Hi,
I've just registered for and received a Google safebrowing API key and
configured clamav-safebrowsing
(https://github.com/Cisco-Talos/clamav-safebrowsing) on a fedora32
server system.

btw, I found out the hard way that having a percent sign in the
password causes the clamav-safebrowsing script to fail.

It appears to have loaded another 3M signatures. Where can I find more
info about those signatures? I'm especially interested in the types of
attacks it is designed to stop. I've located this URL that appears to
describe four categories, but is there any more info available?

https://developers.google.com/safe-browsing/v4/reference/rest/v4/ThreatType

Are there any more specifics available about each category? Do the
patterns have names in the same way the sanesecurity patterns do?

What is the purpose of the mysql database if the signatures are in a
GDB file in /var/lib/clamav? I'm assuming the database is updated then
"build" is used to dump it to a file instead of having to download it
in full every time?

I'd like to replicate the database across all servers to save on
bandwidth and just have the master be updated. Does this make sense? I
can then rsync the GDB file from the master server, or is it possible
to just dump the database without also trying to update it?

I also still have the old safebrowsing.cld database from the end of
2019 (version: 49191, sigs: 2213119, f-level: 63, builder: google).
Should I delete that?

How much memory needs to be allocated for clamav to store/process 14M
signatures?

Thanks,
Alex

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Reply via email to