Discussion:
OS/2 virusscanner
(too old to reply)
A.D. Fundum
2012-01-23 19:37:46 UTC
Permalink
Has an OS/2 virusscanner any use in an eCS-only environment (without a
FAT32.IFS)? DOS- and Win 3.x-software is over 10-20 years old, and I
couldn't care less if an WinXP-partition is attacked by some virus.


--
Barry Landy
2012-01-23 20:52:47 UTC
Permalink
On Mon, 23 Jan 2012, A.D. Fundum wrote:

:>Has an OS/2 virusscanner any use in an eCS-only environment (without a
:>FAT32.IFS)? DOS- and Win 3.x-software is over 10-20 years old, and I
:>couldn't care less if an WinXP-partition is attacked by some virus.

you shouldcare if a WinXP partition is attacked. itcould betrojan
horsed and your machine usedto generate a DoS attack somewhere for which
you are blamed (for example)

When Norman was actively making OS2 updats I ran it for years and
nothing was ever trapped.
--
Barry Landy Email: Remove nospam in from address
192, Gilbert Road, Cambridge CB4 3PB
Doug Bissett
2012-01-24 05:51:13 UTC
Permalink
Post by Barry Landy
When Norman was actively making OS2 updats I ran it for years and
nothing was ever trapped.
I also ran NORMAN, until it became unusable. I did trap many virus
infested e-mails (almost all SPAM of one sort, or another). See my
other post about viruses and OS/2.
--
From the eComStation of Doug Bissett
dougb007 at telus dot net
(Please make the obvious changes, to e-mail me)
Barry Landy
2012-01-24 07:08:20 UTC
Permalink
On Tue, 24 Jan 2012, Doug Bissett wrote:

:>On Mon, 23 Jan 2012 20:52:47 UTC, Barry Landy <***@cam.ac.uk>
:>wrote:
:>
:>> When Norman was actively making OS2 updats I ran it for years and
:>> nothing was ever trapped.
:>
:>I also ran NORMAN, until it became unusable. I did trap many virus
:>infested e-mails (almost all SPAM of one sort, or another). See my
:>other post about viruses and OS/2.
:>
:>

Luckily my ISP traps virus infested emails and a lot of Spam. Spam I can
deal with anyway.
--
Barry Landy Email: Remove nospam in from address
192, Gilbert Road, Cambridge CB4 3PB
Doug Bissett
2012-01-24 18:20:23 UTC
Permalink
Post by Barry Landy
:>
:>> When Norman was actively making OS2 updats I ran it for years and
:>> nothing was ever trapped.
:>
:>I also ran NORMAN, until it became unusable. I did trap many virus
:>infested e-mails (almost all SPAM of one sort, or another). See my
:>other post about viruses and OS/2.
:>
:>
Luckily my ISP traps virus infested emails and a lot of Spam. Spam I can
deal with anyway.
My ISP has that option too. I don't use it because they sometimes
eliminate good mail, along with the bad. I use PMMail with the message
classifier option (BogoFilter) to sort it out. That works a lot better
than whatever my ISP uses. For a long time, I also had PMMail run
messages through ClamAV, but that has been impossible since ClamAV was
updated to install using RPM/YUM (not that RPM/YUM is causing the
problem, ClamAV just doesn't run that way any more).
--
From the eComStation of Doug Bissett
dougb007 at telus dot net
(Please make the obvious changes, to e-mail me)
Remy
2012-01-24 21:37:55 UTC
Permalink
Post by Doug Bissett
Post by Barry Landy
:>
:>> When Norman was actively making OS2 updats I ran it for years and
:>> nothing was ever trapped.
:>
:>I also ran NORMAN, until it became unusable. I did trap many virus
:>infested e-mails (almost all SPAM of one sort, or another). See my
:>other post about viruses and OS/2.
:>
:>
Luckily my ISP traps virus infested emails and a lot of Spam. Spam I can
deal with anyway.
My ISP has that option too. I don't use it because they sometimes
eliminate good mail, along with the bad. I use PMMail with the message
classifier option (BogoFilter) to sort it out. That works a lot better
than whatever my ISP uses. For a long time, I also had PMMail run
messages through ClamAV, but that has been impossible since ClamAV was
updated to install using RPM/YUM (not that RPM/YUM is causing the
problem, ClamAV just doesn't run that way any more).
--
From the eComStation of Doug Bissett
dougb007 at telus dot net
(Please make the obvious changes, to e-mail me)
ClamAVGUI can be used with ClamAV installed (older mode as WPI or
through RPM/YUM using the rpm/yum check box)
I updated it to v231 and included ubuntu thunderbird add-on to allow
interface with clamd on a specific ip port. I change supported
thunderbird version into the working add-on and the scan is ok for
under TB V3.1.10 or V9 (may be the timeout value should be adjusted a
litle under V9 "near 30s instead of 20s"
cheers/2
Remy
A.D. Fundum
2012-01-24 23:48:12 UTC
Permalink
your machine used to generate a DoS attack somewhere for
which you are blamed (for example)
I'ld often notice that. Lord knows wtf WinXP's frequent excessive line
activities are, but OS/2 has no such "background services" (if I'm
trying to use it, a lot of net stop wuauerv and net stop bits are
required to prevent its fatal "Generic Host Process"-errors).
When Norman was actively making OS2 updats I ran it for years
and nothing was ever trapped.
Same here (McAfee), the OS/2-version of their Windows' virus scanner
in use at the office. Only fake ones were detected, but that was
8086-software. Hence the original question. But for one Firefox (and
its tools, Dave isn't a suspect (yet ;-)) is a possible leak indeed.

I assume it'll do to run an old virus scanner occasionally, in order
to detect an old DOS virus. Occasionally, because it'll be over 10
years old. But a newer one can still be required for e.g. Firefox or
other Windows-based software (perhaps a new Java, Acrobat Reader,
..).


