svs-devel Mailing List for Samba Virus Scanner (Page 3)
Brought to you by:
renereucher
Menu
▾
▴
svs-devel — SVS development mailing list
You can subscribe to this list here.
| 2010 |
Jan
|
Feb
|
Mar
|
Apr
(5) |
May
(11) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
(65) |
Nov
(19) |
Dec
(31) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2011 |
Jan
|
Feb
|
Mar
(2) |
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2012 |
Jan
|
Feb
|
Mar
(15) |
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
(1) |
|
From: R. R. <ren...@ba...> - 2010-11-23 18:27:59
|
Oh, hi again :)! On Tuesday 23 November 2010 07:15:27 pm Sebastien Caty wrote: > I've hit a problem on some servers that are under heavier samba use. I > have no proof at all so far that SVS in causing this but I'm > investigating. Since logging level was fairly low, I don't know how > this happened but the end result is a directory gets locked. A user > cannot open this directory (explorer freeze). The user close explorer > and tries to open it again on the same directory. Each time a user > does this on the locked directory, another smbd process is spawned and > stalled in fnctl F_SETLKW. So it's waiting forever for a lock to be > released. Only way to make it work again is to kill all stalled smbd > process. I've seen this before... but not since 0.1.1 was released. > This is the first time I've seen this happen since upgrading from > samba 3.0 to samba 3.5.6 and SVS. I don't know how to reproduce this > yet. Right now I have disabled SVS and waiting a week see if it > happens again. If not, I'll enable SVS again but with more debug > logging. No, it's probably really caused by SVS. Samba will just respawn a new session (and yet another new session)... which is why you may end up in a number of stalled SMBD processes. But that's hard to reproduce, I know... well, if it's still there, I have to try to find it. > I don't know why I end up with many machine connection for the same > user. You only have one active connection, but the SMBD processes hang. > I've also enabled reset on zero VC to make samba close all > previous process from the same IP. But even with the reset, I've seen > samba get stuck with many smbd all waiting for a lock. > > Might be some wierd race condition/deadlock. Yeah, most probably a deadlock. Give me time to study it... also, please let me know your svs.ini. I may not find the time for it this week, but I'll do it ASAP. Thanks, René -- René Reucher ren...@ba... http://www.batcom-it.net/ Health is merely the slowest possible rate at which one can die. |
|
From: Sebastien C. <sc...@dc...> - 2010-11-23 18:15:34
|
Hi, I've hit a problem on some servers that are under heavier samba use. I have no proof at all so far that SVS in causing this but I'm investigating. Since logging level was fairly low, I don't know how this happened but the end result is a directory gets locked. A user cannot open this directory (explorer freeze). The user close explorer and tries to open it again on the same directory. Each time a user does this on the locked directory, another smbd process is spawned and stalled in fnctl F_SETLKW. So it's waiting forever for a lock to be released. Only way to make it work again is to kill all stalled smbd process. This is the first time I've seen this happen since upgrading from samba 3.0 to samba 3.5.6 and SVS. I don't know how to reproduce this yet. Right now I have disabled SVS and waiting a week see if it happens again. If not, I'll enable SVS again but with more debug logging. I don't know why I end up with many machine connection for the same user. I've also enabled reset on zero VC to make samba close all previous process from the same IP. But even with the reset, I've seen samba get stuck with many smbd all waiting for a lock. Might be some wierd race condition/deadlock. |
|
From: R. R. <ren...@ba...> - 2010-11-23 18:14:03
|
On Tuesday 23 November 2010 06:51:55 pm Sebastien Caty wrote: > Works for me Thanks for testing, Sebastien! The bug-reporter also confirmed the fix is working for him. I'll likely release the new version on Thursday as I don't have enough time to do it now... Thanks, René -- René Reucher ren...@ba... http://www.batcom-it.net/ "If we were meant to fly, we wouldn't keep losing our luggage." |
