Hi, I've just registered for and received a Google safebrowing API key and configured clamav-safebrowsing (https://github.com/Cisco-Talos/clamav-safebrowsing) on a fedora32 server system.
btw, I found out the hard way that having a percent sign in the password causes the clamav-safebrowsing script to fail. It appears to have loaded another 3M signatures. Where can I find more info about those signatures? I'm especially interested in the types of attacks it is designed to stop. I've located this URL that appears to describe four categories, but is there any more info available? https://developers.google.com/safe-browsing/v4/reference/rest/v4/ThreatType Are there any more specifics available about each category? Do the patterns have names in the same way the sanesecurity patterns do? What is the purpose of the mysql database if the signatures are in a GDB file in /var/lib/clamav? I'm assuming the database is updated then "build" is used to dump it to a file instead of having to download it in full every time? I'd like to replicate the database across all servers to save on bandwidth and just have the master be updated. Does this make sense? I can then rsync the GDB file from the master server, or is it possible to just dump the database without also trying to update it? I also still have the old safebrowsing.cld database from the end of 2019 (version: 49191, sigs: 2213119, f-level: 63, builder: google). Should I delete that? How much memory needs to be allocated for clamav to store/process 14M signatures? Thanks, Alex _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
