First off I need to disclose that I am a direct part of the PCLive.com team and wanted to share what we are doing.

Take a look at the PCLive.com site and the PCLive Security product:

https://www.pclive.com/products/products.php

The AV scanner (including real-time scanning) is based on ClamWin modules.

That is interesting, although concerning at the same time. Are you familiar with the requirements of the GPL license? I installed PCLive and I observed several problems:

1) You have no mention of the GPL license for ClamAV/ClamWin. (required by GPLv2)
2) You are distributing GPL licensed binaries without distributing the source and/or providing access to the source for these components. (required by GPLv2)
3) You are linking to GPL code (PCLMonitorService.exe and PCLSUpdater.exe link to libclamav.dll) which is GPL licensed, meaning these modules must be also licensed under GPLv2. (required by GPLv2)

Reference for #2
https://www.gnu.org/licenses/old-licenses/gpl-2.0-faq.html#UnchangedJustBinary



Reference for #3 see the following:
https://www.gnu.org/licenses/old-licenses/gpl-2.0-faq.html#NFUseGPLPlugins



and
https://www.gnu.org/licenses/old-licenses/gpl-2.0-faq.html#NFUseGPLPlugins

b0ne is right - GPL v2 requires to apply GPL license to any derivative work based on GPL code. Therefore as a bare minimum PCLMonitorService.exe and PCLSUpdater.exe must be released with GPL license. The copyright owner in most of libclamav.dll code is Sourcefire Inc.

Points 1 and 2 are valid as well.


I suggest PClive.com fixes these issues as soon as possible. GPL license is there to protect end users' rights to free software and there was a lawsuit regarding GPL violation recently:

https://www.linux-watch.com/news/NS3761924232.html

I will keep an eye on the situation.

Alch

Agreed, bOne/Alch; however, this does point out there is a market for comprehensive security software which should be considered by Open Source security developers. It also points out that commercial organizations are good at spotting the market and supplying it. Perhaps both commercial/open source can benefit from some cooperation--if both sides can gain something without giving up too much. I don't know how good it is, but this guy has a ClamWin-based real-time scanner. Aren't you interested in how he did it/how efffective it is/something the ClamWin team could use in its own effort to develop a RT scanner?

Regards,

Presence of a market is irrelevant when one does not seek financial compensation for time spent pursuing an interest.

You need to read between the lines when considering this purported "comprehensive security software."



It is a loosely bundled conglomerate of free security related software with a graphical interface layered on top. When considering motives to do create this package, it should be come evident that this is not a genuine interest in providing security solutions, but instead a marketing ploy to drive call volume to their support services. This is realized when discovering their 24-hour support contact information being plastered over the interfaces and dialogs.

The spyware detection relies exclusively on matching executable file names which is prone to false positives. (Yes, I did some brief reverse engineering) Popup blockers are all but useless when using a reasonably modern web browser and don't stop popups that are generated from malware emulating user-interaction. (Their principle design is to stop pop-ups originating from websites.) Software firewalls of equivalent "protection" technology are already built into windows and widely available.


Why would a commercial company spot an opportunity, incur expenses to give something away for free? (Answer: To generate call-volume)


It is a clamav based real-time scanner. The only part resembling clamwin is that they are using the libclamav.dll and the freshclam.exe ports of clamav that Sherpya so generously provides at his own expense.

The infrastructure for Clamwin v1.0 is essentially done; go browse the SVN and see. What actually needs to be worked on to get it at a testable phase, I am not sure, but alch could probably answer that.

The *problem* is that someone with unlikely benevolent intentions has in-fact performed a wrong by not adhering to the GPL license. How any company providing software can be ignorant of at least the basic requirements of the the GPL is beyond my understanding.


To put it simply, no.

The technology behind real-time is not that big of a mystery. There are basically two means of doing it:

1) You ask windows to report when file system changes occur; scan the file hoping that it has not yet had a chance to do anything malicious, or
2) Utilize a file system filter driver which intercepts read and write requests and permits an AV scanner to do a scan prior to windows actually performing the operation on that file.

This isn't exactly new and exciting, everyone else who monitors files systems do it by utilizing similar methods. Effectiveness will be approximately equal to Clamwin with respect to detection as they're using the same engine and definitions.

I'm not sure why they posted a thread here announcing their intentions, but if real collaboration was to take place, they would have been communicating prior to releasing this to production.

bOne: as always, thanks for the info. I used the term "market" to refer to "need." By the way, what's your take on Comodo--is that a different situation (it's not open source, but it's free)?

Regards,

I haven't investigated comodo all that much. I know they purchase signatures for kaspersky, but their unpacking engine is limited, if not more so than clamav's. They just acquired BOClean for their "Anti-Malware" which seems to compete with their anti-virus, so I'm not sure how that will play out.

BO Clean originally was the old "Back Orifice" trojan cleaner. The developers sold it because there isn't as much demand any more for a dedicated trojan cleaner. Most AVs can handle a lot of trojans now, and so can the good antispyware programs.

Regards,

b0ne - Alch,

I wanted to apologize for the post as it was probably not appropriate for the forums and caused some unneeded attention on your parts as I'm sure you both have plenty to do. I also wanted to respond to your questions and points to help clarify some items.

