Re: [clamav-users] Win.Trojan.Toa-5368540-0 - How many people need to complain before you listen?

Steve Basford Thu, 29 Dec 2016 04:07:01 -0800

On Thu, December 29, 2016 9:32 am, Reindl Harald wrote:
>

>i would love to be able to *completly* exclude
>"daily.cld", "daily.cvd" and "main.cvd" and only update
>"safebrowsing.cvd"


daily.cvd and main.cvd are compressed versions of multiple databases...

eg. sigtool --unpack-current=daily


29/12/2016  11:52        46,364,915 daily.hsb
29/12/2016  11:52        29,004,820 daily.hdb
29/12/2016  11:52         4,850,079 daily.mdb
29/12/2016  11:52           825,187 daily.ndu
29/12/2016  11:52           629,105 daily.ldb
29/12/2016  11:52            76,399 daily.ndb
29/12/2016  11:52            69,427 daily.mdu
18/02/2016  06:38            49,553 daily.crtdb
29/12/2016  11:52            36,126 daily.idb
29/12/2016  11:52            26,043 daily.fp
18/02/2016  06:38            25,227 daily.db
18/02/2016  06:38            10,943 daily.zmd
29/12/2016  11:52            10,739 daily.ldu
29/12/2016  11:52            10,095 daily.wdb
29/12/2016  11:52             9,965 daily.ftm
29/12/2016  11:52             6,040 daily.crb
29/12/2016  11:52             4,094 daily.pdb
29/12/2016  11:52             3,530 daily.hdu
18/02/2016  06:38             2,991 daily.rmd
29/12/2016  11:52             2,914 daily.ign
29/12/2016  11:52             2,269 daily.info
29/12/2016  11:52             2,168 daily.ign2
29/12/2016  11:52               424 daily.cfg
29/12/2016  11:52               378 daily.cdb
29/12/2016  11:52                92 daily.msb
29/12/2016  11:52                92 daily.msu
29/12/2016  11:52                89 daily.hsu
29/12/2016  11:52                87 daily.sfp

82,023,791 bytes

In clamscan there is:

--official-db-only[=yes/no(*)]       Only load official signatures

in clamd.conf there is:

OfficialDatabaseOnly    #Only loading official signatures.

I suppose there could be a:

--3rd-party-db-only=[=yes/no(*)]

and the same thing in clamd.conf.

but this may not then load safebrowsing.cvd.

You may also need to keep daily.ftm as that contains filetypes.

I guess the best thing is to raise a bugzilla enhancement, if
people want to add their comments:

https://bugs.clamav.net/show_bug.cgi?id=11708


-- 
Cheers,

Steve
Twitter: @sanesecurity

_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Win.Trojan.Toa-5368540-0 - How many people need to complain before you listen?

Reply via email to