On 5/2/2010 9:59 AM, Alex wrote:
Hi,
Why are some of the databases duplicated in the clamav root dir and
also in the unofficial-dbs/ss-dbs directory, such as
winnow_malware.hdb?
The rsync protocol only downloads the changes between the local and remote
files, so the local file much be available comparison. The
unofficial/ss-dbs is also the working directory where the database's GPG
signature and integrity testing is done before rsyncing the files into the
ClamAV production directory.
By this time you must think I'm dumb or completely new at this. I'd
like to think I'm just more inquisitive and going beyond just the home
use. Time for some more coffee for me :-)
It sounds like the real reason for is duplicates is for the integrity
check, because rsync doesn't otherwise need two local copies. Also for
moving them all into place into production at once?
Not just integrity testing, but first GPG signature tested in order to
confirm that the files have not been compromised in any way.
After the script is run, each database that has been updated is GPG
signature tested, then ClamAV integrity tested, and then rsynced into
the the ClamAV production directory. You do not want to place any
database into the production directory until it have been tested, thus
the creation and use of the working directories (/usr/unofficial-dbs/*)
by the script.
The script stops and reports/logs any failure along the way so that a
corrupted or compromised database cannot end up in production use.
Is there support that I'm somehow missing for alerting an
administrator that there was a problem when it actually happens, and
not through just a daily report?
The only error reporting the script does is via email after each script
run and logging to a log file, depending on how the user has configured
the script to run.
How can I verify that clamd is actually using the full set of
databases I've downloaded?
Any database that shows up in the ClamAV production directory is used by
ClamAV/ClamD - ls /path/to/clamav will show you what database are being
used.
Bill
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
