[clamav-users] ClamAV+exim: scanner finds not a single malware

Groach groachmail-stopspammingme at yahoo.com
Sat May 28 23:36:57 UTC 2016 

Ooh, Joel, Im going to enjoys replying to this one.......

On 28/05/2016 23:42, Joel Esler (jesler) wrote:
> Groach,
>
> If you hate the project so much....
I dont hate he product.  Only last week (if you care to read back) I 
declared how the product WITH THE AID OF 3RD PARTY SIGNATURES made it 
almost the best product out there for ZERO-HOUR threats.  And with this 
reason, and CONSEQUENTLY the sheer fact I keep the product in operation 
for the last 3 years, shows that I do not hate the product.  Nor would 
you see my very blatant advertising for it (as recommendation) in my 
signature here: https://www.hmailserver.com/forum/index.php (it wont 
take long for you to see).

> ......that you have to complain during every thread .....

I dont.  Look back and I have hardly responded to any.  I came on in 
March (maybe February) after that fiasco with the windows system-killing 
signature issued back at the time.  And I have involved myself to about 
4 or 5 threads since.  FOUR.  However, what I have done is not relent on 
the point I was making at the time.  In the initial thread you were 
pretty dismissive of the problem ("we cant test everything", "we are 
working on other things", "we havent had many complaints" etc etc) and 
therefore, yes, it got pretty intense for you because such an attitude 
to a genuine users 'feedback' about the damage your product did was 
outrageous and I wouldnt let it go. It was for this reason you remember 
very clearly. And rather than sling mud at you I decided to battle on to 
get the point across until you DID finally acknowledge there were issues 
to be addressed.  And let me remind you that only earlier this week you 
acknowledged that my complaint and issues raised were partly responsible 
for the work you have done recently.

> and refuse to help and be constructive by providing files,

NOW I feel I want to swear at you!  Reminder:  I spent 2 YEARS regularly 
sending in reports and files for inoculation by the ClamAV team as well 
as the endless stream of False Positives.  These reports were done 
almost DAILY.  And it was the observation that despite sending these 
reports in nothing actually got done that made me so aware of the poor 
performance of the product and the teams dealing with the signatures.  
So you can take your claims of me 'not providing files' and stick them 
in the hole you left where your up-to-date EFFECTIVE signatures should be!

> or signatures for those files (which is just plain productive),....

NO!  YOU provide the signatures!  I gave you the files, and the false 
positives!  And now you are saying I need to give the signatures too?!  
"Here, have an engine, receive a threat, analyse it, generate a 
signature to protect yourself  and let us have a copy please too (oh, 
and dont forget to pay the ransom to get your system back from the 
Cryptolocker virus that we failed to stop for you)". REALLY?!!  Is that 
how you want to maintain an Antivirus Solution? (Obviously, yes.  It 
does explain why they are so ineffective).

> then perhaps you need to seek assistance elsewhere.

I dont need assistance.  I KNOW the usefulness (or lack of) of ClamAV 
and its definitions.  My posts reminding of their performance were a 
reminder to help others who THINK they are getting a protected system by 
relying on Clam (only) signatures.  THIS is what I call being helpful.  
I dont think telling a 'user' of an ineffective system to stop 
complaining about it and keep quiet' any form of assistance whatsoever.

> I am all for trying to help everyone on this list, as long as people 
> on this list attempt to help us, but just being honest, this method of 
> engagement is not helpful.

And there we have it.  You dont even know what is helpful and what isnt.

a,  I was responding to OTHER people who showed interest, requested 
information from me (DP) and actually had nothing to do with you and
b, On 28/05/2016 17:03, Joel Esler (jesler) wrote:
> So our recent improvements and detection have not produced any different result in the field?
I was doing a test for YOU to see and conclude yourself!  Dont bark at 
me when you dont like the results given back to you.

c,  WE are ENTITLED to share our experiences and offer guides to those 
that want it even if it is not what JOEL ESLER - deny-er of problems, 
wants to hear.  If my complaints about your signatures, demonstrations 
of their ineffectiveness and highlighter of your denial to problems 
helps others to move on to employing 3rd party signatures (or move away 
from Clam completely) to simply ensure their system is protected as they 
expect it to be then I consider MY JOB as a helpful 'assistant'  done.  
Perhaps its something you should take note of.