|
From: Sebastien C. <sc...@dc...> - 2010-11-23 17:52:03
|
Works for me > Hi list! > > I've just committed a small (but important) change to SVN to allow > for correct > codec-handling when using non-ASCII characters in file names. > > See this tracker bug for details: > https://sourceforge.net/tracker/?func=detail&aid=3115268&group_id=317999&atid=1337312 > > I'd like to release a new version soon as this bug is easily exploitable. So > if you find the time, please test and let me know your results! > > Thanks, René > -- > René Reucher > ren...@ba... > http://www.batcom-it.net/ > > "You can write a small letter to Grandma in the filename." > -- Forbes Burkowski, Computer Science 454 > > ------------------------------------------------------------------------------ > Beautiful is writing same markup. Internet Explorer 9 supports > standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3. > Spend less time writing and rewriting code and more time creating great > experiences on the web. Be a part of the beta today > http://p.sf.net/sfu/msIE9-sfdev2dev > _______________________________________________ > svs-devel mailing list > svs...@li... > https://lists.sourceforge.net/lists/listinfo/svs-devel > > |
|
From: R. R. <ren...@ba...> - 2010-11-22 14:59:21
|
Hi list! I've just committed a small (but important) change to SVN to allow for correct codec-handling when using non-ASCII characters in file names. See this tracker bug for details: https://sourceforge.net/tracker/?func=detail&aid=3115268&group_id=317999&atid=1337312 I'd like to release a new version soon as this bug is easily exploitable. So if you find the time, please test and let me know your results! Thanks, René -- René Reucher ren...@ba... http://www.batcom-it.net/ "You can write a small letter to Grandma in the filename." -- Forbes Burkowski, Computer Science 454 |
|
From: R. R. <ren...@ba...> - 2010-11-12 19:40:34
|
Hi! SVS 0.1.2 has been released. This version fixes all remaining issues related to the use of special shell characters in file names. We highly recommend to upgrade to SVS 0.1.2! Download link: http://sourceforge.net/projects/svs/files/0.1.2/svs-0.1.2.tar.bz2/download Have fun, René -- René Reucher ren...@ba... http://www.batcom-it.net/ |
|
From: Sebastien C. <sc...@dc...> - 2010-11-12 19:13:22
|
Hi Rene,
I tested this by creating several very wierd filename. All worked
fine. I think you should do a new release since this could be
exploited easily.
Sebastien
> On Friday 12 November 2010 04:19:40 pm Sebastien Caty wrote:
>> Or a bit less overkill, escape all character that are not [a-z][A-Z][0-9]
> Exactly!
>
> I now use this simple regular expression to escape EVERY "non-word
> character":
>
> filePathCopy.replace(QRegExp("((?!\\w))"), "\\\\1");
>
> Please test and let me know! I should perhaps make a new release then...
>
> Thanks, René
> --
> René Reucher
> ren...@ba...
> http://www.batcom-it.net/
>
> Cabbage, n.:
> A familiar kitchen-garden vegetable about as large and wise as
> a man's head.
> -- Ambrose Bierce, "The Devil's Dictionary"
>
> ------------------------------------------------------------------------------
> Centralized Desktop Delivery: Dell and VMware Reference Architecture
> Simplifying enterprise desktop deployment and management using
> Dell EqualLogic storage and VMware View: A highly scalable, end-to-end
> client virtualization framework. Read more!
> http://p.sf.net/sfu/dell-eql-dev2dev
> _______________________________________________
> svs-devel mailing list
> svs...@li...
> https://lists.sourceforge.net/lists/listinfo/svs-devel
>
>
|
|
From: R. R. <ren...@ba...> - 2010-11-12 17:50:57
|
On Friday 12 November 2010 04:19:40 pm Sebastien Caty wrote:
> Or a bit less overkill, escape all character that are not [a-z][A-Z][0-9]
Exactly!
I now use this simple regular expression to escape EVERY "non-word character":
filePathCopy.replace(QRegExp("((?!\\w))"), "\\\\1");
Please test and let me know! I should perhaps make a new release then...
Thanks, René
--
René Reucher
ren...@ba...
http://www.batcom-it.net/
Cabbage, n.:
A familiar kitchen-garden vegetable about as large and wise as
a man's head.