--
Doug Bissett
2012-01-24 05:51:11 UTC
Permalink
Post by A.D. Fundum
Has an OS/2 virusscanner any use in an eCS-only environment (without a
FAT32.IFS)? DOS- and Win 3.x-software is over 10-20 years old, and I
couldn't care less if an WinXP-partition is attacked by some virus.
Absolutely. Even if some malware can't do whatever it was designed to
do, it may still do damage, and you may never know if you pass on
something bad to some poor unsuspecting windows user, until (s)he
tracks you down, ready to kill you for sending them a virus. Then,
consider what may happen if a virus (I use "virus" to mean all of the
forms) attempts to execute on your OS/2 system. Something is likely to
crash. If you are lucky, it will just be the program that is being
attacked that will crash (Firefox, for instance, which is also subject
to virus attacks, even if it is running in OS/2). If you are very
unlucky, something in the file system will crash, leaving you with a
corrupted file system.

Anybody who thinks that a plain OS/2 system cannot be affected by a
virus, is dreaming in technicolor. Unfortunately, it seems that the
only virus protection left to us, is ClamAV, which has been pretty
well unusable since some fool decided that it should be installed
using RPM/YUM. It is unusable even if you do install it using that
terrible piece of bloatware. ClamAVGUI comes as close as anything else
to making it work, but that also has trouble with the latest versions
of ClamAV for OS/2 (which are out of date, but not useless, if they
will run).

Just my $.02
--
From the eComStation of Doug Bissett
dougb007 at telus dot net
(Please make the obvious changes, to e-mail me)
Dave Yeo
2012-01-24 06:09:41 UTC
Permalink
Post by Doug Bissett
Anybody who thinks that a plain OS/2 system cannot be affected by a
virus, is dreaming in technicolor.
I did get infected with a boot virus way back (came on a store bought
floppy). It ran in every DOS session and it was actually winos2 that
complained about it. Can't remember the name but it was a virus that on
a certain day would wipe your BIOS. Whether it would actually do that
under OS/2 I don't know as I replaced the MBR as soon as I found it.
Dave
Paul Ratcliffe
2012-01-28 22:29:53 UTC
Permalink
Post by Dave Yeo
I did get infected with a boot virus way back (came on a store bought
floppy). It ran in every DOS session and it was actually winos2 that
complained about it.
Seems unlikely. DOS sessions don't boot. Boot sector viruses aren't
really going to affect OS/2 once it's switched from real to protected
mode.
Post by Dave Yeo
Can't remember the name but it was a virus that on
a certain day would wipe your BIOS. Whether it would actually do that
under OS/2 I don't know as I replaced the MBR as soon as I found it.
Virtualisation would stop it.
Dave Yeo
2012-01-29 01:28:51 UTC
Permalink
Post by Paul Ratcliffe
Post by Dave Yeo
I did get infected with a boot virus way back (came on a store bought
floppy). It ran in every DOS session and it was actually winos2 that
complained about it.
Seems unlikely. DOS sessions don't boot. Boot sector viruses aren't
really going to affect OS/2 once it's switched from real to protected
mode.
That's what I thought yet Winos2 did complain about it and running a
virus scanner under a DOS session did detect it.
This would have been early Warp 3 when I bought my first CDRom (4X for
$150) and out of ignorance also an IDE card for it. The IDE card was
broken and the virus was on the device driver disk for the IDE card. I
rebooted a few times trying to get it to work under DOS without removing
the floppy.
Dave
Remy
2012-02-01 01:23:41 UTC
Permalink
Post by Dave Yeo
Post by Paul Ratcliffe
 I did get infected with a boot virus way back (came on a store bought
 floppy). It ran in every DOS session and it was actually winos2 that
 complained about it.
Seems unlikely. DOS sessions don't boot. Boot sector viruses aren't
really going to affect OS/2 once it's switched from real to protected
mode.
That's what I thought yet Winos2 did complain about it and running a
virus scanner under a DOS session did detect it.
This would have been early Warp 3 when I bought my first CDRom (4X for
$150) and out of ignorance also an IDE card for it. The IDE card was
broken and the virus was on the device driver disk for the IDE card. I
rebooted a few times trying to get it to work under DOS without removing
the floppy.
Dave
Hi,
I updated ClamAVGUI to V2.4.0 (included is the xpi thunderbird clamav
addon)
And added a clamav 0.97.3 (thanks Allan) into WPI package

Both works on my system

on my web site.
Cheers/2
Mike Luther
2012-02-02 22:41:11 UTC
Permalink
Hi Remy
Post by Remy
Hi,
I updated ClamAVGUI to V2.4.0 (included is the xpi thunderbird clamav
addon)
And added a clamav 0.97.3 (thanks Allan) into WPI package
Both works on my system
on my web site.
Cheers/2
Thanks again for your work! I've tested your clamav 0.97.3 on my test MCP2
system that I've been working with Allan on to get going so that we can get a
clean simple .WPI install that can be separated from the RPM-YUM complexity
for many older OS/2 boxes that need the help.

Your clamav 0.97.3 .WPI release works fine but there is one issue that is
still with it for install purposes as I have found out. Your .WPI install
still will not proceed without the addition of something like I was forced to
use all this time, which I cannot have on the 'normal' pile of older boxes
Post by Remy
SET UNIXROOT=C:\CLAMAV
or whatever you normally would do for the RPM-YUM process. Yes, then your
clamav 0.97.3 .WPI *WILL* complete an install for this CLAMAV for OS/2 that
does *NOT* need that SET UNIXROOT path in CONFIG.SYS here.

After the install if I get rid of the UNIXROOT set line in CONFIG.SYS the
entire .WPI still works fine as far as I can see.

But I can't complete the .WPI install without adding the line in that window
for some kind of UNIXROOT answer.

Done the way I 'had' to do this, after the .WPI install is done here for what
would have been done above, that would completely contaminate a box that
needed other .WPI help in the future for other things, like Allan has helped
bypass for us, I'd guess we sure would not want a UNIXROOT directory of, say
C:\CLAMAV, right?

Is there some way to make a change in your help with the .WPI that would let a
user 'opt out' of this issue for a fixed operation that was created by help
from Allan or Paul or whomever, from the really helpful work of Yuri and his
crew?

