Bill Landry wrote: > Adam Gibson wrote: --- CUT--- >> I think we are saying the same thing. By checking to make sure it >> detects eicar before copying the dat files over it also makes sure the >> dat files are not corrupt. The dat files are initially downloaded to a >> temporary staging area which does not impact the running clamd. Only >> after testing the dat files to see if they properly detect the eicar >> test virus do they get copied into the default clam dat signature >> database directory. This solves both problems at the same time. > > Sounds like a lot of needless extra effort versus the sanctioned and ClamAV > developed and supported way of testing signature files for corruption. > > Bill
Maybe I am just paranoid but I personally see the test to make sure the dat files detect a virus as a worthwhile step. A dat pattern that passes corruption tests does not guarantee that the dat file detects viruses IMHO. I am not that familiar with clamav though so maybe they do some checks like that. By using the same method for all virus scanners I feel more comfortable. It only takes parsing the output of the virus scanner that you are testing to see if it detected the virus and if so move the dat files to the production dat directory. This seems like a pretty simple step to me. ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ AMaViS-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
