Tomasz Kojm wrote: > On Wed, 16 Apr 2008 14:49:59 +0100 > Brian Morrison <[EMAIL PROTECTED]> wrote: > >> And might someone explain what this change is about, how it improves >> performance or whatever? I had assumed that the change to using .inc >> directories allowed various different signatures to be held in separate >> files, > > This was already allowed with .cvd files. The .inc directories were introduced > to handle incremental/scripted updates but we decided to drop them due to > various issues with advisory locks (eg. possible clamd terminations in case > freshclam got locked up and failed to update the database and release the db > lock). The .cld files have a very same structure as .cvd however they're not > digitally signed (they're created by freshclam using digitally signed .cdiff > files) > and can be stored uncompressed (this a default behaviour) to make their > loading faster. >
OK, thanks for that. Does the unsigned .cld file mean that an attack vector could be to edit the .cld file and thus corrupt it? I can see that the cdiff signing protects the path between the database servers and freshclam, but that protection is not available once on an end-user system. -- Brian _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html