I hope this will help us all here for my wordy answer. Thank you for your time!
--
--> Sleep well; OS2's still awake! ;)

Mike Luther
Dave Yeo
2012-02-01 23:57:50 UTC
Permalink
Post by Dave Yeo
Post by Paul Ratcliffe
Post by Dave Yeo
I did get infected with a boot virus way back (came on a store bought
floppy). It ran in every DOS session and it was actually winos2 that
complained about it.
Seems unlikely. DOS sessions don't boot. Boot sector viruses aren't
really going to affect OS/2 once it's switched from real to protected
mode.
That's what I thought yet Winos2 did complain about it and running a
virus scanner under a DOS session did detect it
Thinking a bit more about it, I probably misinterpreted it back then,
the virus wasn't actually running but was detectable and Winos2 must
check the boot sector for some reason
Dave
Mike Luther
2012-01-24 15:14:50 UTC
Permalink
Aha! Good info!
Post by Doug Bissett
Anybody who thinks that a plain OS/2 system cannot be affected by a
virus, is dreaming in technicolor. Unfortunately, it seems that the
only virus protection left to us, is ClamAV, which has been pretty
well unusable since some fool decided that it should be installed
using RPM/YUM. It is unusable even if you do install it using that
terrible piece of bloatware. ClamAVGUI comes as close as anything else
to making it work, but that also has trouble with the latest versions
of ClamAV for OS/2 (which are out of date, but not useless, if they
will run).
Just my $.02
You folks should know that even the every day current PANDA product still
works just fine for OS/2, but it is NOT usable as a direct connect IP
interface that can, as it is designed to do, check everything about every site
you are to visit in real time. It works just fine on initial memory start up,
BIOS and op-system initial check work if that's what you want for each scan.
Then handles all files and can very accurately check hard drives, floppy
drives and so on as you need. That with notice or auto-option what to do with
virus infected files that can be placed in quarantine. At least for all my
MCP2 latest everything OS/2 systems.

The USA focused crew cannot 'normally' help you with their OS/2 install for
the OS/2 Object for your use. I was eventually pointed toward the following
Post by Doug Bissett
10-15-08 9:29p 2226414 58 pavos2.rar
This package has in it a password and encrypted REXX file in OS/2 that is used
to check for updates from the PANDA site. Eventually you will get a
negotiated password to use to fit into this REXX .CMD file that gets you the
updates. But here is the not so nice part of the whole deal.

The only way to use this product that still works very well on OS/2, is to
download the ENTIRE virus encrypted .ZIP file every time you knock on the
PANDA door for update work. The current file is 1-23-12 12:21p 27891484
bytes in size. That means the only practical way to use this product is to
have a high speed IP connection for update work.

My VERY important tech support work with the USA crew for PANDA handles this
very well as just another 'computer' as part of the 'normal' PANDA
subscription service for renewal purposes. I use the 'three' computer
subscription for the PANDA product, in that I actually have one dedicated
WIN-XP computer (Which I could upgrade), strictly for MAJIC JACK long distance
telephone support and it is absolutely interfaced through PANDA for all
connections to my SUDDENLINK support for IP service. And by the way,
SUDDENLINK has been VERY good about complete cleaning and no bad message
support for my email connections, too. My support service for PANDA as a very
decent cost subscription for this, which includes the OS/2 support as part of
the 'normal' subscription, is all the way forward to into 2013 as best I
recall without looking it up for this reply.

But it is *NOT* free and I very much respect that.

The several years back interface with all this and the PANDA tech support was
based very much on the fact that it was *NOT* demanded that the complete total
IP 'firewall' interface for OS/2 was not being requested, but what I describe
above. What us OS/2 folk who do know about OS/2 and what goes on in the real
world is known to PANDA. OS/2 is still a *VERY* important operating system
that is heavily used for mission critical professional work, such as water
supply and other mineral production operations from our homeland, the Earth.
As well as massively still used railroad systems operations for trains,
together with mission critical security oriented professional operations. No,
I don't work for PANDA, but when they found out I was really interested in
going forward with what they still were focused on for OS/2, I had no trouble
on dealing with this issue with them.

We have done fine together with this all this time. Again, I caution you that
if you go down this path, it is NOT a simple pop the button and let them do
all the work for you on a cloud focused operation like they use for Windows.
But they are a treasure of an organization as far as I am concerned. And we
just quietly go forward without muddling with this or that.

Perfectly well in the fashion I describe for OS/2, professionally.

In passing here, anyone who thinks that OS/2 cannot be whopped by bad boys is
absolutely wrong, especially if Windows 32 fudge interface stuff is going to
be used on the system. As well as DOS operations, and, believe it or not,
anywhere you use NETBIOS over TCP/IP, or even some very interesting ways that
even a TCP/IP pulse can even be used to put a man in the middle of even
keyboard or other ports for Intel chip motherboard BIOS op mods. Which I
actually have seen hit one site I work with!


---


--> Sleep well; OS2's still awake! ;)

Mike Luther
Mat Nieuwenhoven
2012-02-21 18:57:47 UTC
Permalink
:>
:>You folks should know that even the every day current PANDA product still
:>works just fine for OS/2, but it is NOT usable as a direct connect IP
:>interface that can, as it is designed to do, check everything about every site
:>you are to visit in real time. It works just fine on initial memory start up,
:>BIOS and op-system initial check work if that's what you want for each scan.
:>Then handles all files and can very accurately check hard drives, floppy
:>drives and so on as you need. That with notice or auto-option what to do with
:>virus infected files that can be placed in quarantine. At least for all my
:>MCP2 latest everything OS/2 systems.

Hi Mike,

I've been looking over the Panda site, but don't see any OS/2 references.
Which product are you using?

Mat Nieuwenhoven
Mike Luther
2012-02-22 02:18:32 UTC
Permalink
Hi Mat
Post by Mat Nieuwenhoven
Hi Mike,
I've been looking over the Panda site, but don't see any OS/2 references.
Which product are you using?
Mat Nieuwenhoven
I had an older one from the USA stuff back in 2008 when I started back to
this. However it did not work correctly. At this answer site I don't have
the personal reference to the European gentleman who fired me back what was
Post by Mat Nieuwenhoven
10-15-08 9:29p 2226414 58 pavos2.rar
This RAR package is installed in a \PAVOS2 directory - all one directory. I
made that directory, copied that RAR into it, then undid it. The more or less
daily update(s) are download by a REXX CMD file which has your assigned ID and
password into it. When called, if there is a correct date orchestrated
signature file for download, the way I've done this is to handle it into a
separate 'standard' name .ZIP file, then let it 'update' the complete virus
signature file as normally named for normal use with the product.

