[clamav-users] Warning in ClamAV update process

Gene Heskett gheskett at wdtv.com
Sat Sep 13 16:07:46 UTC 2014 

On Thursday 11 September 2014 18:16:49 Joel Esler (jesler) did opine
And Gene did reply:
> For far too long I feel like, we’re throwing band-aids on things in
> order to “just get them upâ€‌
> 
> I, and I am sure, all of you, don’t want band-aids, you want reliable
> solutions that are better in the long run and robust.  Sometimes,
> unfortunately, that takes longer to design, code, and roll out.

And then even more time to convince TPTB in charge of the major 
distributions, that the upgrade needs to find its way into their repo's.  
I am on an older ubuntu 10.04.4 LTS install, with enough X and kde to get 
what I want, but that also has its drawbacks as I am stuck with a patched 
up 98.1.

This is also a problem that needs to be addressed in closed door sessions 
with the Ubuntu's, SuSe's and Red Hat's of the industry, building a fire 
under their packagers occasionally.  Its a cost of doing business, 
although I am not 100% aware of who is paying the bills for this project, 
I read rumors that might be just that so I won't propagate them.

As I approach my 80th in about 6 weeks I am very well aware that TANSTAAFL 
applies here just as it applies to any endeavor.  Its as near a universal 
rule as I know, and while I am not rich by any means, I have been known to 
support, in small amounts, worthwhile open source projects.  An annual 
club membership due is in the same category.
  
> For instance, on our backend, the system that collects the actual
> malware samples, stores them, de-duplicates them, deals with the
> collection, signatures, package distribution, etc, went from
> collection, on average, 300k samples a day (unique, after
> de-duplication), to now just shy of 1M a day.

Definitely a scaling problem, existing hardware can only do so much before 
you have to throw both money for bigger iron and that bigger iron at the 
job.
 
> As you can imagine this introduces all sorts of interesting issues,
> aside from the simplest thing of just plain storage.  So this system
> had to be completely redesigned.
> 
> The website (ClamAV.net<http://ClamAV.net>) had to be redesigned.

I see that, an improvement in the graphical face was needed.

> ClamAV, the actual code, has had a ton of work done on it, not only to
> fix bugs and issues, but to introduce new features.  All the while
> with an increasing user base of several thousand users per day.
> 
> So, we’re working to make everything a better experience, and I know
> it’s painful right now, and we apologize for it, but hopefully the
> light at the end of the tunnel will make it all worth it.  It’s
> costing us millions of dollars, but we’re going to do it, and
> we’re going to do it right.
> 
> --
> Joel Esler
> Open Source Manager
> Threat Intelligence Team Lead
> Talos

I also didn't intend to throw a 5 gallon can of K2 on the fire here, the 
msg I'll snip was intended to show some concern for the pace of such 
things as the mirror.html being regenerated, probably with a script that 
regenerates it anytime something gets changed.  Something like that is 
trivial to maintain once the script has been written.

Those ARE the things we, the users, see right up front, and when not fixed 
in the open source fashion of perhaps an hour or so, makes the user, 
particularly the newbie understandably a bit wary.

Thank you Joel, for taking the time to respond in some detail, its 
appreciated by quite a few here I'd imagine.

[...]

Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page <http://geneslinuxbox.net:6309/gene>
US V Castleman, SCOTUS, Mar 2014 is grounds for Impeaching SCOTUS

More information about the clamav-users mailing list