bdc BitDefender Console - problems, problems

Adi Pircalabu apircalabu at bitdefender.com
Wed Mar 22 09:10:40 UTC 2006 

On Wed, 22 Mar 2006 10:31:46 +0200
Ion-Mihai Tetcu <itetcu at people.tecnik93.com> wrote:

> 
>  [ cc'ing port maintainer, which is always a good idea ]

Definetely a good idea, thanks Ionut :)

> 
> > On Tue, 21 Mar 2006 23:30:21 -0800
> Chris <bsd at 1command.com> wrote:
> 
> > Hello,
> > I built & installed bdc-7.0.1_1 from the ports on a 5.4 system.

Good, thanks for using it :)

> 
> > I have a couple of problems:
> > After the build/ install I logged out/ logged in and performed
> > bdc --update. As instructed by the banner displayed upon successful
> > installation. After updating bdc. I performed bdc --info which
> > returned:
> > 
> > Error: core initialization failed: Libfn initialization failed
> > 
> > Googling for this error returned a solution that someone on the
> > freebsd-questions list provided back in June of 2005. Further
> > indicationg that "work was underway to release a libfn.so file,
> > which will be available in a future update." This was almost a year
> > ago. I hate to sound like I'm whining, or ungreatful (which I'm
> > not). But isn't this a long time to wait for something that is
> > related to system security? Anyway, the cure is to build/ install
> > misc/comapt4x. Which I did. 

It is a long time, indeed, and I shall commit a fix for this, but it is
not critical at all. The product works using misc/compat4x

> 
> Interesting. Adi, maybe the port should depend on compat4x until the
> problem is fixed ?

Might be an idea, but I'll go for the right path and commit the real
fix.

> > One last problem; about bdc itself. I ran it against all the
> > mailboxes after making it happy about the libfn problem. I used the
> > following:
> > 
> > bdc --arc --files --log --debug --mail --disinfect --move /var/mail
> > 
> > which returned:
> > 
> > BDC/FreeBSD 5.x-Console (v7.0-2545) (i386) (Dec 22 2004 19:56:57)
> > Copyright (C) 1996-2004 SOFTWIN SRL. All rights reserved.
> > 
> > /var/mail/infos=>(message 37)=>[S ...  (CET)]=>(MIME
> > part)=>q361598.exe infected: Win32.Swen.A at mm <- cevakrnl.xmd
> > /var/mail/infos=>(message 37)=>[Subject: ... 6 +0100 (CET)]=>(MIME 
> > part)=>q361598.exe  move failed <- cevakrnl.xmd
> > 
> > It doesn't appear that all that work to get bdc installed and
> > working was worth the time and trouble after all. Isn't it capable
> > of disinfection yet?

bdc can not disinfect or move infected objects from mbox files (not
eml files kept in maildir format). The real "issue" is not the
disinfection / deletion or the virus, but the repacking of mbox. At
this time bdc does not support this feature. The action of rebuilding a
mbox after modifying it is extremely tricky. I've seen lots of
mailboxes corrupted by a faulty repack, that I'm really glad
BitDefender does not have this feature :)

> 
> My policy has always been that infected mail should be deleted :)

Mine too, but people usually try to use as many features as possible

> 
> > It *does* know what it is; as indicated with the following:
> > 
> > bdc --arc --files --log --debug --mail --disinfect /var/mail
> > BDC/FreeBSD 5.x-Console (v7.0-2545) (i386) (Dec 22 2004 19:56:57)
> > Copyright (C) 1996-2004 SOFTWIN SRL. All rights reserved.
> > 
> > /var/mail/infos=>(message 37)=>[S ...  (CET)]=>(MIME
> > part)=>q361598.exe infected: Win32.Swen.A at mm <- cevakrnl.xmd
> > /var/mail/infos=>(message 37)=>[Subject: M ... :16 +0100
> > (CET)]=>(MIME part)=>q361598.exe  deleted <- cevakrnl.xmd
> > /var/mail/infos=>(message 37)=>[Subject: Mic ...  Feb 2006 21:29:16 
> > +0100 (CET)]=>(MIME part)  updated <- mime.xmd
> > /var/mail/infos=>(message 37)  updated <- mbox.xmd
> > /var/mail/infos  update failed

This is exactly what I wrote above. It can take actions upon an infected
object, but does NOT update the mbox file itself.
On the other hand, what are the real benefits of disinfecting a
mailbox? The virus in this case is MIME-encapsulated. You can get
infected only if you import that mailbox and execute the infected file.
And, if this happens one way or another, the user really knows what
he's doing, or is dumb enough to use a computer at all :)

> > 
> > So it *knows* what it is. But doesn't appear to be a mature enough
> > ant-virus application to actually disinfect or protect a system yet.
> > Is that true?

No, it's not true. But I work for BitDefender and my opinions can be
easily seen as biased. You can check for yourself the various comparions
charts regarding features, detection rates, updates of virus detection
routines and signatures, and the such.

> 
> Might be true for disinfection for some viruses, but not for all. As
> to protection, I believe it does it job adequately: it detects the
> viruses and the signatures are updated very quick.
> 
> 

-- 
Adi Pircalabu (PGP Key ID 0x04329F5E)


-- 
This message was scanned for spam and viruses by BitDefender.
For more information please visit http://www.bitdefender.com/

More information about the freebsd-ports mailing list