The complete signature file is a whale of a lot bigger than the .ZIP update.
Post by Mat Nieuwenhoven
2-20-12 12:06a 107967755
2-20-12 9:50a 28354453
After install, one can orchestrate, by hand, whatever REXX or straight .CMD
files you might want to check this or that, or to update and so on. The OS/2
Desktop Object for the application that still works has a 'normal' complete
logic choice selection as to what to do for a given 'check me', what to do
reference to packed files and so on. That plus what to do with files that are
to be 'repaired' as well as otherwise moved into quarantine and so on.

The only thing I have had any issues with even by now, still with this, is
that there have been a couple HUGE java library files which have cause a few
lockups for memory corruption issues with the product. I contacted the tech
support people at Panda with personal Email, explained why i still needed
their help, as well as promised that if things didn't work out I'd not chew on
them. They cooperated. As well, I have one Windows XP box, as noted, that I
use solely for research purposes, that has the entire Panda product for
Windows on it. I have had completely good experience with that, all part of
the same 'agreement' that I'm one of their normal customers until now well
into the 2013 year time line.

Will everything continue to work into 2013? Who knows? If you are sincerely
interested in trying to put forward an interface with them, I'd be glad to
Email the party that has helped me to ask what the thought would be to more
sincerely interested folks from here. If the answer is favorable, for a
suggested name or ID, I'd be glad to post the contact information here if
Panda wants it done. They have been very good to me.
--
--> Sleep well; OS2's still awake! ;)

Mike Luther
ivan
2012-01-24 17:50:39 UTC
Permalink
On Tue, 24 Jan 2012 05:51:11 UTC, Doug Bissett
Post by Doug Bissett
Post by A.D. Fundum
Has an OS/2 virusscanner any use in an eCS-only environment (without a
FAT32.IFS)? DOS- and Win 3.x-software is over 10-20 years old, and I
couldn't care less if an WinXP-partition is attacked by some virus.
Absolutely. Even if some malware can't do whatever it was designed to
do, it may still do damage, and you may never know if you pass on
something bad to some poor unsuspecting windows user, until (s)he
tracks you down, ready to kill you for sending them a virus. Then,
consider what may happen if a virus (I use "virus" to mean all of the
forms) attempts to execute on your OS/2 system. Something is likely to
crash. If you are lucky, it will just be the program that is being
attacked that will crash (Firefox, for instance, which is also subject
to virus attacks, even if it is running in OS/2). If you are very
unlucky, something in the file system will crash, leaving you with a
corrupted file system.
Anybody who thinks that a plain OS/2 system cannot be affected by a
virus, is dreaming in technicolor. Unfortunately, it seems that the
only virus protection left to us, is ClamAV, which has been pretty
well unusable since some fool decided that it should be installed
using RPM/YUM. It is unusable even if you do install it using that
terrible piece of bloatware. ClamAVGUI comes as close as anything else
to making it work, but that also has trouble with the latest versions
of ClamAV for OS/2 (which are out of date, but not useless, if they
will run).
Just my $.02
Doug,

Remy has got ClamAV working with his ClamAVGUI and he has posted some
information in the ClamAV OS/2 thread.

ivan
--
A.D. Fundum
2012-01-24 23:23:38 UTC
Permalink
Post by Doug Bissett
Post by A.D. Fundum
Has an OS/2 virusscanner any use in an eCS-only environment
(without
Post by Doug Bissett
Post by A.D. Fundum
a FAT32.IFS)?
Absolutely. Even if some malware can't do whatever it was designed
to do, it may still do damage
But isn't the malware as old as DOS-apps, which I could scan just once
with e.g. an old (Y2K'ish) McAfee OS/2 virus scanner?
Post by Doug Bissett
you may never know if you pass on something bad to some poor
unsuspecting windows user
if (!) I'm using Windows, I hope its virus scanner detects it. I tend
to not attach "your" Windows-devices to my machines at all, ever, and
I'm not going to protect unsuspecting Windows users.
Post by Doug Bissett
(Firefox, for instance, which is also subject to virus attacks,
even if
Post by Doug Bissett
it is running in OS/2).
Okay, that's a possible leak.
Post by Doug Bissett
If you are very unlucky, something in the file system will crash,
leaving you with a corrupted file system.
That's just an example? If a noted corrupted file system is as bad as
a harddisk crash, I'ld be up and running within a few minutes (or a
few hours, if it has to be the same system).

Anyway, I won't delete all virus-related software because of your
Firefox-example.


--
Doug Bissett
2012-01-25 00:32:07 UTC
Permalink
Post by A.D. Fundum
Post by Doug Bissett
Post by A.D. Fundum
Has an OS/2 virusscanner any use in an eCS-only environment
(without
Post by Doug Bissett
Post by A.D. Fundum
a FAT32.IFS)?
Absolutely. Even if some malware can't do whatever it was designed
to do, it may still do damage
But isn't the malware as old as DOS-apps, which I could scan just once
with e.g. an old (Y2K'ish) McAfee OS/2 virus scanner?
That will miss a lot of the new malware because the scanner software
wouldn't be smart enough to look for it.
Post by A.D. Fundum
Post by Doug Bissett
you may never know if you pass on something bad to some poor
unsuspecting windows user
if (!) I'm using Windows, I hope its virus scanner detects it. I tend
to not attach "your" Windows-devices to my machines at all, ever, and
I'm not going to protect unsuspecting Windows users.
Not nice :-) They already have enough trouble without you adding to
it.
Post by A.D. Fundum
Post by Doug Bissett
(Firefox, for instance, which is also subject to virus attacks,
even if
Post by Doug Bissett
it is running in OS/2).
Okay, that's a possible leak.
Post by Doug Bissett
If you are very unlucky, something in the file system will crash,
leaving you with a corrupted file system.
That's just an example? If a noted corrupted file system is as bad as
a harddisk crash, I'ld be up and running within a few minutes (or a
few hours, if it has to be the same system).
Still not fun. Then, you would need to try to figure out what caused
the crash, so it won't happen again. That will probably result in more
crashes, which may, or may not, do damage.
Post by A.D. Fundum
Anyway, I won't delete all virus-related software because of your
Firefox-example.
I very much prefer to have some sort of AV software available. ClamAV
was usable for scanning, but not for real time protection. The last
really good OS/2 virus scanner was the one from IBM, which was sold
to, and buried by, NORTON. In windows, I have had good service from
free AVAST! antivirus, but I don't do a lot with windows. I have
considered installing that in a Virtual PC, with a network link to my
real drives. I am not sure if that would work, or not. Unfortunately,
the SAMBA setup doesn't seem to be capable of handling more than a few
files, without crashing, so that may become an exercise in
frustration.

