On 2010-01-07 21:31, John Corelli wrote:
>> On 2010-01-07 19:49, John Corelli wrote:
>>
>>> Hi All -
>>>
>>> I'm new to clamav, but I've spent time looking through the archives
>>> and FAQs, so I hope my question is not too "newbish".
>>>
>>> I'm running clam 0.95.3 on a single Centos 5.3 system. That system
>>> will not be connected to the internet ever, but I have DSS/NISPOM
>>> security requirements that I run AV tools on that computer
>>>
>> and update
>>
>>> the virus dat/database files on a regular basis. I see
>>>
>> that freshclam
>>
>>> is a nice way to get the updated sigs etc., but I will be
>>>
>> running without that tool.
>>
>>>
>>>
>> If you are not connected to the internet what are you
>> scanning? Network shares?
>>
>>
> Any PDFs or other docs that get brought into the system.
>
>
>>> What is the best way to get virus sig updates via sneakernet? From
>>> the setup I have, I see that there is the main.cvd, daily.cvd and
>>> daily.cld files which are all the ones that need to get updated.
>>>
>>> I believe it is the two daily.* files that need to be the
>>>
>> same version
>>
>>> at all times, correct? Is main.cvd the engine then?
>>>
>>>
>> Both main.cvd and daily.* are the database, main.cvd is
>> updated less often, while daily.cvd is updated several times a day.
>>
>> The CVD and CLD files store the same information, the former
>> is the compressed database, the latter is a previous CVD/CLD,
>> with an incremental update applied to it.
>> Thus if you have a .cld file you shouldn't have a .cvd file.
>> If the incremental update fails you'll get a CVD file again.
>>
>> The simplest way would be to run freshclam, copy
>> {main,daily}.c[vl]d to your device, then stop clamd on the
>> CentOS system, remove main.*, daily.* from the DBdir, copy
>> over your new databases, and start clamd.
>>
>>
> Okay, seems reasonable...but why run freshclam at all if I am manually
> copying the databases over onto the device?
You can download the databases yourself directly, like:
wget database.clamav.net/main.cvd
wget database.clamav.net/daily.cvd
main.cvd is rather large though, so its faster if you use freshclam to
update.
> Are the steps you described the
> ones that actually get done automatically when you run freshclam? (save
> for the getting the databases from the 'net)
Freshclam checks remote DB version, tries to download an incremental
update and apply it,
if that is not possible it downloads the full DB and checks its version.
It also warns if engine is out of date.
> Or are you running freshclam
> in the above sequence to verify versions at the start?
>
I recommended to use freshclam, because its the simplest way to get an
up-to-date database.
For example it knows to retry downloading from another mirror, if one
of the mirrors is down,
or has an old version.
Best regards,
--Edwin
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
