Adam Gibson wrote: > Bill Landry wrote: >> Adam Gibson wrote: >>> Gary V wrote: >>>> (have not tried it though). Make sure your update script is a recent >>>> one that tests the downloads before employing them and consider >>> This is one of the most important steps IMHO. I would make sure the >>> script tests the dat files before copying them into place. The scripts >>> that I have used over the years tests the dat files with the eicar virus >>> test pattern to make sure they work before copying them into place. >> This issue here is not whether the virus signature files work or not, it's >> whether one of them is corrupted or not. A corrupted signature file will >> cause >> clamd to silently crash and no longer be available for message scanning. The >> test that needs to be done on ClamAV signature files: >> >> clamscan --quiet -d /path/to/sigfile >> >> will detect corrupted signature files, and thus can prevent them from being >> moved into the production directory. Most, if not all, of the download >> scripts >> available on the SaneSecurity site >> (http://www.sanesecurity.com/clamav/usage.htm) enable this testing prior to >> usage. >> >> Bill > > I think we are saying the same thing. By checking to make sure it > detects eicar before copying the dat files over it also makes sure the > dat files are not corrupt. The dat files are initially downloaded to a > temporary staging area which does not impact the running clamd. Only > after testing the dat files to see if they properly detect the eicar > test virus do they get copied into the default clam dat signature > database directory. This solves both problems at the same time.
Sounds like a lot of needless extra effort versus the sanctioned and ClamAV developed and supported way of testing signature files for corruption. Bill ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ AMaViS-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
