Re: [Clamav-users] Updates w/o freshclam
On 2010-01-07 19:49, John Corelli wrote:
Hi All -
I'm new to clamav, but I've spent time looking through the archives and
FAQs, so I hope my question is not too newbish.
I'm running clam 0.95.3 on a single Centos 5.3 system. That system will not
be connected to the internet ever, but I have DSS/NISPOM security
requirements that I run AV tools on that computer and update the virus
dat/database files on a regular basis. I see that freshclam is a nice way
to get the updated sigs etc., but I will be running without that tool.
If you are not connected to the internet what are you scanning? Network
shares?
What is the best way to get virus sig updates via sneakernet? From the
setup I have, I see that there is the main.cvd, daily.cvd and daily.cld
files which are all the ones that need to get updated.
I believe it is the two daily.* files that need to be the same version at
all times, correct? Is main.cvd the engine then?
Both main.cvd and daily.* are the database, main.cvd is updated less often,
while daily.cvd is updated several times a day.
The CVD and CLD files store the same information, the former is the
compressed database,
the latter is a previous CVD/CLD, with an incremental update applied to it.
Thus if you have a .cld file you shouldn't have a .cvd file. If the
incremental update fails you'll get a CVD file again.
The simplest way would be to run freshclam, copy {main,daily}.c[vl]d to
your device, then
stop clamd on the CentOS system, remove main.*, daily.* from the DBdir,
copy over your new databases,
and start clamd.
Best regards,
--Edwin
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: [Clamav-users] Updates w/o freshclam
On 2010-01-07 19:49, John Corelli wrote:
Hi All -
I'm new to clamav, but I've spent time looking through the archives
and FAQs, so I hope my question is not too newbish.
I'm running clam 0.95.3 on a single Centos 5.3 system. That system
will not be connected to the internet ever, but I have DSS/NISPOM
security requirements that I run AV tools on that computer
and update
the virus dat/database files on a regular basis. I see
that freshclam
is a nice way to get the updated sigs etc., but I will be
running without that tool.
If you are not connected to the internet what are you
scanning? Network shares?
Any PDFs or other docs that get brought into the system.
What is the best way to get virus sig updates via sneakernet? From
the setup I have, I see that there is the main.cvd, daily.cvd and
daily.cld files which are all the ones that need to get updated.
I believe it is the two daily.* files that need to be the
same version
at all times, correct? Is main.cvd the engine then?
Both main.cvd and daily.* are the database, main.cvd is
updated less often, while daily.cvd is updated several times a day.
The CVD and CLD files store the same information, the former
is the compressed database, the latter is a previous CVD/CLD,
with an incremental update applied to it.
Thus if you have a .cld file you shouldn't have a .cvd file.
If the incremental update fails you'll get a CVD file again.
The simplest way would be to run freshclam, copy
{main,daily}.c[vl]d to your device, then stop clamd on the
CentOS system, remove main.*, daily.* from the DBdir, copy
over your new databases, and start clamd.
Okay, seems reasonable...but why run freshclam at all if I am manually
copying the databases over onto the device? Are the steps you described the
ones that actually get done automatically when you run freshclam? (save
for the getting the databases from the 'net) Or are you running freshclam
in the above sequence to verify versions at the start?
Regards
John
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: [Clamav-users] Updates w/o freshclam
On 2010-01-07 21:31, John Corelli wrote:
On 2010-01-07 19:49, John Corelli wrote:
Hi All -
I'm new to clamav, but I've spent time looking through the archives
and FAQs, so I hope my question is not too newbish.
I'm running clam 0.95.3 on a single Centos 5.3 system. That system
will not be connected to the internet ever, but I have DSS/NISPOM
security requirements that I run AV tools on that computer
and update
the virus dat/database files on a regular basis. I see
that freshclam
is a nice way to get the updated sigs etc., but I will be
running without that tool.
If you are not connected to the internet what are you
scanning? Network shares?
Any PDFs or other docs that get brought into the system.
What is the best way to get virus sig updates via sneakernet? From
the setup I have, I see that there is the main.cvd, daily.cvd and
daily.cld files which are all the ones that need to get updated.
I believe it is the two daily.* files that need to be the
same version
at all times, correct? Is main.cvd the engine then?