Today, most viruses work, hidden, in the background, just waiting for
you to enter your bank account information (or other IDs and
passwords). Then they send that off to somebody who might be
interested. You rarely even know that they are there, if you don't
have some sort of protection.

I need to try Remy's package again. It wasn't what I was looking for,
when I tried it last, but he has done some updates since then. Now, if
I only had a few 48 hour days...
--
From the eComStation of Doug Bissett
dougb007 at telus dot net
(Please make the obvious changes, to e-mail me)
Paul Ratcliffe
2012-01-28 22:26:41 UTC
Permalink
On Tue, 24 Jan 2012 05:51:11 +0000 (UTC), Doug Bissett
Post by Doug Bissett
consider what may happen if a virus (I use "virus" to mean all of the
forms) attempts to execute on your OS/2 system. Something is likely to
crash.
No it isn't. It just won't work.
Post by Doug Bissett
If you are very unlucky, something in the file system will crash,
leaving you with a corrupted file system.
What utter bullshit.
Post by Doug Bissett
Just my $.02
Worthless, as usual.
A.D. Fundum
2012-02-01 04:56:45 UTC
Permalink
Post by Paul Ratcliffe
Post by Doug Bissett
consider what may happen if a virus (I use "virus" to mean all of
the forms) attempts to execute on your OS/2 system. Something
is likely to crash.
It just won't work.
Implying that an OS/2 virus scanner is a "Windows virus scanner for
OS/2". If so, a time-waisting DOS, *.CMD or browser-plugin should be
detected by a "Windows virus scanner for Windows" anyway.

IOW, assuming I'm not using an OS/2 machine to distribute Windows
files or if don't care about an infected Windows partition, a virus
scanner for OS/2 probably has no use if a Windows virus scanner is in
use, at all in such a specific case.

BTW, I can image a Windows app messing up an OS/2 or boot partition.
But in this case that has to be detected by a "Windows virus scanner
for Windows".


--
Remy
2012-02-01 21:40:07 UTC
Permalink
 >> consider what may happen if a virus (I use "virus" to mean all of
 >> the forms) attempts to execute on your OS/2 system. Something
 >> is likely to crash.
 > It just won't work.
Implying that an OS/2 virus scanner is a "Windows virus scanner for
OS/2". If so, a time-waisting DOS, *.CMD or browser-plugin should be
detected by a "Windows virus scanner for Windows" anyway.
IOW, assuming I'm not using an OS/2 machine to distribute Windows
files or if don't care about an infected Windows partition, a virus
scanner for OS/2 probably has no use if a Windows virus scanner is in
use, at all in such a specific case.
BTW, I can image a Windows app messing up an OS/2 or boot partition.
But in this case that has to be detected by a "Windows virus scanner
for Windows".
--
What about javascript viruses ?
They fire under web browser and aren't windows specific !
I've got a fex of this kind of virus and i was happy to have a virus
scanner under os/2

Cheers/2
Dave Yeo
2012-02-01 23:54:24 UTC
Permalink
Post by Remy
Post by A.D. Fundum
Post by Paul Ratcliffe
Post by Doug Bissett
consider what may happen if a virus (I use "virus" to mean all of
the forms) attempts to execute on your OS/2 system. Something
is likely to crash.
It just won't work.
Implying that an OS/2 virus scanner is a "Windows virus scanner for
OS/2". If so, a time-waisting DOS, *.CMD or browser-plugin should be
detected by a "Windows virus scanner for Windows" anyway.
IOW, assuming I'm not using an OS/2 machine to distribute Windows
files or if don't care about an infected Windows partition, a virus
scanner for OS/2 probably has no use if a Windows virus scanner is in
use, at all in such a specific case.
BTW, I can image a Windows app messing up an OS/2 or boot partition.
But in this case that has to be detected by a "Windows virus scanner
for Windows".
--
What about javascript viruses ?
They fire under web browser and aren't windows specific !
I've got a fex of this kind of virus and i was happy to have a virus
scanner under os/2
This is probably our biggest danger now, especially for those running
old versions of Mozilla. While not actually viruses they may have the
capability of sniffing things like passwords and credit card numbers.
There was even one a few years back that tried to execute
c:\windows\cmd.exe. (I've heard somewhere that even on Windows one of
the best defenses is not to install on C:)
Dave
A.D. Fundum
2012-02-03 00:33:06 UTC
Permalink
Post by Dave Yeo
Post by Remy
What about javascript viruses ?
Reminding me of an idea to write a Rexx-interpreter/compiler with a
selectable level of security, i.e. allowed functions.
Post by Dave Yeo
This is probably our biggest danger now
What about generic FF plugins? Install those on a Windows-machine
first, so its up-to-date virus scanner detects it? Or are
mozilla.org-plugins always (likely to be) safe?
Post by Dave Yeo
While not actually viruses they may have the capability
of sniffing things like passwords and credit card numbers.
One of the worst IT-developments ever: longer passwords, valid for a
far shorter period of time. Of course your initial machine-generated
password is xfkj5fxv_fdfnklj. As if you'ld change it to
fsk33_hlfs984A43, instead of YourName_Feb2012, and remember the
fsk33_hlfs984A43. Nowadays it's safer to write passwords down and to
not hide those passwords in your home, instead of storing such
passwords.