PCLive has made a significant investment to provide a free software program to consumers and we've tried to put together the right components both third party and internally developed so the average user doesn't have to try and manage multiple components such as a sepearte firewall, popupblocker, AV suite, etc... This suite isn't meant for the technical person but more the average user who wants to enjoy the PC and not become a technical expert.

In addition PCLive is very aware of the GNU GPL requirements and have always referenced them clearly in the End User License Agreement (required to accepted before installation can occur). This EULA also clearly defines "Reverse Engineering" is not permitted and is in violation of the license agreement.

To help clarify this issue even further we have:

1. added some additional clarification on the use of seperate open source software in the EULA
2. added a "Software Agreement" section to the product page that also clearly lists the use of these seperate programs and that they are goverened by GNU GPL
3. added a folder in the install that also states the GNU GPL and the seperate binary programs used

We are very committed to providing free software and free forum based support (much the same as ClamWin does). Because we don't open source our proprietary components doesn't make it any less valuable for the average user. Yes our business is also based on providing technical support but they are optional components and we leave that choice up to the consumer on whether they want it and where they want to get it from.

We are open to working with the ClamWin team and I wanted to ensure that you knew that PCLive has 1 goal in mind - help simplify and secure the technology for the average user and provide a great customer experience so people can enjoy the use of computers without having to understand all the technical aspects that come with it.

You do not have to apologize for posting here. The attention being drawn here is of no detriment to ClamWin.


I do not fully agree. It seems parts of the license are not understood completely. Unfortunately you are still violating the the GPL license. PC Live is bound to this license because you are distributing (making available for download) GPL covered software.

Disclosing all the GPL components and their license in the EULA should resolve the first issue that I raised.

Point number 2 results in a violation because the URLs result in an error when accessed.
https://www.pclive.com/softwarelicense/download/vnc.zip (File does not exist - 404 error)
https://www.pclive.com/softwarelicense/download/avfiles.zip (File does not exist - 404 error)

Point number 3 results in a violation because "PCLMonitorService.exe" and "PCLSUpdater.exe" link to "libclamav.dll".

Here is a quote from the GNU GPL v2 FAQ which explains why number 3 is unresolved:



There are two ways to address this problem:
1) PCLMonitorService.exe and PCLSUpdater.exe no longer form a "combined work" with libclamav.dll but not linking with it.
2) These software components are made available under the GPL.

Thanks b0ne,

Point 2 is resolved, the load balancers had just not updated as of yet to all regions and we forced it to occur so the source files are valid on all location within the EULA and the website pages.

Point 3 is not a violation and at most could be considered a borderline case as definied by the GNU license. For clarification PCLSUpdater.exe is a stand alone module thats only purpose is to update a spyware dabatase developed by PCLive for real-time spyware protection of the registry, files system, memory, and other system services (and is not just name based) - no link or communication with any open source GPL software. PCLMonitorService.exe uses standard main communication with clamav binaries and in our opionion does not constitue a single combined program.

Again our goal is to not violate any licenses, hide or deny credit to the free software foundation, open source developers, clamav and Sourcfire, Inc. but instead to provide a great free service to users that will just continue to get better. We welcome continued feedback and I wanted to thank you again for your time.

Unfortunately, you are incorrect in this instance. You are passing data structures back and forth between your closed source code and GPL covered libclamav. This is how the FSF defines "combined work" that is described in the FAQ I pasted.

Here is an example why this is a violation, as seen in the machine code from PCLMonitorService.exe

cl_retdbdir() is a function call exported by libclamav.dll. This is not a "call once main function."



The functions cl_load(), cl_build(), and cl_free() are also exported by libclamav.dll. These are also not "main" functions, they are sub component function calls to load definitions which entail passing data structures back and forth.



As you can see, you are not simply "executing" libclamav.dll and allowing it to operate on its own, you are directly calling functions that are related to each other.

The POSIX API calls named fork() and exec() are similar in nature to the windows APIs called CreateProcess() and ShellExecute(). They launch other "self contained" programs.

When you launch clamscan.exe and parse the resulting standard output, you are obeying the requirements of the GPL. You are launching the "main" function of clamscan.exe and it operates on its own. Calling cl_load(), cl_build(), and cl_free() are individual subroutines which operate on a shared objects which is passed back and forth between your code and libclamav's code, creating the "combined work." This is not the same as launching the "main" function of a program.

@ lledorc:

By the way, your program is still alittle buggy yet. I have installed it on two computers (1 pc, 1 laptop, both running windows xp sp2 german version), but during installation and at every bootup process of windows it gave me countless exception errors.

However I find it a great piece of software as it offers an all in one package (spyware, adware, virus protection + firewall) solution for free. Fix the bugs and many people will be happy.

regards

Tom

AV Comparatives tested PC Live. You can see the results at: https://www.av-comparatives.org/seiten/ergebnisse/pclive.pdf on the Web. Overall detection rate was 69%--not really too bad on about 800,000 malware samples. They have a "minimum" testing rate of 85% for a formal test, but only the large AV companies (with all their resources) meet that. Ikarus seems about to get there though based on another recent single test.

Regards,

I'm not able to test it, the pclive service keeps crashing without an end