Re: [Fwd: PostgreSQL 8.0.0-beta4 Windows 2000

> > Magnus is working on something that will print a better failure
> > message when the virus protection blocks PostgreSQL.
>
> Ah, good.

Actually, that's not what I'm doing ATM. I'm trying to solve the actual
problem, to make sure things work instead.
(It's not going that well, though... I've implemented the fix I thought
would fix the problem, but it only fixes some aspects of it. Still
digging..)
And it's not AV blocking - it's firewall or internet scanners. I have
nothing that checks for *file scanners* that are active.

> Note that cygwin setup.exe blocks McAfee Shield "AvSynMgr"
> also to be able to download our packages after an UI dialog.

That's an interesting approach. Does it block *only* McAfee? Or do you
have a list of other things as well? Something like this might certainly
be worth putting in the MSI installer, if we cannot workaronud the
actual problem.
(And I'd say blocking in the way of kicking up a popup-message that says
"hey, remove/disable this stuff before you try to install". Not actually
turning off a different program, that is just *evil*)

I've also been toying with the idea of droppnig an EICAR test virus in
the DATA directory before install to see if there is an active online AV
scanner there. But that might not be a good thing in a managed AV
environment - would set off all sorts of alarms...

//Magnus

Magnus,

> I've also been toying with the idea of droppnig an EICAR test virus in
> the DATA directory before install to see if there is an active online AV
> scanner there. But that might not be a good thing in a managed AV
> environment - would set off all sorts of alarms...

That would really be *EVIL*. I can read the news ... "postgreSQL includes a
virus in it's distribution, was put there by installers developer"....
brrrr.

Harald

Magnus Hagander schrieb:
>>>Magnus is working on something that will print a better failure
>>>message when the virus protection blocks PostgreSQL.
>>
>>Ah, good.
>
> Actually, that's not what I'm doing ATM. I'm trying to solve the actual
> problem, to make sure things work instead.
> (It's not going that well, though... I've implemented the fix I thought
> would fix the problem, but it only fixes some aspects of it. Still
> digging..)
> And it's not AV blocking - it's firewall or internet scanners. I have
> nothing that checks for *file scanners* that are active.

re file scanners I only see vague references to Norton (Symantec) being
bad.
But I am not sure yet. Indeed the worst problems are winsock related.

>>Note that cygwin setup.exe blocks McAfee Shield "AvSynMgr"
>>also to be able to download our packages after an UI dialog.
>
> That's an interesting approach. Does it block *only* McAfee? Or do you
> have a list of other things as well? Something like this might certainly
> be worth putting in the MSI installer, if we cannot workaronud the
> actual problem.
> (And I'd say blocking in the way of kicking up a popup-message that says
> "hey, remove/disable this stuff before you try to install". Not actually
> turning off a different program, that is just *evil*)
>
> I've also been toying with the idea of droppnig an EICAR test virus in
> the DATA directory before install to see if there is an active online AV
> scanner there. But that might not be a good thing in a managed AV
> environment - would set off all sorts of alarms...

For now we just block this McAfee service, but we also had reports for
Norton (Symantec) AntiVir to limit the usability of our app.

Generally, every NT Service that starts with "Norton" or "Symantec" is
considered evil. But not in detail yet.
Of course certain firewalls also, like zonelaram, but you have to search
the cygwin mailinglist archives for exact reports.

AntiVir or F-Prot on-access virus scanners or internet updaters are
considered well-behaving.
--
Reini Urban
http://xarch.tu-graz.ac.at/home/rurban/