--
Dave Yeo
2012-02-03 01:25:06 UTC
Permalink
Post by A.D. Fundum
What about generic FF plugins? Install those on a Windows-machine
first, so its up-to-date virus scanner detects it? Or are
mozilla.org-plugins always (likely to be) safe?
Once again, not really viruses but everyone uses virus as a generic term
for vulnerabilities. Flash, Acrobat and Java have some pretty big
vulnerabilities, whether they would exist under OS/2 I don't know. Flash
scripting for example doesn't work under OS/2. The usual advice is to
run the newest versions.
Actual viruses I don't think are much of an issue for us and even most
vulnerabilities are usually targeted at Windows.
Dave
Remy
2012-02-05 17:10:09 UTC
Permalink
Post by Dave Yeo
Post by A.D. Fundum
What about generic FF plugins? Install those on a Windows-machine
first, so its up-to-date virus scanner detects it? Or are
mozilla.org-plugins always (likely to be) safe?
Once again, not really viruses but everyone uses virus as a generic term
for vulnerabilities. Flash, Acrobat and Java have some pretty big
vulnerabilities, whether they would exist under OS/2 I don't know. Flash
scripting for example doesn't work under OS/2. The usual advice is to
run the newest versions.
Actual viruses I don't think are much of an issue for us and even most
vulnerabilities are usually targeted at Windows.
Dave
Hi Mike Luther

I left UNIXROOT= for backward compatibility.
I'll update my WPI to update readme with possibility to remove
UNIXROOT from config.sys

Under ClamAVGUI, I always check existing UNIXROOT for compatibility
between RPM/YUM build and WPI build
(it should work for any clamav build)
note: I just updated ClamAVGUI after found an error making clamscan
not run as expected (included is an thunderbird clamav XPI addon
working with Clamd)

Cheers/2
Doug Bissett
2012-02-07 05:39:54 UTC
Permalink
Post by Remy
Post by Dave Yeo
Post by A.D. Fundum
What about generic FF plugins? Install those on a Windows-machine
first, so its up-to-date virus scanner detects it? Or are
mozilla.org-plugins always (likely to be) safe?
Once again, not really viruses but everyone uses virus as a generic term
for vulnerabilities. Flash, Acrobat and Java have some pretty big
vulnerabilities, whether they would exist under OS/2 I don't know. Flash
scripting for example doesn't work under OS/2. The usual advice is to
run the newest versions.
Actual viruses I don't think are much of an issue for us and even most
vulnerabilities are usually targeted at Windows.
Dave
Hi Mike Luther
I left UNIXROOT= for backward compatibility.
I'll update my WPI to update readme with possibility to remove
UNIXROOT from config.sys
Don't forget that other things use UNIXROOT. That is one of the major
problems with RPM/YUM. You can't just remove UNIXROOT, if something
else needs it. You also can't just change it to suit yourself, like
RPM/YUM does.
Post by Remy
Under ClamAVGUI, I always check existing UNIXROOT for compatibility
between RPM/YUM build and WPI build
(it should work for any clamav build)
note: I just updated ClamAVGUI after found an error making clamscan
not run as expected (included is an thunderbird clamav XPI addon
working with Clamd)
Cheers/2
FWIW, I have been able to get ClamAV 0.97.3 to partly work, with, or
without, ClamAVGUI 2.4.1, but not consistently. I do object to having
ClamAV, or ClamAVGUI put ANYTHING on my boot drive, so that is
probably part of the problem, but I think that one, or both, of the
programs has something hard coded to use the boot drive, and that just
isn't going to work because I won't allow it.
--
From the eComStation of Doug Bissett
dougb007 at telus dot net
(Please make the obvious changes, to e-mail me)
Allan
2012-02-08 00:53:12 UTC
Permalink
Post by Doug Bissett
FWIW, I have been able to get ClamAV 0.97.3 to partly work, with, or
without, ClamAVGUI 2.4.1, but not consistently. I do object to having
ClamAV, or ClamAVGUI put ANYTHING on my boot drive, so that is
probably part of the problem, but I think that one, or both, of the
programs has something hard coded to use the boot drive, and that just
isn't going to work because I won't allow it.
ClamAV 0.97.3 does not require to be on boot drive.
It currently have a hardcoded path of \clamav\* to find its
conf and database; but parameters to all exes can overwrite
that to whatever you use. You can install it on any any drive
in that position to use it without parameters.
--
Allan.

It is better to close your mouth, and look like a fool,
than to open it, and remove all doubt.
Doug Bissett
2012-02-08 02:43:49 UTC
Permalink
Post by Allan
Post by Doug Bissett
FWIW, I have been able to get ClamAV 0.97.3 to partly work, with, or
without, ClamAVGUI 2.4.1, but not consistently. I do object to having
ClamAV, or ClamAVGUI put ANYTHING on my boot drive, so that is
probably part of the problem, but I think that one, or both, of the
programs has something hard coded to use the boot drive, and that just
isn't going to work because I won't allow it.
ClamAV 0.97.3 does not require to be on boot drive.
It currently have a hardcoded path of \clamav\* to find its
conf and database; but parameters to all exes can overwrite
that to whatever you use. You can install it on any any drive
in that position to use it without parameters.
Hmmm. That could be the problem. I have it in W:\APPS\CLAMAV but I
override the parameters on the command line, and in the conf file
(seems to mostly work). It still seems that something is not following
those instructions. I need to find more time to figure out what it is,
or isn't, doing.
--
From the eComStation of Doug Bissett
dougb007 at telus dot net
(Please make the obvious changes, to e-mail me)
Remy
2012-02-08 16:48:29 UTC
Permalink
Post by Doug Bissett
Post by Allan
Post by Doug Bissett
FWIW, I have been able to get ClamAV 0.97.3 to partly work, with, or
without, ClamAVGUI 2.4.1, but not consistently. I do object to having
ClamAV, or ClamAVGUI put ANYTHING on my boot drive, so that is
probably part of the problem, but I think that one, or both, of the
programs has something hard coded to use the boot drive, and that just
isn't going to work because I won't allow it.
ClamAV 0.97.3 does not require to be on boot drive.
It currently have a hardcoded path of \clamav\* to find its
conf and database; but parameters to all exes can overwrite
that to whatever you use. You can install it on any any drive
in that position to use it without parameters.
Hmmm. That could be the problem. I have it in W:\APPS\CLAMAV but I
override the parameters on the command line, and in the conf file
(seems to mostly work). It still seems that something is not following
those instructions. I need to find more time to figure out what it is,
or isn't, doing.
--
From the eComStation of Doug Bissett
dougb007 at telus dot net
(Please make the obvious changes, to e-mail me)
It is better to specify database path in config file (clamd and
frshclam) or as parameter to Clamdscan and clamscan to prevent any
problems using default database path