-- Ambrose Bierce, "The Devil's Dictionary"
|
|
From: Sebastien C. <sc...@dc...> - 2010-11-12 15:19:48
|
> I could actually escape EVERY character of a given file name (file path), but > that's a bit overpowered perhaps :). However, it should circumvent any of > those potential issues... Or a bit less overkill, escape all character that are not [a-z][A-Z][0-9] |
|
From: R. R. <ren...@ba...> - 2010-11-12 13:13:36
|
On Friday 12 November 2010 02:09:56 pm R. Reucher wrote: > FYI: I found this list of "known special shell characters" and added the > ones I had still missed (*, [, ], \t and \n): I forgot: ` and = were also added. -- René Reucher ren...@ba... http://www.batcom-it.net/ |
|
From: R. R. <ren...@ba...> - 2010-11-12 13:10:32
|
FYI: I found this list of "known special shell characters" and added the ones I had still missed (*, [, ], \t and \n): http://www.vias.org/linux-knowhow/lnag_05_05_09.html That should be it... Have fun, René -- René Reucher ren...@ba... http://www.batcom-it.net/ |
|
From: R. R. <ren...@ba...> - 2010-11-12 07:45:38
|
On Friday 12 November 2010 07:06:09 am R. Reucher wrote: > Well, yes, there may be more characters, but I didn't find a better way to > do this. Actually, I searched for a corresponding standardized "escape > routine", but there's nothing that we could use here... the main issue > here is to get a _complete_ list of characters that need to be escaped. I've now also added the shell's pipe-symbol (|) to the list of special characters (in SVN). In fact, every character that has a special meaning in UNIX shells should be escaped... on Linux, this shell is usually bash, but that's not hard-coded and there may be even more characters in other shells. However, I think I've now included most - if not all - of them... I could actually escape EVERY character of a given file name (file path), but that's a bit overpowered perhaps :). However, it should circumvent any of those potential issues... Have fun, René -- René Reucher ren...@ba... http://www.batcom-it.net/ |
|
From: R. R. <ren...@ba...> - 2010-11-12 06:06:42
|
On Thursday 11 November 2010 08:05:37 pm Sebastien Caty wrote:
> I've hit another character that wasn't escaped. Added ";" to the
> regexp and solved the problem.
Oops... thanks!
> In svs-threads.cpp
> filePathCopy.replace(QRegExp("([\\<\\>\\\\\\
> \\(\\)\\{\\}\\$\\#\\;\\&\\~\\'\\\"])"), "\\\\1");
>
> I was wondering if there's a better way to do this. Seems like there
> might be other character that will cause problems.
Well, yes, there may be more characters, but I didn't find a better way to do
this. Actually, I searched for a corresponding standardized "escape routine",
but there's nothing that we could use here... the main issue here is to get a
_complete_ list of characters that need to be escaped.
I've now updated it in SVN.
Thanks, René
--
René Reucher
ren...@ba...
http://www.batcom-it.net/
In a museum in Havana, there are two skulls of Christopher Columbus,
"one when he was a boy and one when he was a man."
-- Mark Twain
|
|
From: Sebastien C. <sc...@dc...> - 2010-11-11 19:05:44
|
Hi!
I've hit another character that wasn't escaped. Added ";" to the
regexp and solved the problem.
In svs-threads.cpp
filePathCopy.replace(QRegExp("([\\<\\>\\\\\\
\\(\\)\\{\\}\\$\\#\\;\\&\\~\\'\\\"])"), "\\\\1");
I was wondering if there's a better way to do this. Seems like there
might be other character that will cause problems.
