On 07/15/2011 12:25 AM, James Ralston wrote: > On 2011-07-14 at 20:33+03 Török Edwin <edwinto...@gmail.com> wrote: > >> I think you might be able to configure freshclam to download CLDs >> with DatabaseCustomURL. >> >> Something like this (untested): >> >> DatabaseMirror <internal-server-with-some-older-version-of-cvds> >> DatabaseCustomURL http://<your-internal-webserver>/main.cld >> DatabaseCustomURL http://<your-internal-webserver>/main.cvd >> DatabaseCustomURL http://<your-internal-webserver>/daily.cld >> DatabaseCustomURL http://<your-internal-webserver>/daily.cvd >> DatabaseCustomURL http://<your-internal-webserver>/bytecode.cld >> DatabaseCustomURL http://<your-internal-webserver>/bytecode.cvd >> DatabaseCustomURL http://<your-internal-webserver>/safebrowsing.cld >> DatabaseCustomURL http://<your-internal-webserver>/safebrowsing.cvd > > I've just spent some time testing this, and I think this will be a > much better solution. In essence, we can use this to force freshclam > to pull the CLD files from our private mirror, instead of the CVD > files. freshclam appears to use the timestamps of the files on the > web server to determine whether they're more recent than the local > copies, and --quiet suppresses all errors about non-existent files and > duplicate databases. > > I'll test this more thoroughly, and report back how well it works for > us. > >> I think downloading CLD file is sufficient. On a LAN it'll probably >> be faster than downloading & applying all the individual updates. > > It wouldn't surprise me. > > The cost of pulling the full CVD/CLD files versus the CDIFF files over > the LAN is negligible for us; we have plenty of bandwidth there. What > we're trying to minimize is the amount of data we have to pull from > the (public) clam mirrors. > >> The CLD files are digitally signed too, so you get almost the same >> integrity checks as with the CVD already. > > Are you sure about that? Because sigtool says: > > $ sigtool -i safebrowsing.cvd > File: safebrowsing.cvd > Build time: 14 Jul 2011 14:45 -0400 > Version: 30807 > Signatures: 710259 > Functionality level: 60 > Builder: google > MD5: 2b1b2e868dd74f2aab83bb79c55a68d8 > Digital signature: > ZstS5RdHytv71PgvErgszQPaVbPqtqgmNrE+w//3lgS0bhP6rrPb87NVfncufL9H2kh/LLx1wwyMPPIJVWsbSYKck4vcwz+ErezX+81gTilryxcrmmEMTWH6WjRvKj24wuqSIF78473JuZWB6Wwi8q2Wgojh1BgBaCB7ghuV/3j > LibClamAV Warning: Detected duplicate databases safebrowsing.cvd and > safebrowsing.cld, please manually remove one of them > Verification OK. > > $ sigtool -i safebrowsing.cld > File: safebrowsing.cld > Build time: 14 Jul 2011 14:45 -0400 > Version: 30807 > Signatures: 710259 > Functionality level: 60 > Builder: google > Verification OK. > > The CLD file lacks the "MD5" and "Digital signature" info. Is there > another signature that sigtool isn't displaying?
Yes, in the .info file inside the CLD/CVD. You have hashes and the entire file is digitally signed. A CLD/CVD without a .info file is not valid. IIRC this was introduced in 0.96. Here is daily.info for example: ClamAV-VDB:14 Jul 2011 10-06 -0400:13321:151983:60:X:X:ccordes:1310652386 daily.cfg:343:9d6935dd00eeb62fa3f4d23ca12fd2b43b7f0f3ba521389d608d42e131fd028f daily.ign:4913:62ebdb0bf5ee150585b4f44cab99db98391a97f5d91817b46fc380d8749ea67d daily.ign2:2831:b3782bcccd110b07b372dff015a36756c379c512c00e53d58bf1b68d93ab208b daily.ftm:7920:130ff2a2e9c083c62227232fea32465fa7d4ca6ce0f890898e798940825a0d60 daily.db:25622:211deb802bc3ff1ec43b281cb2a0b609f8a945ebcdb9c1371f791c18e7997d48 daily.hdb:55536:13eb748f4abe01859268f7a771b9a8bcbc49e41755f90baf5c5be49b965c3ed5 daily.hdu:2092:0114036b97afef380a8fe44a8118d1a9e935ad0ad8b41f65fd6bca23025fa8bc daily.mdb:8596584:2cb17cd3c430378de03ae9d4de3a79022d4b3ebfc837bbe76fd2571465a1b953 daily.mdu:63516:3021429cee1050fc9e6ac19ad30aeac581c8e0af7121e7d06a805804f8c909d2 daily.ndb:497846:58d2dad972922453143ee004bf168a53de9ad2ce26fa4445680146eb663a0872 daily.ndu:31220:84a3617710565df41554fdd669c768d9e8f45deb460fba9b2e7d27c7b555ea67 daily.ldb:43618:c40ae7dfdd8a059a121dd9701630bd61650ff03db1755c650f4d968392356699 daily.zmd:8689:87352bb29671c9326bdb6f27c14343acdc9b569fd8e3010bc6acf79883892cd8 daily.idb:30217:8b2ec9ac2e73e81835bb7316db9890c4210de118b1ebd312faa8ec0cfacd76e6 daily.fp:26694:7dfcea433125e62f196c9217abff15d7e2ec21e9f0fa0a345d7bada115414bf2 daily.pdb:4094:e8a573807464b09835948553fdb68414dfbec4c5aa20ef71d2120e9c1514f095 daily.wdb:4533:2076b9a4fa0f47deb9070e6efe6d1dfdddf634418b0ac8787722a0d15ddb7ffe DSIG:wSkbEX/vqgQ2Xb2hzgJOmJkPbeR8eNdK0dax5IUI28BIFOQsyMhEgk6jwDLhZvv485Sme91Rn6wfh7/pmqLtTGlaDIrGWajn1SPSVDK0kiuFaqJacs5pmqyr0JA1ztu8+tGleHSU3SKpCndxVDjoRNIk9Lrk2ZvpTq5tmBhaWgI0DFluE+8ic2o3x3j7Mwj7JNoye4KVPjLYdeiyUwtGu5igp5p3sgxipDlf5u8rtHVXt6b4/zhncKynkojXhsurP/chZMO0VtFp4m5Ry71RxyFQblSrmhp6NZbk1ILUejdLTg2WioR3BeRPbKaKF+cBegw/7UzqkjKCPRRjZtd9u Best regards, --Edwin _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