Cheers/2
Allan
2012-02-08 23:36:13 UTC
Permalink
Post by Doug Bissett
Post by Allan
Post by Doug Bissett
FWIW, I have been able to get ClamAV 0.97.3 to partly work, with, or
without, ClamAVGUI 2.4.1, but not consistently. I do object to having
ClamAV, or ClamAVGUI put ANYTHING on my boot drive, so that is
probably part of the problem, but I think that one, or both, of the
programs has something hard coded to use the boot drive, and that just
isn't going to work because I won't allow it.
ClamAV 0.97.3 does not require to be on boot drive.
It currently have a hardcoded path of \clamav\* to find its
conf and database; but parameters to all exes can overwrite
that to whatever you use. You can install it on any any drive
in that position to use it without parameters.
Hmmm. That could be the problem. I have it in W:\APPS\CLAMAV but I
override the parameters on the command line, and in the conf file
(seems to mostly work). It still seems that something is not following
those instructions. I need to find more time to figure out what it is,
or isn't, doing.
I forgot to mention, that you shouldbe able to override that hardcoded path
by using the klibcpathrewriter (included with eCS 2.x).
Add '/clamav' as new path and make it point to 'W:\APPS\CLAMAV'
then you should be able to use it without parameters.
This feature is however untested, so you can be the first ;-)
--
Allan.

It is better to close your mouth, and look like a fool,
than to open it, and remove all doubt.
Remy
2012-02-08 16:45:05 UTC
Permalink
Post by Doug Bissett
Post by Remy
Post by Dave Yeo
Post by A.D. Fundum
What about generic FF plugins? Install those on a Windows-machine
first, so its up-to-date virus scanner detects it? Or are
mozilla.org-plugins always (likely to be) safe?
Once again, not really viruses but everyone uses virus as a generic term
for vulnerabilities. Flash, Acrobat and Java have some pretty big
vulnerabilities, whether they would exist under OS/2 I don't know. Flash
scripting for example doesn't work under OS/2. The usual advice is to
run the newest versions.
Actual viruses I don't think are much of an issue for us and even most
vulnerabilities are usually targeted at Windows.
Dave
Hi Mike Luther
I left UNIXROOT= for backward compatibility.
I'll update my WPI to update readme with possibility to remove
UNIXROOT from config.sys
Don't forget that other things use UNIXROOT. That is one of the major
problems with RPM/YUM. You can't just remove UNIXROOT, if something
else needs it. You also can't just change it to suit yourself, like
RPM/YUM does.
Post by Remy
Under ClamAVGUI, I always check existing UNIXROOT for compatibility
between RPM/YUM build and WPI build
(it should work for any clamav build)
note: I just updated ClamAVGUI after found an error making clamscan
not run as expected (included is an thunderbird clamav XPI addon
working with Clamd)
Cheers/2
FWIW, I have been able to get ClamAV 0.97.3 to partly work, with, or
without, ClamAVGUI 2.4.1, but not consistently. I do object to having
ClamAV, or ClamAVGUI put ANYTHING on my boot drive, so that is
probably part of the problem, but I think that one, or both, of the
programs has something hard coded to use the boot drive, and that just
isn't going to work because I won't allow it.
--
From the eComStation of Doug Bissett
dougb007 at telus dot net
(Please make the obvious changes, to e-mail me)
Installing on boot drive is not needed.
cheers/2
Dave Yeo
2012-02-07 06:28:30 UTC
Permalink
Post by Remy
I left UNIXROOT= for backward compatibility.
I'll update my WPI to update readme with possibility to remove
UNIXROOT from config.sys
UNIXROOT has been around for much longer then this version of RPM,
example, XFree86 ver 4 can use it though it usually uses X11ROOT. It is
one of the things I don't like about the current port of RPM, really
they should have come up with a new variable, maybe RPMROOT. It can be
real mess if you have EMX ports and klibc ports both needing to be
installed on the same partition as they aren't quite compatible.
Dave
Mike Luther
2012-03-05 22:18:31 UTC
Permalink
Post by Remy
Hi Mike Luther
I left UNIXROOT= for backward compatibility.
I'll update my WPI to update readme with possibility to remove
UNIXROOT from config.sys
Under ClamAVGUI, I always check existing UNIXROOT for compatibility
between RPM/YUM build and WPI build
(it should work for any clamav build)
note: I just updated ClamAVGUI after found an error making clamscan
not run as expected (included is an thunderbird clamav XPI addon
working with Clamd)
Cheers/2
So far so good on a collection of test OS/2 boxes, except for one. I've wound
Post by Remy
2-01-12 4:58a 2498198 76 Clamav-0_97_3.wpi
2-01-12 7:18p 1402968 70 libc-0_6_4-csd4.wpi
This version on machines that work and also on the box that fails in the
Post by Remy
10-03-11 6:07a 1345016 0 libc064.dll
I'm using the same freshclam.conf and clamd.conf on all the boxes also.

However on the one box that fails, which is a Warp4 FixPack 17 box, when I try
to download the freshclam update, I get all the way through the daily update,
until, for example the last three updates for today on the failing machine.
The screen goes by sorta fast, but I see an 'error' that says SIGKILL on it,
that also pops some sort of an error for LIBC064.DLL. At that point each time
I try the freshclam, I get a very long name ...CMD directory in the
C:\CLAMAV\share\clamav directory which has a 2.8MB or so file in it that
somehow doesn't get 'extracted' expected directory. As well clamscan can't
find the needed data file either.

