Re: [Clamav-users] Updates w/o freshclam
On 2010-01-07 19:49, John Corelli wrote: Hi All - I'm new to clamav, but I've spent time looking through the archives and FAQs, so I hope my question is not too newbish. I'm running clam 0.95.3 on a single Centos 5.3 system. That system will not be connected to the internet ever, but I have DSS/NISPOM security requirements that I run AV tools on that computer and update the virus dat/database files on a regular basis. I see that freshclam is a nice way to get the updated sigs etc., but I will be running without that tool. If you are not connected to the internet what are you scanning? Network shares? What is the best way to get virus sig updates via sneakernet? From the setup I have, I see that there is the main.cvd, daily.cvd and daily.cld files which are all the ones that need to get updated. I believe it is the two daily.* files that need to be the same version at all times, correct? Is main.cvd the engine then? Both main.cvd and daily.* are the database, main.cvd is updated less often, while daily.cvd is updated several times a day. The CVD and CLD files store the same information, the former is the compressed database, the latter is a previous CVD/CLD, with an incremental update applied to it. Thus if you have a .cld file you shouldn't have a .cvd file. If the incremental update fails you'll get a CVD file again. The simplest way would be to run freshclam, copy {main,daily}.c[vl]d to your device, then stop clamd on the CentOS system, remove main.*, daily.* from the DBdir, copy over your new databases, and start clamd. Best regards, --Edwin ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Updates w/o freshclam
On 2010-01-07 19:49, John Corelli wrote: Hi All - I'm new to clamav, but I've spent time looking through the archives and FAQs, so I hope my question is not too newbish. I'm running clam 0.95.3 on a single Centos 5.3 system. That system will not be connected to the internet ever, but I have DSS/NISPOM security requirements that I run AV tools on that computer and update the virus dat/database files on a regular basis. I see that freshclam is a nice way to get the updated sigs etc., but I will be running without that tool. If you are not connected to the internet what are you scanning? Network shares? Any PDFs or other docs that get brought into the system. What is the best way to get virus sig updates via sneakernet? From the setup I have, I see that there is the main.cvd, daily.cvd and daily.cld files which are all the ones that need to get updated. I believe it is the two daily.* files that need to be the same version at all times, correct? Is main.cvd the engine then? Both main.cvd and daily.* are the database, main.cvd is updated less often, while daily.cvd is updated several times a day. The CVD and CLD files store the same information, the former is the compressed database, the latter is a previous CVD/CLD, with an incremental update applied to it. Thus if you have a .cld file you shouldn't have a .cvd file. If the incremental update fails you'll get a CVD file again. The simplest way would be to run freshclam, copy {main,daily}.c[vl]d to your device, then stop clamd on the CentOS system, remove main.*, daily.* from the DBdir, copy over your new databases, and start clamd. Okay, seems reasonable...but why run freshclam at all if I am manually copying the databases over onto the device? Are the steps you described the ones that actually get done automatically when you run freshclam? (save for the getting the databases from the 'net) Or are you running freshclam in the above sequence to verify versions at the start? Regards John ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Updates w/o freshclam
On 2010-01-07 21:31, John Corelli wrote: On 2010-01-07 19:49, John Corelli wrote: Hi All - I'm new to clamav, but I've spent time looking through the archives and FAQs, so I hope my question is not too newbish. I'm running clam 0.95.3 on a single Centos 5.3 system. That system will not be connected to the internet ever, but I have DSS/NISPOM security requirements that I run AV tools on that computer and update the virus dat/database files on a regular basis. I see that freshclam is a nice way to get the updated sigs etc., but I will be running without that tool. If you are not connected to the internet what are you scanning? Network shares? Any PDFs or other docs that get brought into the system. What is the best way to get virus sig updates via sneakernet? From the setup I have, I see that there is the main.cvd, daily.cvd and daily.cld files which are all the ones that need to get updated. I believe it is the two daily.* files that need to be the same version at all times, correct? Is main.cvd the engine then? Both main.cvd and daily.