|
|
From: R. R. <ren...@ba...> - 2010-11-09 09:17:51
|
On Monday 08 November 2010 10:39:32 pm Sebastien Caty wrote: > Just to let you know, no issue have been reported so I'm deploying SVS > on all production servers (that run samba obviously). Great! Especially as I see that the interest for SVS is (slowly) growing now that it's released... Thanks! -- René Reucher ren...@ba... http://www.batcom-it.net/ |
|
From: Sebastien C. <sc...@dc...> - 2010-11-08 21:39:40
|
Hi René! Just to let you know, no issue have been reported so I'm deploying SVS on all production servers (that run samba obviously). Sébastien > Hi! > > SVS 0.1.1 is finally out! > > See here for more details: http://svs.sourceforge.net/ > > Have fun, René > -- > René Reucher > ren...@ba... > http://www.batcom-it.net/ > > ------------------------------------------------------------------------------ > Nokia and AT&T present the 2010 Calling All Innovators-North America contest > Create new apps & games for the Nokia N8 for consumers in U.S. and Canada > $10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing > Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store > http://p.sf.net/sfu/nokia-dev2dev > _______________________________________________ > svs-devel mailing list > svs...@li... > https://lists.sourceforge.net/lists/listinfo/svs-devel > > |
|
From: R. R. <ren...@ba...> - 2010-11-02 18:23:22
|
FYI: SVS is now also mentioned in the ClamAV wiki (thanks to Luca Gibelli, whom I've sent a request to add it): http://wiki.clamav.net/bin/view/Main/ClamAndRealTimeScanning Have fun, René -- René Reucher ren...@ba... http://www.batcom-it.net/ "I am not an Economist. I am an honest man!" -- Paul McCracken |
|
From: R. R. <ren...@ba...> - 2010-11-01 11:30:19
|
Hi! SVS 0.1.1 is finally out! See here for more details: http://svs.sourceforge.net/ Have fun, René -- René Reucher ren...@ba... http://www.batcom-it.net/ |
|
From: R. R. <ren...@ba...> - 2010-10-28 16:09:05
|
On Thursday 28 October 2010 05:53:49 pm Sebastien Caty wrote: > SVS is out in the "wild" on most dev servers. Users haven't noticed > anything different. We also have a lot of automated services running > on windows that access data on unix/linux servers. This is where I > have run performance testing. It's about the same, maybe a bit quicker > by about 1/10 of a second on average. Everything run without problem, > no errors in the logs, no performance problem on any server. I'll > monitor it closely for the next week see if anything comes up. Wow -- that's great information! Thanks a lot! Have fun, René -- René Reucher ren...@ba... http://www.batcom-it.net/ |
|
From: Sebastien C. <sc...@dc...> - 2010-10-28 15:57:52
|
ClamFS works somewhat like this (daemon with caching). I use it in one case and it works rather well for something FUSE based. > Hi! > > Regarding the items on the TODO list... I've reconsidered my plans for the > "result cache retention daemon" and the digest-mail function. I think I will > combine both functions into the same daemon application (now called "SVS > service daemon")! > > The SVS sessions themselves are quite "volatile", so I feel the need for a > mechanism to keep (and share) the scan results (only as long as they are > valid, of course). It's probably not worthwhile keeping the results on long- > term storage (DB or file), but it should be nice to have the results cached > for subsequent sessions... or for concurrent sessions, which could > also profit > as the sync's with the service daemon would be done periodically by all of > them. > > As with the result cache synchronization, the SVS sessions could then also > tell the service daemon about the infects they've found, and the service > daemon could then create a combined digest message (later)... > > More service functionality could be added over time... one I could > think of is > automatic cleanup of quarantine folders (after a specified period). > > What do you think? > > Have fun, René > -- > René Reucher > ren...@ba... > http://www.batcom-it.net/ > > "Houston, Tranquillity Base here. The Eagle has landed." > -- Neil Armstrong > > ------------------------------------------------------------------------------ > Nokia and AT&T present the 2010 Calling All Innovators-North America contest > Create new apps & games for the Nokia N8 for consumers in U.S. and Canada > $10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing > Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store > http://p.sf.net/sfu/nokia-dev2dev > _______________________________________________ > svs-devel mailing list > svs...@li... > https://lists.sourceforge.net/lists/listinfo/svs-devel > > |
|
From: Sebastien C. <sc...@dc...> - 2010-10-28 15:53:56
|