Thanks for your and Allan's work. I've looked at the CONFIG.SYS file for this
box and the \CLAMAV\BIN directory is in the 'proper' paths as it is on boxes
that work. I've tried leaving the SET UNIXROOT=C:\CLAMAV both enabled as well
as remarking it out like I have on all the working boxes after the updates at
this point. No difference in results.

Thoughts on what I should change or enable for tracing this for us?
--
--> Sleep well; OS2's still awake! ;)

Mike Luther
Peter Brown
2012-03-06 01:43:20 UTC
Permalink
Hi Mike
Post by Mike Luther
Post by Remy
Hi Mike Luther
I left UNIXROOT= for backward compatibility.
I'll update my WPI to update readme with possibility to remove
UNIXROOT from config.sys
Under ClamAVGUI, I always check existing UNIXROOT for compatibility
between RPM/YUM build and WPI build
(it should work for any clamav build)
note: I just updated ClamAVGUI after found an error making clamscan
not run as expected (included is an thunderbird clamav XPI addon
working with Clamd)
Cheers/2
So far so good on a collection of test OS/2 boxes, except for one. I've
Post by Remy
2-01-12 4:58a 2498198 76 Clamav-0_97_3.wpi
2-01-12 7:18p 1402968 70 libc-0_6_4-csd4.wpi
This version on machines that work and also on the box that fails in the
Post by Remy
10-03-11 6:07a 1345016 0 libc064.dll
There is a libc064 update
http://hobbes.nmsu.edu/download/pub/incoming/libc-0_6_4-csd4.wpi
containing:-

20-01-12 7:52a 959,298 0 a--- libc064.dll

Might be worth trying as the problem seems libc064 related.

Regards

Pete
Post by Mike Luther
I'm using the same freshclam.conf and clamd.conf on all the boxes also.
However on the one box that fails, which is a Warp4 FixPack 17 box, when
I try to download the freshclam update, I get all the way through the
daily update, until, for example the last three updates for today on the
failing machine. The screen goes by sorta fast, but I see an 'error'
that says SIGKILL on it, that also pops some sort of an error for
LIBC064.DLL. At that point each time I try the freshclam, I get a very
long name ...CMD directory in the C:\CLAMAV\share\clamav directory which
has a 2.8MB or so file in it that somehow doesn't get 'extracted'
expected directory. As well clamscan can't find the needed data file
either.
Thanks for your and Allan's work. I've looked at the CONFIG.SYS file for
this box and the \CLAMAV\BIN directory is in the 'proper' paths as it is
on boxes that work. I've tried leaving the SET UNIXROOT=C:\CLAMAV both
enabled as well as remarking it out like I have on all the working boxes
after the updates at this point. No difference in results.
Thoughts on what I should change or enable for tracing this for us?
Mike Luther
2012-03-09 20:59:10 UTC
Permalink
Hi Peter
Post by Remy
Hi Mike
There is a libc064 update
http://hobbes.nmsu.edu/download/pub/incoming/libc-0_6_4-csd4.wpi
containing:-
20-01-12 7:52a 959,298 0 a--- libc064.dll
Might be worth trying as the problem seems libc064 related.
Regards
Pete
Good thought .. but using that version of the libc064.dll doesn't fix the
problems at all. The 'normal' update gets all the way through the day run.
Then it errors out with this 'message' about a sig error. The entire file,
for for today March 8, 2011, is about 7MB in size in this specific 'new'
sub-directory with this LONG random letter name in the C:\CLAMAV\share\clamav
that has the master individually loaded pile of update files in it. Every
time you try to update the tool, it makes a new name for such a subdirectory
with the same sort of collection of total signature files in it.

Never finishes. I wonder what is the minimum memory for an OS/2 system that
can handle this tool set? Might it be that this box simply doesn't have
enough memory to run the application?


Thanks!
--
--> Sleep well; OS2's still awake! ;)

Mike Luther
j***@nospam.com.au
2012-02-03 19:50:55 UTC
Permalink
Post by A.D. Fundum
Post by Dave Yeo
Post by Remy
What about javascript viruses ?
Reminding me of an idea to write a Rexx-interpreter/compiler with a
selectable level of security, i.e. allowed functions.
Post by Dave Yeo
This is probably our biggest danger now
What about generic FF plugins? Install those on a Windows-machine
first, so its up-to-date virus scanner detects it? Or are
mozilla.org-plugins always (likely to be) safe?
Post by Dave Yeo
While not actually viruses they may have the capability
of sniffing things like passwords and credit card numbers.
One of the worst IT-developments ever: longer passwords, valid for a
far shorter period of time. Of course your initial machine-generated
password is xfkj5fxv_fdfnklj. As if you'ld change it to
fsk33_hlfs984A43, instead of YourName_Feb2012, and remember the
fsk33_hlfs984A43. Nowadays it's safer to write passwords down and to
not hide those passwords in your home, instead of storing such
passwords.
Even safer to mail your password on a postcard.

I manage to buy almost everything I want by faxing purchase orders, although I
do have to hunt around for fax numbers.
A.D. Fundum
2012-02-03 00:16:17 UTC
Permalink
Post by Remy
What about javascript viruses ?
I don't execute Javascripts with all of my machines, so I'll be fine.
Post by Remy
i was happy to have a virus scanner under os/2
IRL this means I'll look at it, as opposed to deleting all
yet-to-look-at virus scanning software.


--
Steve Wendt
2012-02-03 04:42:50 UTC
Permalink
Post by A.D. Fundum
I don't execute Javascripts with all of my machines, so I'll be fine.
I guess you don't visit very many websites, then.
A.D. Fundum
2012-02-11 21:14:40 UTC
Permalink
Post by Steve Wendt
Post by A.D. Fundum
I don't execute Javascripts with all of my machines, so I'll be fine.
I guess you don't visit very many websites, then.
Wrong guess, why should I use many machines to visit many websites...


--
Continue reading on narkive:
Loading...