Both main.cvd and daily.* are the database, main.cvd is
updated less often, while daily.cvd is updated several times a day.
The CVD and CLD files store the same information, the former
is the compressed database, the latter is a previous CVD/CLD,
with an incremental update applied to it.
Thus if you have a .cld file you shouldn't have a .cvd file.
If the incremental update fails you'll get a CVD file again.
The simplest way would be to run freshclam, copy
{main,daily}.c[vl]d to your device, then stop clamd on the
CentOS system, remove main.*, daily.* from the DBdir, copy
over your new databases, and start clamd.
Okay, seems reasonable...but why run freshclam at all if I am manually
copying the databases over onto the device?
You can download the databases yourself directly, like:
wget database.clamav.net/main.cvd
wget database.clamav.net/daily.cvd
main.cvd is rather large though, so its faster if you use freshclam to
update.
Are the steps you described the
ones that actually get done automatically when you run freshclam? (save
for the getting the databases from the 'net)
Freshclam checks remote DB version, tries to download an incremental
update and apply it,
if that is not possible it downloads the full DB and checks its version.
It also warns if engine is out of date.
Or are you running freshclam
in the above sequence to verify versions at the start?
I recommended to use freshclam, because its the simplest way to get an
up-to-date database.
For example it knows to retry downloading from another mirror, if one
of the mirrors is down,
or has an old version.
Best regards,
--Edwin
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: [Clamav-users] Updates w/o freshclam
The simplest way would be to run freshclam, copy
{main,daily}.c[vl]d to your device, then stop clamd on the
CentOS system, remove main.*, daily.* from the DBdir, copy
over your new databases, and start clamd.
Okay, seems reasonable...but why run freshclam at all if I am manually
copying the databases over onto the device? Are the steps you described the
ones that actually get done automatically when you run freshclam? (save
for the getting the databases from the 'net) Or are you running freshclam
in the above sequence to verify versions at the start?
Hi John,
Wanted to jump in to say that I found that confusing also. This is how
I read it:
1) On external (meaning: not CentOS) machine: run freshclam (which
will pick up the new {main,daily}.c[vl]d), then copy those new files
to your sneakerware device.
2) On CentOS machine: stop clamd, copy over new files, restart clamd.
So the question is back to Torok for clarification.
Thanks,
Robert
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: [Clamav-users] Updates w/o freshclam
On 2010-01-07 22:08, Robert Wyatt wrote:
The simplest way would be to run freshclam, copy
{main,daily}.c[vl]d to your device, then stop clamd on the
CentOS system, remove main.*, daily.* from the DBdir, copy
over your new databases, and start clamd.
Okay, seems reasonable...but why run freshclam at all if I am manually
copying the databases over onto the device? Are the steps you
described the
ones that actually get done automatically when you run freshclam?
(save
for the getting the databases from the 'net) Or are you running
freshclam
in the above sequence to verify versions at the start?
Hi John,
Wanted to jump in to say that I found that confusing also. This is how
I read it:
1) On external (meaning: not CentOS) machine: run freshclam (which
will pick up the new {main,daily}.c[vl]d), then copy those new files
to your sneakerware device.
2) On CentOS machine: stop clamd, copy over new files, restart clamd.
Also remove any old database files in step 2). Otherwise you may end up
with both a .cvd and a .cld file, which will load the same database twice.
So the question is back to Torok for clarification.
Yes, that is what I meant, thanks for explaining it more clearly.
--Edwin
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: [Clamav-users] Updates w/o freshclam
Hi John,
Wanted to jump in to say that I found that confusing also.
This is how
I read it:
1) On external (meaning: not CentOS) machine: run freshclam (which
will pick up the new {main,daily}.c[vl]d), then copy those
new files
to your sneakerware device.
2) On CentOS machine: stop clamd, copy over new files,
restart clamd.
Also remove any old database files in step 2). Otherwise you
may end up with both a .cvd and a .cld file, which will load
the same database twice.
So the question is back to Torok for clarification.
Yes, that is what I meant, thanks for explaining it more clearly.
--Edwin
Ahah...got it.
Thanks for the help and clarifications Torok and Robert - that helped.
I'll just need to run clam updates on another machine that's
connected...makes perfect sense now.
Thanks again!
John
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