Hi, SVS is out in the "wild" on most dev servers. Users haven't noticed anything different. We also have a lot of automated services running on windows that access data on unix/linux servers. This is where I have run performance testing. It's about the same, maybe a bit quicker by about 1/10 of a second on average. Everything run without problem, no errors in the logs, no performance problem on any server. I'll monitor it closely for the next week see if anything comes up. Sebastien > Hi > > Sebastien, how are the tests going? Already put it in the "real world"? > > If you don't find any show stoppers until the weekend, I will > probably release > the current code as v0.1.1 on Monday (a holiday in parts of Germany). After > that I can go on with new features in SVN... > > Have fun, René > -- > René Reucher > ren...@ba... > http://www.batcom-it.net/ > > Isn't it strange that the same people that laugh at gypsy fortune > tellers take economists seriously? > > ------------------------------------------------------------------------------ > Nokia and AT&T present the 2010 Calling All Innovators-North America contest > Create new apps & games for the Nokia N8 for consumers in U.S. and Canada > $10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing > Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store > http://p.sf.net/sfu/nokia-dev2dev > _______________________________________________ > svs-devel mailing list > svs...@li... > https://lists.sourceforge.net/lists/listinfo/svs-devel > > |
|
From: R. R. <ren...@ba...> - 2010-10-28 12:01:00
|
Hi Sebastien, how are the tests going? Already put it in the "real world"? If you don't find any show stoppers until the weekend, I will probably release the current code as v0.1.1 on Monday (a holiday in parts of Germany). After that I can go on with new features in SVN... Have fun, René -- René Reucher ren...@ba... http://www.batcom-it.net/ Isn't it strange that the same people that laugh at gypsy fortune tellers take economists seriously? |
|
From: R. R. <ren...@ba...> - 2010-10-27 10:46:42
|
Hi! Regarding the items on the TODO list... I've reconsidered my plans for the "result cache retention daemon" and the digest-mail function. I think I will combine both functions into the same daemon application (now called "SVS service daemon")! The SVS sessions themselves are quite "volatile", so I feel the need for a mechanism to keep (and share) the scan results (only as long as they are valid, of course). It's probably not worthwhile keeping the results on long- term storage (DB or file), but it should be nice to have the results cached for subsequent sessions... or for concurrent sessions, which could also profit as the sync's with the service daemon would be done periodically by all of them. As with the result cache synchronization, the SVS sessions could then also tell the service daemon about the infects they've found, and the service daemon could then create a combined digest message (later)... More service functionality could be added over time... one I could think of is automatic cleanup of quarantine folders (after a specified period). What do you think? Have fun, René -- René Reucher ren...@ba... http://www.batcom-it.net/ "Houston, Tranquillity Base here. The Eagle has landed." -- Neil Armstrong |
|
From: R. R. <ren...@ba...> - 2010-10-26 14:08:46
|
On Tuesday 26 October 2010 03:55:47 pm Sebastien Caty wrote: > > Thinking twice... what probably would be much cleaner and less prone to > > trouble is a digest message to an administrator's e-mail address > > (optional, of > > course). > > That could be nice, quick digest with time, file and username. Would > help to make sure a virus doesn't go quietly in quarantine and where > it came from. Agreed! I've put that on the TODO list for now... it's not highest on my "priority list", and I want to get 0.1.1 out soon (now that it's apparently stabilizing). There must be room for enhancements :)... I already collected a few ideas: http://svs.svn.sourceforge.net/viewvc/svs/trunk/TODO Have fun, René -- René Reucher ren...@ba... http://www.batcom-it.net/ |
|
From: Sebastien C. <sc...@dc...> - 2010-10-26 13:55:55
|
> You already get a permission denied (access denied / EACCESS)! Oh nevermind then, it's just windows being itself. >> I could perhaps use "net send" (smbclient -M <netbios-name> ...) to send a >> message to the computer that has transferred a virus infected file, but it >> would require the WinPopup service on Windows clients and something similar >> on Linux / UNIX clients (LinPopup for example). >> >> Would that meet your request? Nah, too much trouble for what it's worth. > Thinking twice... what probably would be much cleaner and less prone to > trouble is a digest message to an administrator's e-mail address > (optional, of > course). That could be nice, quick digest with time, file and username. Would help to make sure a virus doesn't go quietly in quarantine and where it came from. |
2 messages has been excluded from this view by a project administrator.