Case in point:

You have just said the list I provided was not up to date.  Ooh, thats 
ok then, as long as the users get infected by OLD viruses, they should 
be happy.

Most of those files that failed detection by your product I REPORTED TO 
CLAM at the time.  Yes, even the ones that are 2 years old.  And the 
first file in the list are only 3 days old.  So somewhere between 2 
years and 3 days old, still not being detected - when exactly do you 
want a valid file to be detected and therefore see Clam as successful?  
Before its released? Or another couple of years??

And going back to earlier in the thread I am not the only one. Quote G.W 
Haywood:

"I'll disagree too, since ClamAV here sees approximately one virus per 
annum "

and Im sure you dont have to look very hard for others to have the same 
experience.  This maillist is full of people saying "Ive reported but 
still its not added...." type complaints.  (And where its not added, its 
missing and threats go undetected).

In other words, Mr Manager,  if you dont want me (and others) 
complaining about the product, then dont give me anything to complain about.

(p.s Note for the Joel Esler fan club:  Dont bother trying to defend, Im 
sure he is big enough to fight his own battles and Im pretty thick 
skinned.  I have my system working with 3rd party signatures and no 
better than to rely on it to save it (its supplementary to other AV 
features) and if you are believer of the usefulness of this product, 
rely on it without other suuplementds and say my FACTS above are wrong 
then you really a fool to yourself.)

Your welcome!



On 28/05/2016 23:38, Joel Esler (jesler) wrote:
> To be honest right now, I'm interested in threats coming out more recently.  While yes, your concern is valid, I'd like to hear from someone with a more recent test set.
Most of those files that failed detection by your product I REPORTED TO 
CLAM at the time.  Yes, even the ones that are 2 years old.  And the 
first file in the list are only 3 days old.  So somewhere between 2 
years and 3 days old, still not being detected - when exactly do you 
want a valid file to be detected and therefore see Clam as successful?  
Before its released? Or another couple of years??

> On May 28, 2016, at 12:13 PM, Groach <groachmail-stopspammingme at yahoo.com<mailto:groachmail-stopspammingme at yahoo.com>> wrote:
>
> 24 files, ALL OF THEM are viruses of some sort or another (including 1 which is the eicar test virus).
>
> ClamAV database:
>
>
> ----------- SCAN SUMMARY -----------
> Known viruses: 4397481
> Engine version: 0.99.1
> Scanned directories: 0
> Scanned files: 24
> **Infected files: 10**
>
> Data scanned: 5.27 MB
> Data read: 1.48 MB (ratio 3.57:1)
> Time: 15.429 sec (0 m 15 s)
>
> --------------------------------------
> Completed
> --------------------------------------
>
> 10.  Just 10.  Out of 24.  And these are all OLD viruses (minimum 2 months old except 1).
>
>
> But with SANE DEFINITIONS:
>
> ----------- SCAN SUMMARY -----------
> Known viruses: 4512349
> Engine version: 0.99.1
> Scanned directories: 0
> Scanned files: 24
> **Infected files: 23**
>
> Data scanned: 3.92 MB
> Data read: 1.48 MB (ratio 2.65:1)
> Time: 17.409 sec (0 m 17 s)
>
> --------------------------------------
> Completed
> --------------------------------------
>
> Says it all really.  I leave you to make your own conclusions.
>
>
>
>
>
> On 28/05/2016 16:00, G.W. Haywood wrote:
> Hi there,
>
> On Mon, 23 May 2016, C.D. Cochrane wrote:
>
> ... ClamAV is just ...
>
> and on Mon, 23 May 2016, Joel Esler wrote:
>
> Obviously going to disagree. ...
>
> I'll disagree too, since ClamAV here sees approximately one virus per
> annum (and as far as I'm concerned, whether or not ClamAV detects the
> virus that it sees is really not an issue).  For some explanation see
>
> http://marc.info/?l=clamav-users&m=141245133506824&w=2
>
>
> _______________________________________________
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
> _______________________________________________
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml

More information about the clamav-users mailing list