bdc BitDefender Console - problems, problems

Chris bsd at 1command.com
Wed Mar 22 10:41:21 UTC 2006 

Quoting Adi Pircalabu <apircalabu at bitdefender.com>:

> On Wed, 22 Mar 2006 10:31:46 +0200
> Ion-Mihai Tetcu <itetcu at people.tecnik93.com> wrote:
>
>>
>>  [ cc'ing port maintainer, which is always a good idea ]
>
> Definetely a good idea, thanks Ionut :)

Thanks for replying. :)

>
>>
>> > On Tue, 21 Mar 2006 23:30:21 -0800
>> Chris <bsd at 1command.com> wrote:
>>
>> > Hello,
>> > I built & installed bdc-7.0.1_1 from the ports on a 5.4 system.
>
> Good, thanks for using it :)
>
>>
>> > I have a couple of problems:
>> > After the build/ install I logged out/ logged in and performed
>> > bdc --update. As instructed by the banner displayed upon successful
>> > installation. After updating bdc. I performed bdc --info which
>> > returned:
>> >
>> > Error: core initialization failed: Libfn initialization failed
>> >
>> > Googling for this error returned a solution that someone on the
>> > freebsd-questions list provided back in June of 2005. Further
>> > indicationg that "work was underway to release a libfn.so file,
>> > which will be available in a future update." This was almost a year
>> > ago. I hate to sound like I'm whining, or ungreatful (which I'm
>> > not). But isn't this a long time to wait for something that is
>> > related to system security? Anyway, the cure is to build/ install
>> > misc/comapt4x. Which I did.
>
> It is a long time, indeed, and I shall commit a fix for this, but it is
> not critical at all. The product works using misc/compat4x

Understood. But took a search on Google to discover it. ;)

>
>>
>> Interesting. Adi, maybe the port should depend on compat4x until the
>> problem is fixed ?
>
> Might be an idea, but I'll go for the right path and commit the real
> fix.

Excellent to hear.

>
>> > One last problem; about bdc itself. I ran it against all the
>> > mailboxes after making it happy about the libfn problem. I used the
>> > following:
>> >
>> > bdc --arc --files --log --debug --mail --disinfect --move /var/mail
>> >
>> > which returned:
>> >
>> > BDC/FreeBSD 5.x-Console (v7.0-2545) (i386) (Dec 22 2004 19:56:57)
>> > Copyright (C) 1996-2004 SOFTWIN SRL. All rights reserved.
>> >
>> > /var/mail/infos=>(message 37)=>[S ...  (CET)]=>(MIME
>> > part)=>q361598.exe infected: Win32.Swen.A at mm <- cevakrnl.xmd
>> > /var/mail/infos=>(message 37)=>[Subject: ... 6 +0100 (CET)]=>(MIME
>> > part)=>q361598.exe  move failed <- cevakrnl.xmd
>> >
>> > It doesn't appear that all that work to get bdc installed and
>> > working was worth the time and trouble after all. Isn't it capable
>> > of disinfection yet?
>
> bdc can not disinfect or move infected objects from mbox files (not
> eml files kept in maildir format). The real "issue" is not the
> disinfection / deletion or the virus, but the repacking of mbox. At
> this time bdc does not support this feature. The action of rebuilding a
> mbox after modifying it is extremely tricky. I've seen lots of
> mailboxes corrupted by a faulty repack, that I'm really glad
> BitDefender does not have this feature :)

Good to know. Thank you for not corrupting my mailboxes. :)
Is there a better application of BDC in this regard?

>
>>
>> My policy has always been that infected mail should be deleted :)
>
> Mine too, but people usually try to use as many features as possible

My policy also. But had understood from the doc's that the --mail
switch would (could?) handle this situation.

>
>>
>> > It *does* know what it is; as indicated with the following:
>> >
>> > bdc --arc --files --log --debug --mail --disinfect /var/mail
>> > BDC/FreeBSD 5.x-Console (v7.0-2545) (i386) (Dec 22 2004 19:56:57)
>> > Copyright (C) 1996-2004 SOFTWIN SRL. All rights reserved.
>> >
>> > /var/mail/infos=>(message 37)=>[S ...  (CET)]=>(MIME
>> > part)=>q361598.exe infected: Win32.Swen.A at mm <- cevakrnl.xmd
>> > /var/mail/infos=>(message 37)=>[Subject: M ... :16 +0100
>> > (CET)]=>(MIME part)=>q361598.exe  deleted <- cevakrnl.xmd
>> > /var/mail/infos=>(message 37)=>[Subject: Mic ...  Feb 2006 21:29:16
>> > +0100 (CET)]=>(MIME part)  updated <- mime.xmd
>> > /var/mail/infos=>(message 37)  updated <- mbox.xmd
>> > /var/mail/infos  update failed
>
> This is exactly what I wrote above. It can take actions upon an infected
> object, but does NOT update the mbox file itself.
> On the other hand, what are the real benefits of disinfecting a
> mailbox? The virus in this case is MIME-encapsulated. You can get
> infected only if you import that mailbox and execute the infected file.
> And, if this happens one way or another, the user really knows what
> he's doing, or is dumb enough to use a computer at all :)

Sure. I understand. But I had hoped that it could (would) be removed
from the mbox. That is to say; that it would remove the message as
required. I simply wasn't aware that it couldn't (safely) re-construct
the mbox afterwards.

>
>> >
>> > So it *knows* what it is. But doesn't appear to be a mature enough
>> > ant-virus application to actually disinfect or protect a system yet.
>> > Is that true?
>
> No, it's not true. But I work for BitDefender and my opinions can be
> easily seen as biased. You can check for yourself the various comparions
> charts regarding features, detection rates, updates of virus detection
> routines and signatures, and the such.

OH! I *completely* believe you. I have a *purchased* copy for (win)NT
server. Which I am *very* impressed with. This is why I chose it for
all the BSD boxes. As I *depend* on these boxes. As windows is a virus
magnet. Antivirus protection is *not* an option. But in the case of
the FreeBSD version; it didn't *appear* to be as effective. That is why
I made the comment.

>
>>
>> Might be true for disinfection for some viruses, but not for all. As
>> to protection, I believe it does it job adequately: it detects the
>> viruses and the signatures are updated very quick.
>>
>>
>
> --
> Adi Pircalabu (PGP Key ID 0x04329F5E)
>
>
> --
> This message was scanned for spam and viruses by BitDefender.
> For more information please visit http://www.bitdefender.com/
>
>

Thank you for all your time and consideration in this matter.

--Chris



-- 
Microsoft:
Disc space -- the final frontier!

-----------------------------------------------------------------
FreeBSD 5.4-RELEASE-p12 (SMP - 900x2) Tue Mar 7 19:37:23 PST 2006
/////////////////////////////////////////////////////////////////

More information about the freebsd-ports mailing list