* are the database, main.cvd is updated less often, while daily.cvd is updated several times a day. The CVD and CLD files store the same information, the former is the compressed database, the latter is a previous CVD/CLD, with an incremental update applied to it. Thus if you have a .cld file you shouldn't have a .cvd file. If the incremental update fails you'll get a CVD file again. The simplest way would be to run freshclam, copy {main,daily}.c[vl]d to your device, then stop clamd on the CentOS system, remove main.*, daily.* from the DBdir, copy over your new databases, and start clamd. Okay, seems reasonable...but why run freshclam at all if I am manually copying the databases over onto the device? You can download the databases yourself directly, like: wget database.clamav.net/main.cvd wget database.clamav.net/daily.cvd main.cvd is rather large though, so its faster if you use freshclam to update. Are the steps you described the ones that actually get done automatically when you run freshclam? (save for the getting the databases from the 'net) Freshclam checks remote DB version, tries to download an incremental update and apply it, if that is not possible it downloads the full DB and checks its version. It also warns if engine is out of date. Or are you running freshclam in the above sequence to verify versions at the start? I recommended to use freshclam, because its the simplest way to get an up-to-date database. For example it knows to retry downloading from another mirror, if one of the mirrors is down, or has an old version. Best regards, --Edwin ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Updates w/o freshclam
The simplest way would be to run freshclam, copy {main,daily}.c[vl]d to your device, then stop clamd on the CentOS system, remove main.*, daily.* from the DBdir, copy over your new databases, and start clamd. Okay, seems reasonable...but why run freshclam at all if I am manually copying the databases over onto the device? Are the steps you described the ones that actually get done automatically when you run freshclam? (save for the getting the databases from the 'net) Or are you running freshclam in the above sequence to verify versions at the start? Hi John, Wanted to jump in to say that I found that confusing also. This is how I read it: 1) On external (meaning: not CentOS) machine: run freshclam (which will pick up the new {main,daily}.c[vl]d), then copy those new files to your sneakerware device. 2) On CentOS machine: stop clamd, copy over new files, restart clamd. So the question is back to Torok for clarification. Thanks, Robert ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Updates w/o freshclam
On 2010-01-07 22:08, Robert Wyatt wrote: The simplest way would be to run freshclam, copy {main,daily}.c[vl]d to your device, then stop clamd on the CentOS system, remove main.*, daily.* from the DBdir, copy over your new databases, and start clamd. Okay, seems reasonable...but why run freshclam at all if I am manually copying the databases over onto the device? Are the steps you described the ones that actually get done automatically when you run freshclam? (save for the getting the databases from the 'net) Or are you running freshclam in the above sequence to verify versions at the start? Hi John, Wanted to jump in to say that I found that confusing also. This is how I read it: 1) On external (meaning: not CentOS) machine: run freshclam (which will pick up the new {main,daily}.c[vl]d), then copy those new files to your sneakerware device. 2) On CentOS machine: stop clamd, copy over new files, restart clamd. Also remove any old database files in step 2). Otherwise you may end up with both a .cvd and a .cld file, which will load the same database twice. So the question is back to Torok for clarification. Yes, that is what I meant, thanks for explaining it more clearly. --Edwin ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Updates w/o freshclam
Hi John, Wanted to jump in to say that I found that confusing also. This is how I read it: 1) On external (meaning: not CentOS) machine: run freshclam (which will pick up the new {main,daily}.c[vl]d), then copy those new files to your sneakerware device. 2) On CentOS machine: stop clamd, copy over new files, restart clamd. Also remove any old database files in step 2). Otherwise you may end up with both a .cvd and a .cld file, which will load the same database twice. So the question is back to Torok for clarification. Yes, that is what I meant, thanks for explaining it more clearly. --Edwin Ahah...got it. Thanks for the help and clarifications Torok and Robert - that helped. I'll just need to run clam updates on another machine that's connected...makes perfect sense now. Thanks again! John ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml