threats.
It is actually only used on the SLES side currently, Leap was not set up this way. If there is interest in post-build virus scanning we could set up the same for Leap. Ciao, Marcus -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-security+owner@opensuse.org
Hello, Am Samstag, 21. November 2015 schrieb Marcus Meissner:
On Sat, Nov 21, 2015 at 04:30:28PM +0100, Andreas Stieger wrote:
This package is not primarily intended for the use case you are describing. Yes many users should use freshclam. The clamav-database package is for disconnected / sneakernetted users as well as environments where no network connection is available, e.g. as in openSUSE's own build service where it is used to scan incoming source submissions for threats.
It is actually only used on the SLES side currently, Leap was not set up this way.
If there is interest in post-build virus scanning we could set up the same for Leap.
I'd argue that an additional check is always a good idea ;-) so please enable it for Leap (and maybe also for Tumbleweed if it doesn't cause too much load on the build service). Regards, Christian Boltz -- Aber immer, wenn ich nichts Böses erwarte, dann passierts. Dann hat irgend ein Hirni was geändert, was mehr Arbeit macht. Und der Hirni sitzt hinter 'nem Busch und lacht sich tot [Ernst Scott in opensuse-de] -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-security+owner@opensuse.org
participants (3)
-
Andreas Stieger
-
Christian Boltz
-
Marcus Meissner