store | blogs | forums | twitter | facebook | wiki | mailing lists | downloads | support portal
Atomic Secure Linux
It is currently Tue May 21, 2013 3:21 pm

View unanswered posts | View active topics


Board index » Customer Support Forums » Atomic Secured Linux Support

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]



Post new topic Reply to topic Share/Bookmark  Page 1 of 1
  [ 3 posts ] 
  Print view Previous topic | First unread post | Next topic 
Author Message
ghazlewood
 Post subject: clamav_updater.sh
Unread postPosted: Tue Jul 17, 2012 12:44 pm 
Offline
Forum User
Forum User

Joined: Thu Feb 26, 2009 6:50 pm
Posts: 35
Quick question, when does /usr/bin/clamav_updater.sh get run by ASL (if indeed at all)?

Reason I ask is that I just had a client who was emailing someone actually on the spear.ndb list, a real person who for whatever reason was listed. Turns out the spear.ndb on this server was very out of date, 2010 to be precise.

Should I set my servers to run /usr/bin/clamav_updater.sh on a regular basis manually? Or should it be happening elsewhere anyway?

Cheers

George
Top
 Profile  
 
mikeshinn
 Post subject: Re: clamav_updater.sh
Unread postPosted: Tue Jul 17, 2012 6:14 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
User avatar

Joined: Thu Feb 07, 2008 7:49 pm
Posts: 3245
Location: Chantilly, VA
Quote:
Quick question, when does /usr/bin/clamav_updater.sh get run by ASL (if indeed at all)?


Thanks for the question. ASL does not use it or run, but we do include the script in case you want to use the third party signatures it will download for you. Because the thirdparty signatures it downloads vary in quality and false positives we do not turn this on by default. We used to have that enabled many years ago in ASL, but disabled it I want to say 2 years ago because of the aforementioned concerns about the quality and false positive rates in some of the third party signatures.

With that said, those signatures have gotten much better, but still are not at the level where we feel comfortable turning them on by default. In general though, you may find that they work well for you, and the script to update them is included in ASL if you wish to use them.

My personal two cents, its safe for most folks to run that updater. YMMV, but like I said the quality of those signatures has gotten better, and a lot of people swear by them.

_________________
Michael Shinn
Atomicorp - Security For Everyone

Co-Author of Troubleshooting Linux Firewalls.

Top
 Profile  
 
ghazlewood
 Post subject: Re: clamav_updater.sh
Unread postPosted: Wed Jul 18, 2012 5:00 am 
Offline
Forum User
Forum User

Joined: Thu Feb 26, 2009 6:50 pm
Posts: 35
Mike thanks for the detail on this. It makes sense now, a couple of servers didn't have any of the extra definitions on them at all, being newer I guess.

My experience with these definitions echoes the feedback you have already received, mainly that they provide good coverage against phishing, spam and the like but occasionally there are false positives, as was my experience yesterday. No harm done but would be good not to have to worry about these updating themselves. I think I'll set them to update once a week, would certainly rather they remove stuff (around 4k messsages in the last 6 months from one server alone).

Cheers

George
Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic Share/Bookmark  Page 1 of 1
  [ 3 posts ] 

Board index » Customer Support Forums » Atomic Secured Linux Support

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]

Who is online

Users browsing this forum: Google [Bot] and 3 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group